Data storage guide for employees

This guide tells you where to process, store, and process information.

Published Updated on

NB! The numbers in the table are reference notes. The notes that correspond to the numbers can be found at the bottom of the article, under "Notes".

The colors in the table are based on the different classifications of information at UiS. Read more about the different information classes and what they mean here.

The first list below presents the most commonly used tools and systems at UiS, and which will cover most of your needs for secure storage. Scroll further down for an extended list. If you wish to use a system or tool not described in this guide, you can contact your local data privacy and information security contact or IT-hjelp@uis.no

Recommended tools and systems

SystemApproved forPrerequisites for storage of confidential data
UiS-operated machine Grønn sirkel, gul sirkel og rød sirkelRed data can be stored on UiS-machines with encrypted hard drives. Red data shall not be moved to storage areas which are not approved for it.
UiS OneDrive Grønn sirkel, gul sirkel og rød sirkelStoring red data in OneDrive requires that all files are labeled confidential. See guide for storing red data in Teams and OneDrive (NOR).

Use OneDrive for files that are mostly used by yourself alone. Use Teams to share files.
UiS Teams Grønn sirkel, gul sirkel og rød sirkel Storing red data in Teams requires that the Team is set to confidential. In addition to this, all files have to be labeled as confidential. See guide for storing red data in Teams and OneDrive (NOR).

Use Teams to cooperate and share files with others. Use OneDrive if the files are mostly for your own use.
UiS e-post (Outlook) Grønn sirkel, gul sirkel og rød sirkel E-mail with red data can be sent to both UiS-users and externals if the sensitivity label "confidential" (fortrolig) is set on both the e-mail and any attachments which contain RED data. These e-mails shall NOT be synchronized to your private machines, cell phones or forwarded to your private e-mail.
Word, Excel, Powerpoint (med UiS-konto) Grønn sirkel, gul sirkel og rød sirkel Red data can be processed in M365-programs as long as the sensitivity label confidential is set on the document. Click here for guide.
Nettskjema Grønn sirkel, gul sirkel, rød sirkel og sort sirkel Data collection of BLACK data in Nettskjema requires a direct link from Nettskjema to TSD. Without using a TSD-link, Nettskjema is approved for collection of up to RED data.

Nettskjema dictaphone app stores data encrypted and not locally on your device, and can therefore be used also on private devices.
Canvas Grønn sirkel, gul sirkel Red data shall not be shared or stored in Canvas.

Storage on Mac, PC or hard drive

Private machine (BYOD)Yes8*NoNo
UiS-owned home machineYes8*NoNo
UiS-operated machineYesYesNoNo
UiS-operated machine - encryptedYesYes1, 3*No
Memory stick / external hard driveYesNoNoNo
Memory stick / external hard drive - encrypted YesYes1, 3*No
VeraCrypt VolumeYesYes1, 3*No
*) See "notes" at the end of this document.

E-mail

Private e-mail (Gmail, Hotmail or similar)YesNoNoNo
UiS e-mailYesYes2, 3*No
*) See "notes" at the end of this document.

Storage services

UiS TeamsYesYes11*No
UiS OneDriveYesYes12*No
Personal cloud service (Dropbox, Google Drive or similar)YesNoNoNo
UiS Home Area (F: -disk)YesYesYesNo
UiS Common Area (G: disk) (for unit or research group)YesYes6*No
UiS DropboxYesYesNoNo
Filesender SIKTYesYes3, 4*No
UiS Google Suite for EducationYesNoNoNo
UiS OneDrive (Microsoft 365)YesYes3, 4*No
UiS SharefileYesYesYesNo
UiO TSDYesYesYesYes
UNINETT Sigma2YesYesNoNo
UiS TeamsYesYes3, 4*No
*) See "notes" at the end of this document.

Administrative services

UiS Public 360YesYesYesYes
UiS e-mailYesYes2, 3*No
*) See "notes" at the end of this document.

Publishing

IntranetYesYesNoNo
UiS.no (Drupal)YesNoNoNo

Other services

Nettskjema (Via TSD)YesYes5*5*
UiS ServiceNowYesYes9*No
UiS CanvasYesYesNoNo
Filesender SIKTYesYes3, 4*No
UiS CIMYesYesYesNo
UiS Skype for businessYesYesNoNo
UiS Zoom (stavanger.zoom.us)YesYes7*No
SurveyXactYesYesYes, if MFANo
NvivoYes*810*
*) See "notes" at the end of this document.

On research data

Two types of data used in research require special attention. These are connection keys, which in special cases are used to connect anonymous data to persons, and consent forms, which belong to persons' submitted information.

Connection keys and consent forms must, as a general rule, always be kept separate from the data to which they belong, and in principle have the same class as the data. TSD contains separate solutions for storing connection keys and consent forms.

Notes

1Red data can be stored on a machine with a fully encrypted disk, encrypted memory stick or encrypted external hard drive. FileVault, BitLocker, VeraCrypt etc. can be used as long as they support AES 256/128 bit encryption.
2E-mail with red data can be sent internally at UiS between UiS users, if the label is on. If emails with red data are to be sent to external recipients, the content must be encrypted before sending. Encryption should be done with AES 256/128 bit or better encryption. Such e-mail must NOT be synchronized to a private laptop, mobile phone or forwarded to a private e-mail account.
3Red data should not be downloaded or retrieved to the home area, machines without encrypted disk, or other storage locations that can not store red data.
4The data must be encrypted on the storage medium. For example, use of Microsoft labels (AIP label), 7-zip (password stored elsewhere.), FileSender ("File Encryption (beta)")
5Nettskjema supports the collection of information and transfer directly to TSD, which is approved for storing black data. Red data collected in Nettskjema must be deleted within a reasonable time, or moved to a different storage location or Public 360. Nettskjema dictaphone and picture app stores data encrypted, and is considered to be usable on private devices as well.
6Red data can be stored in common storage drives after assessment and facilitation of access control.
The service is ordered from the service portal.
7Red data is allowed in Zoom, but you have to strictly follow recording guide for red data in Zoom. If you need to record red data in Zoom, follow additional requirements in the recording guide.
8As a general rule, yellow data should not be processed on a private or self-administered machine. Some use is permitted provided that you follow the guidelines for use of a private machine to store yellow data.
9Red data can be stored in UiS ServiceNow after a storage assessment. It must be ensured that red data is not in open queues. There are routines for deleting red data. Contact it-hjelp@uis.no if you need help with storing, processing or deleting of red data in ServiceNow.
10Project files for Nvivo that contain red data must be stored on a UiS-computer with encrypted hard drive, or an encrypted external drive/memory stick.
11Storing red data in Teams requires that the Team is set to confidential. In addition to this, all files have to be labeled as confidential. See guide for storing red data in Teams and OneDrive (NOR).

Use Teams to cooperate and share files with others. Use OneDrive if the files are only for your own use.
12Storing red data in OneDrive requires that all files are labeled confidential. See guide for storing red data in Teams and OneDrive (NOR).

Use OneDrive for files that are only used by yourself. Use Teams to share files.