• No results found

Abertay Data Storage Policy

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Abertay Data Storage Policy"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

Abertay Data Storage Policy

Author Louise Cardno, Business Analyst Reviewer Frazer Greig, ICT Operations Manager

Approved by Michael Turpie, Head of Information Services Approval date(s) 03-Jun-2015

Review date 02-Jun-2016

(2)

1

Contents

1. Introduction ... 2

2. Purpose ... 2

3. Categories of Abertay Data ... 2

4. Types of Storage... 4

4.1. Network Storage ... 4

4.2. Portable Devices ... 5

4.3. Portable Storage Media ... 5

4.4. Cloud Storage ... 6

4.5. Email ... 6

5. Additional Guidance/Support ... 7

(3)

2

1.

Introduction

Most of Abertay’s activities generate data in one form or another. Information is an important business asset and as such, we all have a responsibility to safeguard its confidentiality, integrity and availability. This policy supports existing policies for information security and data protection by providing additional requirements for storing Abertay data.

2. Purpose

The purpose of this policy is to help owners of University data to choose an appropriate storage method that ensures it is protected and managed in accordance with the statutory responsibilities and business requirements of the University.

3. Categories of Abertay Data

Data that has value to Abertay must be protected during day-to-day on-campus activities, when working off-campus and when using personal devices. Not all Abertay data has the same level of sensitivity and/or confidentiality and so categorising this data can help data owners better understand the steps needed to protect it from unauthorised access or being lost, stolen or intercepted.

It is always the data owner’s direct responsibility to ensure their data is safeguarded.

The following data categories are helpful for identifying the sensitivity of Abertay data: -

Category A - Public

Any data that can appropriately be viewed by anyone, anywhere e.g. press releases, course information, publications, released research data, conference papers etc.

Category B - Private

Any data where access requires to be limited to specified members of Abertay on a need to know basis e.g. reports, guidance, collaborative documents, draft documents, teaching materials etc.

Category C - Confidential

Any data which identifies an individual, either on its own or by reference to other information. It can include expressions of opinion about an individual. As defined by the Data Protection Act (1998).

Any personal data consisting of information as to an individual’s: -

 racial or ethnic origin.

 political opinions.

 religious beliefs or other beliefs of a similar nature.

 trade union membership.

 physical or mental health or condition.

(4)

3  commission or alleged commission of any offence.

 proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceeding.

Abertay Research Data

Abertay’s research activity will produce data that could be categorised as public, private or confidential. These assets are subject to additional controls and guidelines referred to in the Management of Research Data Policy and

Guidelines (2013).

If you are unsure about how to categorise your data and where you can store your data please contact the University Secretariat

(5)

4

4. Types of Storage

Abertay supports a number of different types of storage media, but mandates the use of network storage wherever possible. It is understood that storing Abertay data on the network may not be immediately practical, e.g. when working off campus and access is not available. However, data owners are ultimately responsible for choosing the safest storage option based on legal requirements under the Data Protection Act and their business needs regarding accessibility of information. A useful summary of the do’s and don’ts of storage for each categorisation of Abertay data is provided in Appendix A.

4.1. Network Storage

Home drives

All students and staff have access to network storage known as their home drive or M: drive. This is secure network storage for personal Abertay data attached to their network account, which can be securely accessed from any computer or device connected to the Internet.

Shared drives

Departments may also have additional network storage called shared drives or V: drive. This network storage is linked to groups of network accounts enabling users to collaborate and share files within their department or group.

Advantages of using Network Storage

 Files are protected by University information security systems (firewall, antivirus, encryption and secure authentication).

 Files are routinely backed up for business continuity purposes as well as enabling the recovery of data that is accidentally deleted.

 Files that are saved in one location can be accessed from a number of internet-connected devices both on and off campus. This reduces the need for storing multiple copies and increasing the risk of data being inaccurate, lost or stolen.

Network storage can safely be used for all categories of Abertay data.

 Limited personal use of Abertay systems is permitted and this also applies to storage of non Abertay data which must not exceed a reasonable amount.

Shared storage areas must only be used for Abertay data that needs to be shared with colleagues in your department or across Abertay.

Network storage is the only method to permanently store all categories of Abertay data.

M:

(6)

5

4.2. Portable Devices

Abertay Issued Devices

Portable devices (such as laptops, tablets and smartphones) may be issued/loaned to members of the University to allow them to access Abertay resources on the move. Security measures will be taken (such as encryption, user authentication and anti-virus software) to help safeguard Abertay data that is accessed through these devices.

Personal Devices

Abertay also permits students and staff to access some resources through their own personal devices and access is controlled through user authentication. Users also have a responsibility to ensure their devices are protected, e.g. with a firewall, encryption and anti-virus software when accessing Category A Abertay data. Guidance on securing and protecting personal devices may be sought from the IS Service Desk.

4.3. Portable Storage Media

Abertay Issued Storage Media

Portable storage media (CDs/DVDs, USB drives and external hard drives) may be issued/loaned to members of the University for use both on and off campus. Security measures will be taken (such as encryption software) where possible to help safeguard the data stored on this type of media.

Personal Storage Media

The University does not currently restrict the use of personal storage media; however, their use for anything other than temporary storage of Category A Abertay data is not permitted. Users have a responsibility to ensure their media is protected, e.g. with encryption software to be safe. Guidance on securing personal storage media may be sought from the IS Service Desk.

Considerations when using Portable Devices and/or Storage Media

 Files stored only on portable devices and/or storage media have no provision for backup or recovery if they become lost, stolen or corrupted.

 There is a significant risk of reputational damage and/or litigation for Abertay and the data owner if data is stored inappropriately on portable devices.

Portable devices and storage media must only be used for the temporary

storage of any category of data. The data must be removed and transferred

to network storage at the earliest opportunity.

If Category B & C Abertay data needs to be copied to Abertay issued devices or storage media it must be encrypted.

Personal devices/storage media must not be used to store Category B & C Abertay data.

(7)

6

4.4. Cloud Storage

Abertay Preferred Cloud Storage – OneDrive for Business

All staff and students have access to the University preferred cloud storage system – OneDrive for Business - through Office365. This service offers online storage space for Category A data that can be accessed from many locations and devices (e.g. tablets, smartphones etc.). The University’s contractual agreement with Microsoft provides for acceptable levels of data availability and security. Its use for Category B & C Abertay data is currently not permitted.

Other Public Cloud Storage

Other commercial cloud providers, such as Dropbox, iCloud, Google etc. also offer public online storage. However, the service levels offered by these providers are subject to change outwith the control of the University and their use for Abertay data is not permitted. Further guidance will be made available for users to transfer data from other public cloud storage providers to OneDrive for Business.

Considerations when using Cloud storage

 Microsoft’s OneDrive for Business is protected by industry standard security systems and deleted files are stored in your recycle bin for a short period, currently 90 days. However, there is no guarantee that lost data can be

retrieved if accidentally deleted.

Abertay cloud storage must only be used as temporary storage and data should always be transferred onto network storage.

Category B&C Abertay data must not be uploaded to any cloud storage service (Abertay or Public).

Synchronisation of data using cloud services onto non Abertay devices

must be turned off for all categories of data.

4.5. Email

Abertay email

All staff and students have access to an Abertay email account. Much of the University’s day-to-day activities are recorded in email messages, e.g. documents, business decisions, and requests for service/information. Guidance on managing emails can be sought from the IS Service Desk.

Personal email

Many staff and students also have access to personal email through providers such as Gmail and Yahoo. Abertay permits users to access their personal email accounts on campus; however their use for Category B&C Abertay data is not permitted.

(8)

7 Considerations when using email

 Email is not a completely secure communication tool and there is significant risk that essential business records may be lost during unplanned system outages.

Abertay email should only be used for temporary storage of Abertay data. Email attachments that are to be kept should always be removed and transferred to network storage.

Personal email must not be used to transmit Category B & C Abertay data.

Category C Abertay data must never be transmitted by University email unless encrypted and from University issued devices.

5. Additional Guidance/Support

Any enquiries or requests for further support in relation to Abertay data storage or transmission may be directed to IS Service Desk.

(9)

8

Appendix A: Best Practice for the Transmission/Storage of Abertay data.

STORAGE METHOD

Network

Portable

Device

Portable

Storage

Media

Cloud

Storage

Email

Category

Home M: Shared V: Abertay Personal Abertay Personal

OneDrive for Business

Public Abertay Personal

A: Public

!

B: Private

X

X

X

X

X

C:

Confidential

 

X

X

X

X

X

Approved storage method

Approved storage method subject to additional guidance

X Strictly Prohibited

! Additional guidance will be made available to allow users to migrate Abertay data from other public cloud providers,

References

Download now ( PDF - 9 Page - 572.52 KB )

Related documents

Response. from 27 November to 4 December CPT/Inf (2014) 19

The Lithuanian authorities are invited to consider acceding to the Optional Protocol to the United Nations Convention against Torture (paragraph 8). XII-630 of 3

Student Building 130 Student Building 331 Bloomington, IN Phone: (812)

Reporting. 1990 The Ecosystem Approach in Anthropology: From Concept to Practice. Ann Arbor: University of Michigan Press. 1984a The Ecosystem Concept in

Remote sensing of fugitive methane emissions from oil and gas production in North American tight geologic formations

In this manuscript, we present an analysis of column-averaged dry air mole fractions of atmospheric methane (denoted XCH 4 ) retrieved from the SCIAMACHY (SCan- ning Imaging

IBM Tivoli Storage Manager for Mail Version Data Protection for Microsoft Exchange Server Installation and User's Guide IBM

Although Tivoli Storage Manager policy determines how Data Protection for Microsoft Exchange Server backups are managed on Tivoli Storage Manager storage, backup retention on

The Purpose Of The Sales Invoice Is To

Modules across their own purpose sales is to make educated forecasts and utility of sale of an invoice number that in sale of payment for leaving the template?. Little reason to

Standard Accident Health Plan

Insurance Absolute Health Europe Southern Cross and Travel Insurance • Student Essentials. • Well Being

Skomer Marine Conservation Zone Sponge Diversity Survey 2019

A number of samples were collected for analysis from Thorn Rock sites in 2007, 2011 and 2015 and identified as unknown Phorbas species, and it initially appeared that there were

Essays on the production and commercialization of new scientific knowledge

Quality: We measure quality (Q in our formal model) by observing the average number of citations received by a scientist for all the papers he or she published in a given