Updated guidelines for university-related use of messaging/collaboration platforms

University of Utah faculty, health care employees, and all other staff are bound by institutional, state, federal, grant agency, and international laws, policies, and other restrictions pertaining to the protection of restricted and sensitive data. With these obligations in mind, the university routinely reviews software platforms to assess usage restrictions, data security features, information privacy practices, and other relevant factors. As a result of those review activities, the university has carefully selected and made available certain software platforms that, when used properly, protect restricted and sensitive data and are suitable for common use cases among campus users.

University approved and supported platforms for messaging and collaboration include:

• University-licensed Microsoft 365 products, particularly Teams
• University-licensed Google Workspace
• University-licensed Zoom for academic and health care use
• Canvas

The university is aware that some campus members may prefer to use software tools not selected and approved by the university. For instance, when collaborating on a research project with peers at a different institution, it may be expedient to use a messaging and collaboration software platform preferred by the collaborators.

When using a software tool not approved by the university, it is the responsibility of the user to ensure that no sensitive or restricted university data is stored on or processed by the tool and that the user’s intended use is permitted under the license the user accepts when accessing the tool. Or, if sensitive or restricted university data will be stored on or processed by the tool, the user must ensure that the tool’s features provide protections for that data that meet the expectations of any applicable law, contract, or university policy governing such data.

In every instance, prior to using software not specifically approved by the university, the user is responsible for diligently and carefully reviewing the vendor’s materials to ensure that the user can comply with the vendor’s terms and that the vendor’s protections are adequate considering the user’s planned activities. Relevant materials will generally include end user agreements, privacy policies, acceptable use policies (including the vendor’s limitations on processing certain types of information or using the platform for commercial purposes), and other provisions contained in the vendor’s license agreement, terms of services, or general terms and conditions.

For details, please review the university's Information Security Policy 4-004 and Rule 4-004C: Data Classification and Encryption. If you have questions or comments please contact the IT Governance, Risk, & Compliance office at iso-grc@utah.edu.

 

Node 4 Search