Secure File Storage and Sharing

Data Elements Secure Storage & Exchange

The Data Elements Secure Storage & Exchange table lists individual data elements that must be treated as Confidential or Sensitive Data due to Appalachian’s legal, contractual, and risk based objectives. If you are dealing with one of these data elements and evaluating new processes or storage and sharing options, then you need to contact the ITS Office of Information Security for review and assistance.

Secure File Storage & Sharing Guidelines

About

  • The data classifications listed below are recommended categories to help evaluate and differentiate University data based on associated risks.
  • Download summary PDF: One page PDF summary of our Data Classification Guidance
  • Please Note: Institutional records should be classified based on the data element(s) that would have the most restrictive classification. 
  • Data Management Standard: The oject of this standard is to clearly define the roles, responsibilities, and specific requirements needed to provide secure and optimal management of data to support the University mission.


Data Classification LevelDescription of 
Classification Level
Secure Storage & File Exchange
green check mark
Insecure Methods
red slash
Confidential (High Security)

Data whose unauthorized disclosure and/or loss of control would reasonably result in significant financial losses, unacceptable risks, or impairment to the efficient conduct of the University mission.

Confidential Data often have these attributes:

  • Protection of this data is prescribed within legal and/or contractual requirements.
  • Not considered a public record subject to disclosure (G.S. 132).
  • Handling of this data addressed by detailed data security requirements.

Examples:

  • Personal Identifiers: Social Security Numbers, Drivers license, State identification card, or Passport numbers
  • Financial Data: Credit Card Numbers, Debit Card Numbers, Checking / Savings Account Numbers
  • Authentication Data: Biometric Information, Passwords, Digital Signatures
  • Health Information: Protected Health Info.

Compliance Areas:

Approved Storage

ASU Confidential Data should only be stored on authoritative data sources or approved storage solutions. At a shared services level this includes:

Secure Exchange

ASU Confidential Data should only use approved file sharing solutions:

FileShare

Confidential data should NEVER be stored or shared via:

  • Email, Instant Messaging, Social Networks, P2P Solutions
  • ASU owned PCs or Laptops (Can be used to upload or access data but not long terms storage or direct file-sharing).
  • Removable Media (Thumb-drives, Ext. Hard-Drives)
  • Any Cloud Storage Solutions (Google Drive, SkyDrive, Amazon Drive, Dropbox, Box, etc)
  • Any Personal Computer Devices (including Smartphones).

Sensitive Data (Medium Security)

Data that is considered private and must be protected, but has lesser degree of impact associated with unauthorized disclosure and/or loss of control versus confidential data.

Sensitive Data often have these attributes:

  • Protection measures not prescribed by legal or contractual requirements.
  • Access rights established around identified processes and needs.
  • Handling of this data requires elevated data security requirements.

Approved Storage
ASU Sensitive Data should only be stored on approved systems such as:

Secure Exchange
ASU Senstive Data should only use approved file sharing solutions:

Sensitive data should NEVER be stored or shared via:

  • Email, Instant Messaging, Social Networks, P2P Solutions
  • Removable Media (thumb-drives, ext. hard-drives)
  • Any Personal Cloud Storage Accounts (Google Drive, SkyDrive, Amazon Drive, Dropbox, Box, etc)
  • Any Personal Computer Devices (including Smartphones).
 
Internal Data 
(Standard Security) 

Data that is proprietary or produced only for use by members of the University community who have a legitimate purpose to access such data.

Internal Data often have these attributes:

  • Access established for fulfillment of daily business requirements
  • Handling of this data requires general security requirements.

In general, ASU Internal Data should only be stored and shared via University owned, maintained, or purchased devices, solutions, and services.

In general, Internal data should not be stored or shared via:

  • Any Personal Computer Devices (including Smartphones).
 
Public Data 
(Minimum Security) 

Institutional information that has few restrictions or is intended for public use.

There are no security restrictions or guidance needed for Public Data.