UMass Amherst Service Categorizations
How to Use This Page
This page presents UMass Amherst-supported services, with information about what types of data can be stored or shared with each. Use this information to inform your decisions about what services your data can be stored or shared on.
Data with specific compliance requirements will need a risk assessment to help determine the appropriate business processes and IT services for the data. If you have questions, or to coordinate a risk assessment, please contact @email.
Glossary of Terms
- Confidentiality - "How bad would it be if someone who is not supposed to have access gets access?"
- Integrity - "How bad would it be if the data was accidentally changed or corrupted?"
- Availability - "How bad would it be if the data was not available when you needed it?"
Key
Green = High/Yes
Yellow = Moderate/Varies
Red = Low/No
More information about categorization
High, Moderate, and Low indicate the maximum level of data confidentiality/integrity/availability offered by a service. Data can be stored/shared on a service that offers an equal or higher level than what is required for that data.
For example, Microsoft OneDrive at UMass Amherst offers high confidentiality - but data which only requires low confidentiality can still be stored in OneDrive.
⚠ We discourage the use of SSN unless required by law. If you need a unique identifier, contact IT at @email.
ℹ Note: This page refers to services available through UMass Amherst, not versions of services available for personal use.
E.g. your UMass Amherst Gmail account, not your personal Gmail account.
Online File Storage
ℹ See the Research Computing and Storage Environments sections below for more mass data storage options.
Scroll for more ➡ | Microsoft OneDrive | Microsoft Teams | Google Drive |
|---|---|---|---|
| Confidentiality | High | High | High |
| Integrity | High | High | High |
| Availability | High | High | High |
| FERPA | Yes | Yes | Yes |
| Health Records (HIPAA ePHI) | Yes | Yes | No |
| Health Records (non-HIPAA) | Yes | Yes | Yes |
| SSN | Yes | No | Yes |
| PCI | No | No | No |
| Research CUI | No | No | No |
| Human Subject Research Data | Yes | Yes | Yes |
| Operational / Internal Use | Yes | Yes | Yes |
| Export Controlled (ITAR/EAR) | No* | No* | No* |
| Notes | *Contact Research Compliance/IT to develop compliant solution. | *Contact Research Compliance/IT to develop compliant solution. | *Contact Research Compliance/IT to develop compliant solution. |
Email & Calendar
⚠ Email across the internet is unencrypted and not secure.
Scroll for more ➡ | Microsoft 365 Email & Calendar | Google Mail & Calendar |
|---|---|---|
| Confidentiality | Moderate | Moderate |
| Integrity | High | High |
| Availability | High | High |
| FERPA | Yes | Yes |
| Health Records (HIPAA ePHI) | No | No |
| Health Records (non-HIPAA) | No | No |
| SSN | No | No |
| PCI | No | No |
| Research CUI | No | No |
| Human Subject Research Data | No | No |
| Operational / Internal Use | Yes | Yes |
| Export Controlled (ITAR/EAR) | No | No |
Video Conferencing
Scroll for more ➡ | Zoom | Microsoft Teams |
|---|---|---|
| Confidentiality | High | High |
| Integrity | High | High |
| Availability | High | High |
| FERPA | Yes | Yes |
| Health Records (HIPAA ePHI) | Yes* | Yes |
| Health Records (non-HIPAA) | Yes | Yes |
| SSN | No | No |
| PCI | No | No |
| Research CUI | No | No |
| Human Subject Research Data | Yes | Yes |
| Operational / Internal Use | Yes | Yes |
| Export Controlled (ITAR/EAR) | No | No |
*A separate campus version of Zoom for HIPAA use is required for HIPAA ePHI health records. Please direct any questions to @email.
Electronic Signature
| Docusign | |
| Confidentiality | High |
| Integrity | High |
| Availability | High |
| FERPA | Yes |
| Health Records (HIPAA ePHI) | No |
| Health Records (non-HIPAA) | No |
| SSN | Yes |
| PCI | No |
| Research CUI | No |
| Human Subject Research Data | Yes |
| Operational / Internal Use | Yes |
| Export Controlled (ITAR/EAR) | No |
Web Services
| UMass Amherst public facing websites & blogs | |
| Confidentiality | N/A |
| Integrity | Moderate |
| Availability | High |
| FERPA | No |
| Health Records (HIPAA ePHI) | No |
| Health Records (non-HIPAA) | No |
| SSN | No |
| PCI | No |
| Research CUI | No |
| Human Subject Research Data | No |
| Operational / Internal Use | No |
| Export Controlled (ITAR/EAR) | No |
Research Computing Environments (UMass Amherst)
ℹ Services marked as Storage Capable may be used for data storage.
Scroll for more ➡ | Unity Cluster | Northeast Storage Exchange | SPHHS "Big Data" Cluster | MGHPCC Supercloud |
|---|---|---|---|---|
| Storage Capable | No | Yes | Yes | Yes |
| Confidentiality | High | High | High | Moderate |
| Integrity | High | High | High | High |
| Availability | High | High | High | Moderate |
| FERPA | Yes | No | Yes | Yes |
| Health Records (HIPAA ePHI) | No | No | No | No |
| Health Records (non-HIPAA) | Yes | No | Yes | No |
| SSN | No | No | Yes | No |
| PCI | No | No | No | No |
| Research CUI | No | No | No | No |
| Human Subject Research Data | Yes* | No | Yes | No |
| Operational / Internal Use | No | No | No | No |
| Export Controlled (ITAR/EAR) | No | No | No | No |
| Notes | *With IRB approval. | Use of this resource is subject to approval by SPHHS. | Use of this resource is subject to approval by SPHHS. |
More Research Computing Resources
For information about other research computing environments, and more research collaboration tools, see the UMass Amherst Research Computing website.