WSU Service | Public | Human Subjects De-Identified | Internal | Student Education Records (FERPA) | Personal Information (RCW 42.56.590) | Human Subjects Identifiable (Non-Regulated) | Student Loan Application Data (GLBA) | Protected Health Information (HIPAA)* | Payment Card Information (PCI) | Export Controlled Research (ITAR/EAR) | Federal Information Security Management Act (FISMA) | EU General Data Protection Regulation (GDPR) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Zoom | ** | |||||||||||
MS Office 365 Email | * | * | * | * | ||||||||
MS Teams – Modern Groups /Sites | ||||||||||||
MS OneDrive | ** | |||||||||||
MS SharePoint | ||||||||||||
MS CoPilot for Web without WSU Login | ||||||||||||
MS CoPilot for Web with WSU Login | ||||||||||||
Adobe | ||||||||||||
Azure | ** | |||||||||||
Amazon Web Services | ||||||||||||
Qualtrics | ||||||||||||
Redcap | ** | |||||||||||
Other Services | ||||||||||||
Box | ||||||||||||
Dropbox | ||||||||||||
Google Drive |
De minimis Use Rule:
Appropriate use of state-provided resources for personal use is defined in WSU Executive Policy Manual EP45 – University Ethics Policy.
Intuitional data is not permitted to be stored on individual or personal cloud services.
Legend:
Permitted (Must comply with all applicable laws, regulations and WSU policy)
Permitted with contract and must comply with all applicable laws, regulations and WSU policy
Not Permitted
* WSU Internal to WSU Internal Only
**Enterprise level BAA exists
(3rd parties that create, receive, maintain, or transmit HIPAA data on behalf of, or for the benefit of, WSU, whether directly or through another business associate, are required to include a Business Associates Agreement as part of the contract agreement.)