This guidance provides information about the appropriate use of OneDrive for Business (for individual use) at the University to ensure compliance with University policies. Links are provided to further guidance and support about how to use OneDrive.
Note: Storage of documents as part of Nexus365 Teams/Groups is not covered by this guidance as these documents are the responsibility of the Group/Team as a whole, rather than of an individual.
OneDrive for Business (ODFB) is a secure document repository suitable for University data. Cloud-based, it allows you to store and access your work files from any device. It is a convenient place for storing files that you are currently working on and that you may want to share with a small number of people before publishing more widely.
More about security
OneDrive for Business is certified against the internationally recognised ISO/IEC 27001:2013 standard for managing information security and approved by the University for all data. Users are responsible for keeping SSO passwords secure; for storing and sharing data in accordance with University policies and guidelines; and for ensuring their use of OneDrive does not contradict any local or external requirements for storing or processing data (such as agreements with funding bodies or external data providers).
Ensuring that your working practices comply with the advice above will ensure your data remains safely and securely stored; that it cannot be accessed should your device be lost or stolen; and that any personal data is shared appropriately.
- Whilst OneDrive for Business provides significant storage space (5TB) and convenience, it is important to note that it is not a replacement for existing University approved file store platforms that you may already be using, for example SharePoint, departmental shared drives etc. Please refer to the policy of your faculty, department or college with regards to the final storage location of any documents (including research materials).
- Please note that other 'consumer' cloud-based file sharing solutions (e.g. Dropbox) are not approved for use with University data. You are encouraged to migrate any University data from non-approved consumer solutions to One Drive for Business or other University approved file store platforms. For further guidance on assessing cloud service providers, see https://help.it.ox.ac.uk/cloud/assessing-providers.
- Please also bear in mind your funding body requirements with regard to data storage. Refer to Research Services or contact your PI for guidance.
- By default, access to all your OneDrive for Business documents is restricted to you.
- You can grant permission or full administrative rights to share files and folders with others within and without the University. You are responsible for managing the permissions for your documents. We strongly recommend that you consider carefully who you give administrative rights to as they can delete or reshare your documents without asking you.
- To comply with legal requirements, personal data should be shared only with those who have a strict need to know. Please refer to the data protection guidance for further information.
If, despite the availability of OneDrive for Business, you continue to store University data using other cloud-based services that do not comply with security or data protection requirements, you will be in breach of the data security advice exposing yourself and the University to unnecessary and potentially costly legal risk. For further advice, please contact the information compliance or information security teams.