Protecting university data in the cloud, on both U-M hosted and third-party vendor services, is increasingly critical, as the implementation and adoption of these services expands at the unit level, and across campuses.
Cloud computing should not be used for university information that is private, personal, sensitive, or regulated, unless there is a contractual agreement between U-M and the service provider that protects the security and confidentiality of the information and data. A contractual agreement is a formal contract that would typically be reviewed by the Office of General Counsel. For guidance regarding storage of sensitive data on current U-M cloud computing services, consult the Sensitive Data Guide.
Sensitive Data Guide
Provides guidance regarding storage of sensitive data on current U-M cloud computing services.
Third-Party Vendor Security and Compliance Assessment
Use the U-M Service Provider Security-Compliance Questionnaire to assess the security environment of third-party cloud vendors.
Security and Privacy in the U-M Google Environment
Learn about privacy and security in the U-M Google environment.
Sensitive Regulated Data: Permitted and Restricted Uses (DS-06)
Establishes mandatory expectations for complying with statutory and regulatory requirements related to protecting sensitive regulated data.
- Use Box Securely With Sensitive Data
Learn about security features of U-M Box, and how to use it to securely share data.
IIA consultation available. Faculty, staff, researchers, and departments can consult with Information and Infrastructure Assurance (IIA) staff when considering adopting cloud computing services and/or infrastructure. To begin the process, contact the ITS Service Center.