Date Approved: March 20, 2014
Effective Date: March 20, 2014
Responsible Official: Chief Information Security Officer
Responsible Office: [U]Tech Information Security Office
Revision History: Version 1.0; dated February 4, 2014
Related legislation and University policies:
- Policy I-1 Acceptable Use of Information Technology (AUP)
- Policy I-1 Acceptable Use Policy
- Policy III-1, Information Tiers and Sensitivity
- Policy I-2 SSN Use Policy
- Policy III-1e Tier III Controls: Information Security Requirements for Restricted Information
Review Period: 5 Years
Date of Last Review: February 4, 2014
Related to: Faculty, Staff, Students, Alumni, affiliate account holders
Purpose
This policy establishes boundaries for sanctioned use of CWRU Google Apps for Education (Google Apps), including but not limited to email, calendar, contacts, online meetings (Hangouts), online file storage (Drive and Google Docs), self-service web sites (Sites), photos (Picasa), social media (Google+), etc.
Coordination with Other Policies and Procedures
The Sanctioned Use Policy for CWRU Google Apps is closely aligned with these policies:
- Policy I-1 Acceptable Use Policy
- Policy III-1, Information Tiers and Sensitivity
- Policy I-2 SSN Use Policy
- Policy III-1e Tier III Controls: Information Security Requirements for Restricted Information
Cancellation
Not applicable.
Policy Statement
General
Case Western Reserve University has been engaged in the use of Google Apps for Education (Google Apps) since 2007. In the use of the various applications in the Google Apps suite, the following policy is defined to assist users in prudent decisions about how to use Google Apps, and similar cloud-based services available to the CWRU community. The application suite encompasses Google Apps utilities available to authorized CWRU users, through appropriate Single Sign On authentication.
Policy
- The CWRU-branded Google Apps suite of applications have been approved for use with Public and Internal Use categories of information, as described in CWRU UTech Policy III-1 Information Tiers and Sensitivity.
- The storage and transfer of Restricted information in Google Apps is strictly prohibited, unless the files are individually protected using encrypted means sufficient to prevent disclosure (strongly encrypted, complex-password-protected attachments, with no passwords included).
Responsibility
End Users will manage information under their stewardship in accordance with university policy.
University Technology will manage risk of shared information in Google Apps through various audit and assessment activities.
Standards Review Cycle
This standard will be reviewed every three years on the anniversary of the policy effective date, at a minimum. The standard may be reviewed on a more frequent basis depending on changes of risk exposure.
Frequently Asked Questions (FAQ) for Sanctioned Use of Google Apps