This content has moved.
Please see: https://security.utexas.edu/iso-policies/cloud-services/decision-matrix
| Horizontal Navigation Bar |
|---|
| Horizontal Navigation Bar Page |
|---|
| | Message Box |
|---|
| icon | search |
|---|
| title | ISO Decision Matrix :: Cloud Services |
|---|
| type | generic |
|---|
| |
|
| Horizontal Navigation Bar Page |
|---|
| | Message Box |
|---|
| icon | comment |
|---|
| title | Seeking comments |
|---|
| type | warning |
|---|
| This article is under active development. |
|
|
Approved Services
Cloud Services
The following table lists the cloud services that have been approved for use and the types of confidential data that are allowed with each service. In some cases, a service may be approved for use only with non-confidential (Category III) university data.
Cloud Storage Services
| Advanced Tables - Table Plus |
|---|
|
|
Cloud Email Services
| Advanced Tables - Table Plus |
|---|
|
Service Name | UT Contract | Centrally
Supported | For Students | For Staff/Faculty | Published Data | Controlled Data | Confidential Data | HIPAA | FERPA | SSNs | PCI | ITAR | IRB |
|---|
Office 365 (https://office365.austin.utexas.edu) | Yes | Yes | Yes | Yes | Yes | Yes | Some ===>
| No | Yes | No | No | No | No | UTmail (utmail.utexas.edu) | Yes | Yes | Yes | Yes | Yes | Yes | Some ===>
| No | Yes | No | No | No | No | | Apple iCloud (www.icloud.com) | No | No | Yes | Yes | Yes | No | None ===>
| No | No | No | No | No | No |
|
Cloud Document Services
| Advanced Tables - Table Plus |
|---|
|
Service Name | UT Contract | Centrally Supported | For Students | For Staff/Faculty | Published Data | Controlled Data | Confidential Data | HIPAA | FERPA | SSNs | PCI | ITAR | IRB |
|---|
Google Docs for Education (utmail.utexas.edu) | Yes | Yes | Yes | Yes | Yes | Yes | Some ===>
| No | Yes | No | No | No | No | | Apple iCloud (www.icloud.com) | No | No | Yes | Yes | Yes | No | None ===>
| No | No | No | No | No | No |
|
Cloud Survey Services
| Advanced Tables - Table Plus |
|---|
|
Service Name | UT Contract | Centrally Supported | For Students | For Staff/Faculty | Published Data | Controlled Data | Confidential Data | HIPAA | FERPA | SSNs | PCI | ITAR | IRB |
|---|
Qualtrics (utexas.qualtrics.com) | Yes | Yes | Yes | Yes | Yes | Yes | Some ===> | Yes | Yes | No | No | No | Yes |
|
Notes on cloud services
...
Local Services
For comparison purposes, select services run by ITS and offered to campus are listed below with the types of data that are approved for use with each. Use of locally hosted services is encouraged over cloud services when possible. This table is not intended to be a comprehensive list of all ITS offered services.
Central Storage Services
| Advanced Tables - Table Plus |
|---|
Service Name | UT Contract | Centrally
Supported | For Students | For Staff/Faculty | Published Data | Controlled Data | Confidential Data | HIPAA | FERPA | SSNs | PCI | ITAR | IRB |
|---|
| Austin Disk (utexas.edu/its/storage/) | Yes | Yes | No | Yes | Yes | Yes | Some ===> | No | Yes | Yes | Yes | No 1 | Yes | UT Enterprise Bulk Storage (UTEBS) (utexas.edu/its/storage/) | Yes | Yes | No | Yes | Yes | Yes | Some ===> | No | Yes | Yes | Yes | No 1 | Yes |
|
Central Virtual Machine Hosting Services
| Advanced Tables - Table Plus |
|---|
Service Name | UT Contract | Centrally
Supported | For Students | For Staff/Faculty | Published Data | Controlled Data | Confidential Data | HIPAA | FERPA | SSNs | PCI | ITAR | IRB |
|---|
Virtual Servers (UT VMG) (utexas.edu/its/vserver/) | Yes | Yes | No | Yes | Yes | Yes | Some ===> | No | Yes | Yes | Yes | No 1 | Yes |
|
Central Database Services
| Advanced Tables - Table Plus |
|---|
Service Name | UT Contract | Centrally
Supported | For Students | For Staff/Faculty | Published Data | Controlled Data | Confidential Data | HIPAA | FERPA | SSNs | PCI | ITAR | IRB |
|---|
| ITS-Supported MySQL (utexas.edu/its/mysql/) | Yes | Yes | No | Yes | Yes | Yes | Some ===> | No | Yes | Yes | Yes | No | Yes | | ITS-Supported SQLServer (utexas.edu/its/sqlserver/) | Yes | Yes | No | Yes | Yes | Yes | Some ===> | No | Yes | Yes | Yes | No | Yes | | ITS-Supported Oracle (utexas.edu/its/products/oracle/) | Yes | Yes | No | Yes | Yes | Yes | Some ===> | No | Yes | Yes | Yes | No | Yes |
|
Notes on local services
...
Security Review for New Services
Departments evaluating the purchase and/or use of a cloud service not covered on this page with any confidential (Category I) university data should request a security review of the selected service by sending a written description of the proposed implementation to the Information Security Office. During service selection, departments should inform vendors that security testing (either performed by the Information Security Office or a qualified third party to the vendor) is a mandatory part of the university purchasing process.
Non-Compliance and Exceptions
If, for any purpose, a non-approved cloud service is used with any confidential (Category I) university data, an Exception Process must be initiated that includes reporting the non-compliance to the Information Security Office, along with a plan for risk assessment and management. (See Security Exception Report) Non-compliance with these standards may result in revocation of system or network access, notification of supervisors, and reporting to the Office of Internal Audit.
University of Texas at Austin employees are required to comply with both institutional rules and regulations and applicable UT System rules and regulations. In addition to university and System rules and regulations, University of Texas at Austin employees are required to comply with state laws and regulations.
Related UT Austin Policies
The policies and practices listed here inform the system hardening procedures described in this document and with which you should be familiar. (This is not an all-inclusive list of policies and procedures that affect information technology resources.)
Information Resources Use and Security Policy (IRUSP)
UT Austin Acceptable Use Policy (AUP)
UT Austin Data Classification Standard
UT Austin Information Security Exception Process