Cloud Data Storage Policy for Rockhurst University

Purpose

The purpose of this policy is to establish guidelines and standards for the use of cloud storage solutions within Rockhurst University. This policy emphasizes the use of OneDrive for the storage of business-related data to ensure data security, privacy, and compliance. The policy prohibits the use of other cloud storage solutions that are not associated with a supported application.

Scope

This policy applies to all employees, contractors, and authorized users who have access to Rockhurst University's IT resources, including but not limited to computers, laptops, mobile devices, and network infrastructure.

Policy

OneDrive as the Designated Cloud Storage Solution

OneDrive, a Microsoft cloud-based storage application, is the designated cloud storage solution for storing and sharing business-related data at Rockhurst University. It provides secure and reliable storage infrastructure that aligns with the university's security standards. All employees are required to utilize OneDrive for their cloud storage needs, unless granted an exemption by the IT department based on specific business requirements. This includes, but is not limited to, data protected by GLBA, FERPA or HIPAA, Social Security Numbers, or credit card numbers.

Prohibition of Unapproved Cloud Storage Solutions

To ensure data security and protect sensitive information, the use of cloud storage solutions not associated with a supported application is strictly prohibited. Employees must not store or share university-related data using unauthorized cloud storage providers, including but not limited to personal accounts on services such as Dropbox, Google Drive, or iCloud.

Data Classification and Security

Employees must adhere to Rockhurst University's data classification and security policies when storing and accessing data in OneDrive. It is essential to appropriately classify and protect confidential, sensitive, and personal information. Data encryption, access controls, and other security features provided by OneDrive must be utilized to safeguard data integrity and privacy.

Available Storage Allocation

100GB of storage is provided to each network account as part of our licensing agreement with Microsoft. Any OneDrive accounts over 100GB will be charged $3.25 per month.

Backup and Recovery

The Rockhurst University IT department is responsible for implementing backup and recovery measures for OneDrive. However, users are encouraged to regularly back up critical files and data stored in OneDrive to ensure the availability of information in case of accidental deletion, data corruption, or system failures.

Data Storage

Rockhurst employees will not store business related or personal data on the hard drive of any Rockhurst issued computers. This data is not backed up and could become a security risk if the computer is lost or stolen. Rockhurst provided share drives or One-Drive should be used to store business related data.

Account Access and Security

Employees are responsible for safeguarding their OneDrive accounts. Strong and unique passwords must be used, and multi-factor authentication should be enabled whenever possible. Sharing account credentials or accessing OneDrive from untrusted devices is strictly prohibited to prevent unauthorized access to sensitive data.

Training and Education

Users are encouraged to seek assistance from the IT department for any questions or concerns regarding the use of OneDrive.

Cloud Storage Retention

Cloud storage will be made available to all active network accounts. Once an account has been disabled, all data storage associated directly with the inactive network account will be deleted after 6 months where it will not be recoverable. It is the responsibility of the business unit to ensure important information is only stored on a department share drive or is transferred to a permanent location before the data is no longer recoverable.

Review and Revision

This policy will be reviewed periodically by the IT department to ensure its effectiveness and relevance. Any necessary revisions will be made in consultation with relevant stakeholders and communicated to all employees.

Last Review Date

2024/09/11