Use of Cloud Computing Services
Computer and Information Systems remains committed to enabling employees to do their jobs as efficiently as possible through the use of technology. Cloud computing services are often preferred to University hosted information technology systems. The following guidelines are intended to establish a process whereby University employees can use cloud services without jeopardizing Institutional Data and computing resources.
While cloud computing services, especially free ones, may mention computer security and confidentiality standards, they tend not to guarantee that the data you place there will be secure or treated confidentially in order to shield themselves from liability should your data be misused, stolen, or otherwise inappropriately accessed.
Note |
---|
The AVP for Information Technology is responsible for securing Institutional Data and decides what data may or may not be stored in the Cloud. |
- Security and Alignment
Use of cloud computing services for work purposes must be formally authorized by Computer and Information Systems. CIS, in partnership with the Office of Risk Management, will certify that security, privacy and all other IT management requirements will be adequately addressed by the cloud computing vendor. - Contracts and Terms of Services Review
For any cloud services that require users to agree to terms of service, such agreements must be reviewed by the Office of Risk Management and approved by Computer and Information Systems in accordance with the Enterprise Software Acquisition policy. - University Technology Policy
The use of such services must comply with existing Computer Acceptable Use Policy and Institutional Data Policy. Employees may not share log-in credentials with co-workers. See Password Policies and Guidelines. - Business Continuity / Administrative Access
CIS keep and administrative credential for all cloud services in a centrally managed and encrypted password vault for business continuity purposes. - Regulatory Compliance
The use of such services must comply with all laws and regulations governing the handling of personally identifiable information, corporate financial data or any other data owned or collected by the University. Personal Cloud Services
Employees may not use personal cloud services for the storage, manipulation or exchange of University-related communications or Institutional Data.Note Do not confuse approved cloud services such as OneDrive for Business with personal
Protecting Sensitive and Regulated Data
Confidential Data and Institutional Data must not be stored, shared, or otherwise processed by a cloud computing service, unless the University enters into a legally binding agreement with Seattle Pacific University to protect and manage the data according to standards and procedures approved by the University and in accordance with the regulatory environment governing University operations.
Should you ever need to store or share Institutional Data in a manner not currently provided within the University's approved and secured computing environment (see the Regulated Data Chart), please contact CIS and we will work with you to identify and provide a solution that meets your needs