OneDrive for Business: Security guidelines

OneDrive for Business is certified against the internationally recognised ISO/IEC 27001:2013 standard for managing information security and approved by the University for all data.

Choosing the right storage method

OneDrive for Business provides significant storage space and convenience, but it is not a replacement for existing University approved file store platforms that you may already be using.  It may be more appropriate to continue using SharePoint or departmental shared drives.

OneDrive for Business is a convenient place for storing files that you are currently working on and that you may want to share with a small number of people.  However, it is not intended as a final destination for storing documents.  You should follow the policy of your faculty, department or college regarding the final storage location of any documents (including research materials).

Other ‘consumer’ cloud-based file sharing solutions (such as Dropbox) are not approved for use with University data.  If you have any University data in these non-approved consumer solutions, you should migrate these to One Drive for Business or other University approved file store platforms.  For further guidance, see Assessing Cloud Service Providers.

Privacy and permissions

By default, access to all your OneDrive for Business documents is restricted to you.

You can share files and folders with other people within and outside the University, or give them editing rights.

You are responsible for managing the permissions for your documents.  We strongly recommend that you consider carefully who you give editing rights to because this allows them to delete or re-share your documents without asking you.

Legal requirements

To comply with legal requirements, personal data should be shared only with those who have a strict need to know.  Please refer to the University’s data protection guidance for further information.

If you are a researcher, bear in mind your funding body requirements regarding data storage.  Contact Research Services or your PI if you need guidance.

If, despite the availability of OneDrive for Business, you continue to store University data using other cloud-based services that do not comply with security or data protection requirements, you will be in breach of data security guidance – exposing yourself and the University to unnecessary and potentially costly legal risk.  For further advice, please contact the information compliance team on data.protection@admin.ox.ac.uk or the Information Security team.

Further information

Get support


If you cannot find the solution you need here then we have other ways to get IT support

Get IT support