Duke Services and Data Classification

Version 1.1

Author


Office of Information Technology (OIT)
 

Authority


Duke University Chief Information Officer
Duke University Chief Information Security Officer
 

Determining the Nature of the Data


Questions to Consider

• Are you storing Sensitive data elements (for example, ePHI, Social Security Numbers, DMCA, PCI DSS or FERPA data)? See the Duke University Data Classification Standard for the definitions of Sensitive, Restricted, and Public data.
 

Use of Duke Services


Selecting a Duke Service Depending on Data Classification

The following chart outlines which Duke services are appropriate for use with Sensitive, Restricted and Public data:

 

Service
Available to:
Data
Duke OIT CIFS/NFS Home Drive Service
Duke University
Duke Health
r,p
Duke Shared Cluster Resource (DSCR)
Duke University
Duke Health
r,p
Duke Health FISMA Zone
Duke Health
s,r
Duke OIT & Departmental File Shares
Duke University
r,p
Duke’s Protected Network
Duke University
Duke Health
s,r
Duke Health SharePoint
Duke Health
s,r,p
Duke University SharePoint
Duke University
r,p
Duke’s Tableau Instance
Duke University
Duke Health
s,r,p
Duke’s Wiki
Duke University
Duke Health
r,p
Sites @ Duke (WordPress)
Duke University
Duke Health
r,p
 

Use of Cloud Services


Selecting a Cloud Service Depending on Data Classification

The following chart outlines which Duke services are appropriate for use with Sensitive, Restricted and Public data.
Note: when data is shared for collaborative purposes, you are responsible for making certain that data is only shared to persons who are authorized to have access
Service
Available to:
Data
Duke's Box Service*
Duke University
Duke Health
 
Duke's Qualtrics Service
Duke University
 
Duke's Redcap Service
Duke Health
 
Duke's Microsoft Office 365 and OneDrive Service*
Duke University
Duke Health
 
Duke's Microsoft Office 365 Teams* **
Duke University
Duke Health
 
Duke's WebEx ***
Duke University
Duke Health
 
Jabber
Duke University
Duke Health
 
Zoom ***
Duke University
Duke Health
 
Amazon Web Services
Duke University
Duke Health
p
*No ITAR or PCI related data may be stored on Box or Microsoft Office 365.  For additional details see: https://box.duke.edu/security-and-usage/
**If the Team will be used to share Sensitive Data, the Team must be set to Private not Public.
*** Duke Health may use Zoom for classes and meetings but NOT for clinical purposes to see patients or exchange Protected Health Information (PHI). Any meeting with the possibility of PHI may not be recorded. Sensitive information may be discussed during a live Zoom meeting when recording is not in use but should not be recorded, typed into a chat session or otherwise stored within Zoom. 

 

Use of Other Cloud Services (Personal Use)


Selecting a Cloud Service Depending on Data Classification

The following chart outlines outside cloud services appropriate for personal use:
Service
Available to:
Data
Apple iCloud
Personal
p
Personal Box Account
Personal
p
Personal OneDrive Account
Personal
p
DropBox
Personal
p
Google Apps (including Gmail)
Personal
p
Slack Personal p
 
Document Type: 
Policy
Applicable To: 
Duke Health
Duke University