Information Security
Our Office

Information Security
530-898-6520
isec@csuchico.edu

Regular Hours
8 a.m.–5 p.m.
Monday–Friday

Cloud Security

Securing cloud services is a primary function of the Information Security Department.  Use of cloud services such as file storage, email, or learning management systems requires responsible computing practices. To ensure the confidentiality, integrity and availability of data you may store or share in cloud services, it is critical that adherence to policies governing use of cloud services are followed. 

Policy on Cloud Services for Storage, Communication, and Productivity Involving University Data

  • Use of cloud services for storage, communication and productivity involving University Level 1 data is prohibited (examples include, but are not limited to, Dropbox, Google Apps for Education, Office 365).
  • Use of cloud services for storage of University Level 2 data must be limited to services contracted by and supported by the University.  Cloud services which are not supported by and provisioned by the University are prohibited. 
  • Uses of cloud service offerings which are not supported, provisioned or contracted by the University for storage, communication, and productivity are not recommended. This applies to any uses of University records including vital records which are classified as public or Level 3 data. University data should be limited to University supported, provisioned and contracted services. 
  • The use of public cloud services for academic, non-FERPA data is permitted.

Additional Information

Policy for Use of Cloud Services for Storage, Communication, and Productivity Involving University Data (Software as a Service):

The following table outlines the data classification and proper handling of CSU, Chico data
Data ClassificationLevel 1 ProtectedLevel 2 Private InternalLevel 3 Public GeneralNon-University DataNotes
Local Storage (on your computer)Not AllowedIncidental Use AllowedIncidental Use AllowedIncidental Use Allowed
CSU Chico * BoxNot AllowedAllowedAllowedIncidental Use AllowedCloud Storage Approved by University
CSU Chico * Box Level 1 FolderAllowedIncidental Use AllowedNot AllowedNot AllowedCloud Storage Approved by University
CSU Chico * Sharepoint/O365/ OneDrive/Google AppsNot AllowedIncidental Use AllowedAllowedIncidental Use AllowedCloud Storage Approved by University
Non-CSU Chico Google, Box, Dropbox & O365Not AllowedNot AllowedNot AllowedAllowed

* Only services contracted by and supported by the University
✓ – Allowed     Ⓧ – Not Allowed

Data Levels

Level 1 Protected Data – Confidential
(PII) Social Security number and name, driver's license number and name, and credit card numbers (ePHI) Health Information
Level 2 Private Data – Internal
Information must be protected because of ethical or privacy concerns, such as grades, disciplinary actions, or student photos
  • FERPA Information
  • Employee Data
Level 3 Public Data – General
Information such as title, email address, or other directory information that is freely available in the public domain
Non-University Data
Personal files, instructional documents, syllabus