Defining IT Services & Tools for Sensitive Data
At Ohio University, the term "sensitive data" refers to the classification of data at a medium or high level that must be protected against unauthorized disclosure. As outlined in University Policy 93.001 Data Classification, data owners must be aware of their data's sensitivity level and how to protect it. Part of being a proper data owner is storing sensitive data in secured locations.
Use the left menu to select your data type to learn what IT services and tools are appropriate for that classification of data. The sensitive data storage guides only apply to OIT managed solutions. If you store data classified as medium or high sensitivity in an IT service or tool not listed in these pages, contact Information Security to determine if it's appropriate for your data type.
Below are the designations used to define the different permission levels for IT services and tools.
Acceptable IT Services & Tools
- The data element you've selected is acceptable for IT services and tools listed here without consultation. Do be aware of who may have access to data found in them.
- The IT services and tools listed under Consultation Required may be stored there only after consultation with the Information Security Office, OIT, or the Responsible Operating Unit. Each solution listed under this category will provide information on who you will need to contact. There are some technical and/or administrative controls that need to be implemented prior to putting sensitive data in the IT services and tools listed in this category.
Not Permitted IT Services & Tools
- The IT services and tools listed under Not Permitted are not considered secured locations for the data element you've selected. There are no technical and/or administrative controls to implement that would make IT services and tools listed in this category appropriate for this data element.