This guide tells you where to process, store, and process information.
NB! The numbers in the table are reference notes. The notes that correspond to the numbers can be found at the bottom of the article, under "Notes".
The colors in the table are based on the different classifications of information at UiS. Read more about the different information classes and what they mean here.
Storage on Mac, PC or hard drive
Private machine (BYOD) | Yes | 8* | No | No |
UiS-owned home machine | Yes | 8* | No | No |
UiS-operated machine | Yes | Yes | No | No |
UiS-operated machine - encrypted | Yes | Yes | 1, 3* | No |
Memory stick / external hard drive | Yes | No | No | No |
Memory stick / external hard drive - encrypted | Yes | Yes | 1, 3* | No |
VeraCrypt Volume | Yes | Yes | 1, 3* | No |
Private e-mail (Gmail, Hotmail or similar) | Yes | No | No | No |
UiS e-mail | Yes | Yes | 2, 3* | No |
Storage services
UiS Teams | Yes | Yes | 11* | No |
UiS OneDrive | Yes | Yes | 12* | No |
Personal cloud service (Dropbox, Google Drive or similar) | Yes | No | No | No |
UiS Home Area (F: -disk) | Yes | Yes | Yes | No |
UiS Common Area (G: disk) (for unit or research group) | Yes | Yes | 6* | No |
UiS Dropbox | Yes | Yes | No | No |
Uninett Filesender | Yes | Yes | 3, 4* | No |
UiS Google Suite for Education | Yes | No | No | No |
UiS OneDrive (Microsoft 365) | Yes | Yes | 3, 4* | No |
UiS Sharefile | Yes | Yes | Yes | No |
UiO TSD | Yes | Yes | Yes | Yes |
UNINETT Sigma2 | Yes | Yes | No | No |
UiS Teams | Yes | Yes | 3, 4* | No |
Administrative services
UiS Public 360 | Yes | Yes | Yes | Yes |
UiS e-mail | Yes | Yes | 2, 3* | No |
Publishing
Intranet | Yes | Yes | No | No |
UiS.no (Drupal) | Yes | No | No | No |
Other services
Nettskjema (Via TSD) | Yes | Yes | 5* | 5* |
UiS ServiceNow | Yes | Yes | 9* | No |
UiS Canvas | Yes | Yes | No | No |
UiS CIM | Yes | Yes | Yes | No |
UiS Skype for business | Yes | Yes | No | No |
UiS Zoom (stavanger.zoom.us) | Yes | Yes | 7* | No |
SurveyXact | Yes | Yes | Yes, if MFA | No |
Nvivo | Yes | *8 | 10* |
On research data
Two types of data used in research require special attention. These are connection keys, which in special cases are used to connect anonymous data to persons, and consent forms, which belong to persons' submitted information.
Connection keys and consent forms must, as a general rule, always be kept separate from the data to which they belong, and in principle have the same class as the data. TSD contains separate solutions for storing connection keys and consent forms.
Notes
1 | Red data can be stored on a machine with a fully encrypted disk, encrypted memory stick or encrypted external hard drive. FileVault, BitLocker, VeraCrypt etc. can be used as long as they support AES 256/128 bit encryption. |
2 | E-mail with red data can be sent internally at UiS between UiS users, if the label is on. If emails with red data are to be sent to external recipients, the content must be encrypted before sending. Encryption should be done with AES 256/128 bit or better encryption. Such e-mail must NOT be synchronized to a private laptop, mobile phone or forwarded to a private e-mail account. |
3 | Red data should not be downloaded or retrieved to the home area, machines without encrypted disk, or other storage locations that can not store red data. |
4 | The data must be encrypted on the storage medium. For example, use of Microsoft labels (AIP label), 7-zip (password stored elsewhere.), FileSender ("File Encryption (beta)") |
5 | Nettskjema supports the collection of information and transfer directly to TSD, which is approved for storing black data. Red data collected in Nettskjema must be deleted within a reasonable time, or moved to a different storage location or Public 360. Nettskjema dictaphone and picture app stores data encrypted, and is considered to be usable on private devices as well. |
6 | Red data can be stored in common storage drives after assessment and facilitation of access control. The service is ordered from the service portal. |
7 | Red data is allowed in Zoom, but you have to strictly follow recording guide for red data in Zoom. If you need to record red data in Zoom, follow additional requirements in the recording guide. |
8 | As a general rule, yellow data should not be processed on a private or self-administered machine. Some use is permitted provided that you follow the guidelines for use of a private machine to store yellow data. |
9 | Red data can be stored in UiS ServiceNow after a storage assessment. It must be ensured that red data is not in open queues. There are routines for deleting red data. Contact it-hjelp@uis.no if you need help with storing, processing or deleting of red data in ServiceNow. |
10 | Project files for Nvivo that contain red data must be stored on a UiS-computer with encrypted hard drive, or an encrypted external drive/memory stick. |
11 | Storing red data in Teams requires that the Team is set to confidential. In addition to this, all files have to be labeled as confidential. See guide for storing red data in Teams and OneDrive (NOR). Use Teams to cooperate and share files with others. Use OneDrive if the files are only for your own use. |
12 | Storing red data in OneDrive requires that all files are labeled confidential. See guide for storing red data in Teams and OneDrive (NOR). Use OneDrive for files that are only used by yourself. Use Teams to share files. |