Approved File Storage and Sharing Services
Quick Overview
- Only approved storage locations may be used for university data
- Primary approved services: OneDrive, Teams, SharePoint, and on-premise file shares
- Use of other cloud storage services requires an approved exception
- Applies to faculty, staff, and departments storing or sharing university information
To protect university data and meet security and compliance requirements, Stephen F. Austin State University (SFA) requires that institutional files be stored and shared only using approved services. These platforms provide appropriate security controls, backup, access management, and monitoring.
Approved Storage and Sharing Locations
The following locations are approved for storing and sharing university data:
- Microsoft OneDrive – Individual work files and secure sharing
- Microsoft Teams – Team collaboration and shared project files
- Microsoft SharePoint – Departmental or organizational document management
- On-premise network file shares – Departmental storage managed by IT
|
i
|
Tip
Microsoft 365 services (OneDrive, Teams, and SharePoint) allow secure sharing with internal and external collaborators while maintaining university security controls.
|
Policy and Compliance Requirements
The use of approved file storage and sharing services supports the university’s information security and data protection obligations. These requirements are based on state and university policies that govern how institutional data must be protected.
- Texas Administrative Code (TAC) 202 – Requires state institutions to implement security controls to protect sensitive and confidential information.
- UT System Policy UTS 165 – Information Resources Use and Security – Requires university information resources and data to be protected using approved and secure services.
|
!
|
Important
Storing university data in unapproved services may create compliance risk and could result in the exposure of sensitive or confidential information.
|
Use of Other File Storage Services
Consumer or third-party cloud storage services (such as personal Dropbox, Google Drive, Box, or similar platforms) are not approved for storing or sharing university data unless a formal exception has been granted.
|
!
|
Important
University data must not be stored in unapproved personal or third-party storage locations. Doing so may expose sensitive information and violate university policy.
|
Common Non-Approved Storage Services
The following services are commonly used but are not approved for storing or sharing university data unless an exception has been granted:
- Personal Google Drive or Google Workspace accounts
- Dropbox
- Box
- iCloud Drive
- Personal file storage associated with personal email accounts
- Any personal or consumer cloud storage service not provided or approved by the university
|
i
|
Tip
If you need to collaborate with external partners, Microsoft Teams, OneDrive, and SharePoint support secure external sharing and should be used whenever possible.
|
Exception Requests
If a business, research, or operational need requires the use of a file storage or sharing service that is not listed as approved, an exception must be requested and approved before university data is stored in the service.
- Exceptions are reviewed on a case-by-case basis
- The service will be evaluated for security and accessibility requirements
- Additional safeguards or agreements may be required prior to approval
How to Request an Exception
- Submit an Electronic Accessibility and Security Review request through the IT Service Portal.
- Provide the business or research justification for the requested service.
- Wait for review and approval before storing or sharing university data using the service.
|
!
|
Important
University data must not be stored in a non-approved service until the Electronic Accessibility and Security Review has been completed and approval has been granted.
|
Need Help?
Contact the IT Help Desk at (936) 468-4357 (HELP).