Duke Services and Data Classification

Version 1.0

Author

Office of Information Technology (OIT)

Duke University Chief Information Officer

Duke University Chief Information Security Officer

• Are you storing Sensitive data elements (for example, ePHI, Social Security Numbers, DMCA, PCI DSS or FERPA data)? See the Duke University Data Classification Standard for the definitions of Sensitive, Restricted, and Public data.

The following chart outlines which Duke services are appropriate for use with Sensitive, Restricted and Public data:

Service	Available to:	Data
Duke OIT CIFS/NFS Home Drive Service	Duke University Duke Health	r,p
Duke Shared Cluster Resource (DSCR)	Duke University Duke Health	r,p
Duke Health FISMA Zone	Duke Health	s,r
Duke OIT & Departmental File Shares	Duke University	r,p
Duke’s Protected Network	Duke University Duke Health	s,r
Duke Health SharePoint	Duke Health	s,r,p
Duke University SharePoint	Duke University	r,p
Duke’s Tableau Instance	Duke University Duke Health	s,r,p
Duke’s Wiki	Duke University Duke Health	r,p

The following chart outlines which Duke services are appropriate for use with Sensitive, Restricted and Public data:

Service	Available to:	Data
Duke's Box Service*	Duke University Duke Health
Duke's Qualtrics Service	Duke University
Duke's Redcap Service	Duke Health
Duke's Microsoft Office 365 and OneDrive Service	Duke University Duke Health	r, p
Amazon Web Services	Duke University Duke Health	p

*No ITAR related data may be stored on Box.

The following chart outlines outside cloud services appropriate for personal use:

Document Type:

Policy

Applicable To:

Duke Health/

Duke University