The OU Information Security Team's role is to ensure that OU information and data are kept safe and they offer guidance and tools on how you can best do this. See the Information Security sharepoint site (requires login) for advice on what we should be concerned with in regards to information security at the OU, the threat landscape, and specialist advice and guidance on risks, policy vulnerabilities, incident management and compliance with industry standards.
When you are working with live research data, you need to consider all the different actions you need to perform upon your data before choosing the best storage solution. If you are working with personal or special category (sensitive) information your project workspace will need to be very secure. Large project teams need more complex project management functions to help them control data, to manage file versions and backups.
If you are working in a team, we recommend that you set up a Microsoft Team to store documents and to enable collaborative working. Teams is secure and appropriate for storing files up to and including Highly Confidential and provides regular backup. You can also add external partners as guests. You can can create new Teams from the Teams app itself. Please ensure you are familiar with the usage guidelines for Groups and Teams. For external teams working with data classified as Proprietary/Highly Confidential or above, you will need to contact IT for advice via IT Self-Service.
For more information on using Teams, see the Teams at the OU intranet page (login required).
Teams is not appropriate if read-only access or fine-grained permissions are required however, i.e. different permissions for different libraries or folders. Although it’s possible to share files or folders with non-members, it is not possible to remove members’ access to part of the SharePoint site (within the Team). It can also become confusing for those using the document libraries, e.g. someone may be unaware that a folder has a wider audience than the rest of the site and store information there not appropriate to the audience.
If fine-grained or read-only permissions are required for your project, we recommend storing documents on a standard SharePoint site with appropriate permissions. For more information on using SharePoint, see the SharePoint online intranet page (login required) and watch the recording of the interactive webinar held by IT services on setting up a SharePoint site and applying access controls. If you wish to share files from a SharePoint site with external collaborators, they will need to request a visitor OUCU. For more information, see the intranet page for how to request a new visitor account (login required).
If you have no requirement to regularly share your data with collaborators during your project, then we recommend that you use OneDrive. OneDrive is a place to save your files online (similar to Dropbox). Save a file here and you can view and edit it from anywhere - no need for VPN. You are able to share individual files and folders with anyone who has a Microsoft account. OneDrive is secure and appropriate for storing files up to and including Highly Confidential. It provides regular back up.
For more information on OneDrive, see the OneDrive page on the OU intranet (login required). Please note that the use of DropBox is not an approved tool for file storage at the OU.
Researchers within the STEM faculty have access to specialist IT support which they should use in preference to centrally supported storage options.
Even when using University approved storage solutions, like Teams and OneDrive, it is important to maintain a backup policy for your research data. Although cloud based storage has its own backup procedures in place, it is still vulnerable to malware. Best practice is to create a regular backup on an external storage device, e.g. an external hard drive. Remember to encrypt the device if it contains personal or special category (sensitive) data - see the Encrypting portable devices intranet page (requires login) for instructions on how to do this.
There are several options for securely sharing data with collaborators during your project, as outlined in the storage options above, but for one-off secure transfers there is also the ZendTo service, as outlined in the Secure File Transfer guidance (requires login) from the the IT team.
It is your responsibility to place your files somewhere other than your OneDrive or Microsoft Team if they will be needed when you leave, as these sites will not be maintained by IT after you have gone. It is advisable to upload any research data to ORDO or another suitable repository to ensure continued access and preservation. Please note that you can archive data in ORDO publicly or privately, depending on your requirements. For more information see the page ORDO: What happens when I leave the OU?