Duke Services and Data Classification

Version 1.0

Author


Office of Information Technology (OIT)
 

Authority


Duke University Chief Information Officer
Duke University Chief Information Security Officer
 

Determining the Nature of the Data


Questions to Consider

• Are you storing Sensitive data elements (for example, ePHI, Social Security Numbers, DMCA, PCI DSS or FERPA data)? See the Duke University Data Classification Standard for the definitions of Sensitive, Restricted, and Public data.
 

Use of Duke Services


Selecting a Duke Service Depending on Data Classification

The following chart outlines which Duke services are appropriate for use with Sensitive, Restricted and Public data:
Service
Available to:
Data
Duke OIT CIFS/NFS Home Drive Service
Duke University
Duke Health
r,p
Duke Shared Cluster Resource (DSCR)
Duke University
Duke Health
r,p
Duke Health FISMA Zone
Duke Health
s,r
Duke OIT & Departmental File Shares
Duke University
r,p
Duke’s Protected Network
Duke University
Duke Health
s,r
Duke Health SharePoint
Duke Health
s,r,p
Duke University SharePoint
Duke University
r,p
Duke’s Tableau Instance
Duke University
Duke Health
s,r,p
Duke’s Wiki
Duke University
Duke Health
r,p
 

Use of Cloud Services


Selecting a Cloud Service Depending on Data Classification

The following chart outlines which Duke services are appropriate for use with Sensitive, Restricted and Public data:
Service
Available to:
Data
Duke's Box Service*
Duke University
Duke Health
 
Duke's Qualtrics Service
Duke University
 
Duke's Redcap Service
Duke Health
 
Duke's Microsoft Office 365 and OneDrive Service
Duke University
Duke Health
r, p
Amazon Web Services
Duke University
Duke Health
p
*No ITAR related data may be stored on Box.
 

Use of Other Cloud Services (Personal Use)


Selecting a Cloud Service Depending on Data Classification

The following chart outlines outside cloud services appropriate for personal use:
Service
Available to:
Data
Apple iCloud
Personal
p
Personal Box Account
Personal
p
Personal OneDrive Account
Personal
p
DropBox
Personal
p
Google Apps (including Gmail)
Personal
p
 
Document Type: 
Policy
Applicable To: 
Duke Health/
Duke University