News Archive

Box Retirement-Where to store restricted and critical data

March 19, 2020

As part of the Box retirement migration, both Microsoft storage and Google enterprise storage will be available for Restricted data and certain types of Critical data. Future communications will provide the timeline for when these environments will be ready for this type of institutional data. Pre-approved solutions (similar to Box Health and Box Entrusted) are being evaluated. For details, see the KB article: About dedicated file storage services and IT services with storage components appropriate for sensitive institutional data, including research data containing protected health information.

More info

Google’s Hangouts Chat is approved for Public and University-Internal information.

February 21, 2019

Hangouts Chat (a Google GSuite application) has been approved by the UDMC as a replacement for Google Chat and may be used to share documents containing public and university-internal information. Hangouts Chat should not be used for sharing information classified as restricted or critical.

New Box Drive feature, "Mark for Offline" (MfO) is approved to replace Box Sync.

February 6, 2019

A new feature in Box Drive, “Mark for Offline” (MfO), has been approved by the UDMC as a replacement for current Box “Sync” functionality which is expected to be retired by the end of 2019.

More info

MS Online, PHI and BHDA

January 31, 2019

Users working with protected health information (PHI) will be glad to know the University Data Management Council (UDMC) has approved the use of MS Office Online when working with documents stored in Box Health Data Accounts (BHDA). This approval comes after receiving a signed Business Associate Agreement (BAA) from Microsoft and the completion of a HIPAA alignment review. MS Office Online continues to be available for working with other types of documents stored in Box.

Crimson Card Photo

January 23, 2018

Recent discussions with the University Data Management Council (UDMC) and a group of Data Stewards has resulted in the Crimson Card Photo being classified as “Restricted” institutional data. Use of the photo is governed by the DM-01 Policy ( The CrimsonCard Policy (Procedures (Official University Identification Card)(4)) was also updated to add this restriction (

Required update to Acceptable Use Agreement

October 3, 2017

Recently, the University Data Management Council reaffirmed an interest in requiring a periodic re-assent to our acceptable use agreements, and sought approval for a CAS interrupt requiring users to re-assent on a two year basis. This was approved and implementation is expected in the first half of 2018.

More info

Software and Services Selection Process

October 3, 2017

UITS is collaborating with the Office of Procurement Services to conduct expedited reviews for new software and cloud services requests from units. This Software and Services Selection Process (SSSP), ensures that existing IU software and services are fully leveraged whenever possible, that threats to IU data are minimized, and that the unit understands all resulting costs and risk choices before the desired solution is purchased. For Forms and additional information:

More info

New Data Stewards and Rotating Members of UDMC

June 6, 2017

Announcement of 3 new Data Stewards and 2 rotating members of University Data Management Council (UDMC).

More info

Storage of Institutional Data Documents at IU Warehouse

April 13, 2017

IU Warehouse is no longer considered a secure site for storage of Institutional Information classified as Critical, Restricted or University Internal.

More info

CDS Approved an Updated Institutional Data Standards Checklist

October 21, 2016

The CDS reaffirmed the requirement for system owners of new services and platforms to complete the Institutional Data Standards checklist for any services/platforms hosting critical data. Data Stewards may also require completion of this checklist for systems hosting restricted data. It is recommended that system owners conduct an optional self-assessment for services hosting only public and university-internal data.

More info

CDS determined that passphrases and digital signature certificates do not meet the definition of institutional data

October 21, 2016

This decision was based on recommendations from UIPO and UISO after discussion at the October 20th CDS meeting. They will therefore be managed as other information technology safeguards.

IU Release of Student Information Policy Changes

May 19, 2016

IU is no longer releasing student addresses or phone numbers to the public. A student's street address and phone number are no longer considered public information, or listed as part of the FERPA directory information at IU.

More info

Data Stewards Approve Google Apps for Education for Restricted Institutional Data

April 27, 2016

After lengthy discussions and development of a list of considerations which must be met, the Committee of Data Stewards has approved the use of data classified as Restricted in Google Apps for Education. Please see the list of considerations to be met in the following document:

More info

Critical Data Guide Hard Copies Available

March 24, 2016

Certain information requires special care and handling, especially when inappropriate handling of such information could result in: criminal or civil penalties; identity theft or personal financial loss; invasion of privacy; or unauthorized access to the information. In the past, the University Information Policy Office (UIPO) has provided hard-copies of the “Protecting Red Hot Data” (“flippy book“) containing a practical guide to how to appropriately collect, store, transmit and dispose of critical data. UIPO has recently updated and reformatted the flippy book into a new pocket-sized reference guide. The following groups will be sent a copy of the new Critical Data Guide pocket edition: UITS full-time staff (in the CIB, ICTC, and on the regional campuses), all IT Pros, all Data Managers and Data Stewards. If you are not already slated to receive a copy and would like one for yourself or your team, see the following information:

More info

Third-Party Assessment (3PA) process improvements underway

March 10, 2016

As the demand for third-party assessments continues to grow it is necessary to update the process to strengthen risk analysis and realize efficiencies. The first step is a major modification to the review process and will be supported by a new version of the Data Inventory documentation instrument. A pilot is underway to evaluate expected process benefits. Although process improvements will continue for a while, the new review process should be implemented in Q2 of 2016.

Office 2016 Distribution Approved

February 18, 2016

The Committee of Data Stewards approved the distribution of Office 2016 and One-Drive for University Internal and Public data at the February Committee meeting. They also recommended that UITS develop a training module to educate users on the appropriate uses for Office 365.

Upgrades to Enterprise Information Governance System (EIG)

February 17, 2016

Attention Data Stewards and Data Managers: The EIG system will be undergoing an upgrade on February 18th. Content changes are frozen until after the upgrade. Changes to Data Manager information will remain frozen for a limited time following the upgrade. Special arrangements can be made for urgent updates by sending email to Examples of some of the changes follow.

More info

CDS Approves DSI role-based access plan

December 17, 2015

At the December Committee of Data Stewards meeting UITS staff presented a proposal for how Role-Based Access Controls would be configured and managed within the Decision Support Initiative. The CDS approved the proposed approach as part of their continuing commitment to development of role-based access.

Box Entrusted Data Accounts approved

December 8, 2015

Box was approved, using Box Entrusted Data Accounts (BEDA), to store and appropriately share institutional information classified as restricted. It is strongly recommended that any Restricted institutional data in Box be in a BEDA.

More info

Box Health Data Accounts approved

December 1, 2015

Box was approved, using Box Health Data Accounts (BHDA), to store and appropriately share approved protected health information (PHI). Box has not been approved for storage and sharing of other critical data at this time.

More info

Decision Support Initiative to design role-based access

October 15, 2015

The Data Stewards are working with the Decision Support Initiative to design role-based access.