The following guidance and associated tools are intended for anyone considering the use of cloud computing services for the processing and storage of University data. The guidance is intended to be applicable to the University, its constituent units, and its members (whether staff or student). You may be:
- a researcher considering the use of cloud storage for your research data;
- a department seeking a cloud application to support prospective applicant engagement activities;
- a central service investigating the replacement of an existing 'on premise' system with a hosted, 'in the cloud' service.
What is common and important to all these scenarios is the processing of data considered valuable to the University and for which legal obligations may apply.
The guidance has been developed by a working group convened by IT Services and including representation from Legal Services, OUP and Purchasing. The terms of reference are available but the overall aim of the group was to develop a “toolkit” of guidance and assistance to enable informed decisions to be made in the selection and use of cloud services.
The guidance assumes familiarity with:
- Regulations and policies applying to use of University ICT facilities;
- University Information Security Policy (and corresponding department or college policies);
- University Policy on Data Protection.
Depending on your role and the types of data you may be handling, other policies or laws may also have relevance (e.g. the University's Policy on the ethical conduct of research involving human participants and personal data).