UMass Amherst Service Categorizations

How to Use This Page

This page presents UMass Amherst-supported services, with information about what types of data can be stored or shared with each. Use this information to inform your decisions about what services your data can be stored or shared on.

Data with specific compliance requirements will need a risk assessment to help determine the appropriate business processes and IT services for the data. If you have questions, or to coordinate a risk assessment, please contact @email.

Glossary of Terms

  • Confidentiality - "How bad would it be if someone who is not supposed to have access gets access?"
  • Integrity - "How bad would it be if the data was accidently changed or corrupted?"
  • Availability - "How bad would it be if the data was not available when you needed it?"

More information about data categorization

Key

Green = High/Yes

Yellow = Moderate/Varies

Red = Low/No

More information about categorization

High, Moderate, and Low indicate the maximum level of data confidentiality/integrity/availability offered by a service. Data can be stored/shared on a service that offers an equal or higher level than what is required for that data.

For example, Microsoft OneDrive at UMass Amherst offers high confidentiality - but data which only requires low confidentiality can still be stored in OneDrive.

⚠  We discourage the use of SSN unless required by law. If you need a unique identifier, contact IT at @email.

ℹ  Note: This page refers to services available through UMass Amherst, not versions of services avaliable for personal use.
E.g. your UMass Amherst Gmail account, not your personal Gmail account.

Online File Storage

ℹ  See the Research Computing and Storage Environments sections below for more mass data storage options.

Scroll for more ➡

Microsoft OneDrive Microsoft Teams Google Drive
Confidentiality High High High
Integrity High High High
Availability High High High
FERPA Yes Yes Yes
Health Records
(HIPAA ePHI)
Yes Yes Yes
Health Records
(non-HIPAA)
Yes Yes Yes
SSN Yes No Yes
PCI No No No
Research CUI Yes Yes Yes
Human Subject
Research Data
Yes Yes Yes
Operational / Internal Use Yes Yes Yes
Export Controlled
(ITAR/EAR)
No* No* No*
Notes *Contact Research Compliance/IT to develop compliant solution. *Contact Research Compliance/IT to develop compliant solution. *Contact Research Compliance/IT to develop compliant solution.
Email & Calendar

⚠  Email across the internet is unencrypted and not secure.

Scroll for more ➡

Microsoft 365 Email & Calendar Google Mail & Calendar
Confidentiality Moderate Moderate
Integrity High High
Availability High High
FERPA Yes Yes
Health Records
(HIPAA ePHI)
No No
Health Records
(non-HIPAA)
No No
SSN No No
PCI No No
Research CUI No No
Human Subject
Research Data
No No
Operational / Internal Use Yes Yes
Export Controlled
(ITAR/EAR)
No No
Video Conferencing

Scroll for more ➡

Zoom Microsoft Teams
Confidentiality High High
Integrity High High
Availability High High
FERPA Yes Yes
Health Records
(HIPAA ePHI)
Yes Yes
Health Records
(non-HIPAA)
Yes Yes
SSN No No
PCI No No
Research CUI Yes Yes
Human Subject
Research Data
Yes Yes
Operational / Internal Use Yes Yes
Export Controlled
(ITAR/EAR)
No No
Electronic Signature
  Docusign
Confidentiality High
Integrity High
Availability High
FERPA Yes
Health Records
(HIPAA ePHI)
Yes
Health Records
(non-HIPAA)
No
SSN Yes
PCI No
Research CUI Yes
Human Subject
Research Data
Yes
Operational / Internal Use Yes
Export Controlled
(ITAR/EAR)
No
Web Services
 

UMass Amherst public facing websites & blogs

Confidentiality N/A
Integrity Moderate
Availability High
FERPA No
Health Records
(HIPAA ePHI)
No
Health Records
(non-HIPAA)
No
SSN No
PCI No
Research CUI No
Human Subject
Research Data
No
Operational / Internal Use No
Export Controlled
(ITAR/EAR)
No
Research Computing Environments (UMass Amherst)

ℹ  Services marked as Storage Capable may be used for data storage.

Scroll for more ➡

Unity Cluster Northeast Storage Exchange SPHHS "Big Data" Cluster MGHPCC Supercloud
Storage Capable No Yes Yes Yes
Confidentiality High High High Moderate
Integrity High High High High
Availability High High High Moderate
FERPA Yes No Yes Yes
Health Records
(HIPAA ePHI)
No No No No
Health Records
(non-HIPAA)
Yes No Yes No
SSN No No Yes No
PCI No No No No
Research CUI Yes No Yes Yes
Human Subject
Research Data
Yes* No Yes No
Operational / Internal Use No No No No
Export Controlled
(ITAR/EAR)
No No No No
Notes *With IRB approval.   Use of this resource is subject to approval by SPHHS. Use of this resource is subject to approval by SPHHS.

More Research Computing Resources

For information about other research computing environments, and more research collaboration tools, see the UMass Amherst Research Computing website.

custom css here