The following is a brief comparison of secure online storage at the University of Nebraska and other online storage services.
Notes:
1 = In restricted folders with access limited to only NU employees who have a need to know.
2 = With the review and approval of the Security office.
3 = HIPAA compliance includes business office practices in addition to secure storage. A person within the department or office must be responsible for HIPAA compliance and should contact the applicable HIPAA Privacy Officer and HIPAA Security Officer, HIPAA (nebraska.edu).
4 = Requires IRB approval and sign-off
| Data Classification | Low | Medium | High | ||||||
| Data Type | Public Data | FERPA | Confidential Data (not covered by FERPA) |
HIPAA | PII | GLBA | PCI-DSS | FedRamp | ITAR |
| Data Definition | Directory Information, any university information publicly available | Student Grades, Student class schedule, UIN, Advisor Student Notes, Financial Aid data. Note: Banner is the system of record for all academic data | Internal departmental information, non-public university information not covered by another category | Personal Health records, Health Insurance Data | (Institutional Data) SSN, Driver License Numbers, Passport Numbers, Biometrics, combinations of information used to identify an individual | Financial Aid, Customer financial transaction records | Credit Card Numbers, Bank Account and Routing Numbers | Standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services | The International Traffic in Arms Regulations (ITAR) is the United States regulation that controls the manufacture, sale, and distribution of defense and space-related articles and services as defined in the United States Munitions List (USML). |
| OneDrive for Business | Y | Y | Y | N | N | N | N | N | N |
| SharePoint | Y | Y | Y | Y, 1, 2, 3 | Y, 1, 2 | N | Y, 1, 2 | N | N |
| ITS managed local storage | Y | Y | Y | N | Y, 1, 2 | Y, 1, 2 | N | N | N |
| Cloud hosted storage or archive storage (AWS/Azure) | Y | Y | Y | Y, 1, 2, 3 | Y, 2 | Y, 1, 2 | Y, 1, 2 | N | N |
| Microsoft GCC Low / AWS GovCloud | Y | Y | Y | Y, 1, 2, 3 | Y, 2 | Y, 1, 2 | Y, 1, 2 | Y, 2, 4 | N |
| Microsoft GCC High | N | N | N | N | N | N | N | N | Y, 2, 4 |