Text messages must not contain any Fordham Protected or Fordham Sensitive data. This includes the use of MMS (Multimedia Messaging Service) to send pictures or files containing Fordham Protected or Fordham Sensitive information.
The use of text messages is only permitted to communicate Fordham-related information for which there is no expectation of privacy or confidentiality (public data).
The recipient is responsible for all data retention and recovery.
Google Drive
Description
Google Drive is used to create, share, and store files, enabling file access from any computer. Google Drive can be accessed via
drive.google.com or from
My Apps menu on the Fordham website. Google Drive allows real-time collaboration and sharing of text documents, spreadsheets, presentations, forms, and storage of images, PDFs, Microsoft Word and Excel files.
Links
Data Retention and Recoverability
Data contained in Google Drive is manually retained. Those using Google Drive should delete documents as per the
Records Retention and Disposal Policy. Google stores data until it is deleted. There are no additional backups.
You may delete Google Drive files by moving them to a Google trash folder. The files are automatically deleted forever after they've been in the trash folder for 30 consecutive days. You may expedite this purge by emptying the trash manually. While a Google Drive file is in the trash, you may recover it at any time within the 30-day period. Please reference the following Google-provided documentation on deleting and restoring files in Google Drive:
Delete and restore files in Google Drive
Google allows you to delete files if they meet the following criteria:
After a file is deleted from the trash, Fordham IT may assist in recovering it if notified before 25 days have elapsed. If assistance is needed, please contact
IT Service Desk.
Permitted Data
Public Data
Data permitted with restrictions
Student Educational Records – FERPA
(1)
Personally Identifiable Information – PII
(1)
Protected Health Information - PHI/HIPAA/RHI
(1)
Attorney-Client Privileged Information
(1)
Fordham Sensitive Data
(1)
Prohibited Data
Student Loan Application Information - GLBA/CUI
Credit Card/PCI
Core Google™ Apps: Calendar, Chat/Meet, Classroom, Groups, Jamboard, and Sites
Description
The Core Google™ Apps provided to Fordham University students, faculty, staff, alumni, and guests include:
- Calendar – a time management application used to keep track of events, allows for calendar sharing with others
- Chat/Meet – for chat and online meetings (formerly Hangouts)
- Classroom – used by instructors to create and organize assignments, provide feedback, and communicate with students
- Groups – creates a set of people with whom you can share Google resources, as a mailing list or for security on Google Docs, Sites, or Sheets
- Jamboard – a collaborative, digital whiteboard
- Sites – a website creation tool
Links
Data Retention and Recoverability
Data contained on Google Core Apps is manually retained. Those using Google Core Apps should delete documents as per the
Records Retention and Disposal Policy. Google Docs, Sheets (for spreadsheets), and Slides (for presentations) store their documents in Google Drive. Please reference the Google Drive section for additional information regarding retention using that product. Other data stored on Google Core Apps is currently not backed up.
Permitted Data
Public Data
Data permitted with restrictions
Student Educational Records – FERPA
(1)
Personally Identifiable Information – PII
(1)
Attorney-Client Privileged Information
(1)
Fordham Sensitive Data
(1)
Prohibited Data
Student Loan Application Information - GLBA/CUI
Protected Health Information - PHI/HIPAA/RHI
Credit Card/PCI
Non-Core Google Apps (e.g., Photo, Maps, YouTube)
Description
Non-core Google Apps™, such as Photo, Maps, and YouTube, are not covered by Fordham's Google Apps for Education agreement with Google and may only be used to share or maintain data for which there is no expectation of privacy or confidentiality (public data). Any Google App not listed in Core Google Apps, as well as other Google services, extensions, or add-ons, are classified as Non-Core.
Links
Data Retention and Recoverability
Data contained in Google Non-Core Apps is manually retained. Those using Google Non-Core Apps should delete documents as per the
Records Retention and Disposal Policy. Data stored on Google Non-Core Apps is not backed up.
Permitted Data
Public Data
Data permitted with restrictions
None
Prohibited Data
Student Educational Records - FERPA
Student Loan Application Information - GLBA/CUI
Personal Identifiable Information - PII
Protected Health Information - PHI/HIPAA/RHI
Credit Card/PCI
Attorney-Client Privileged Information
Fordham Sensitive Data
File Shares and Managed Servers
Description
Managed Servers are secure file shares (e.g., ) provided by Fordham’s Office of Information Technology to individuals and departments. Folders on these file shares may be securely accessed when off-campus via Fordham's Virtual Private Network (VPN).
Data Retention and Recoverability
PC's local C:\ or Macintosh HD drives may not be automatically backed up; see the Local Drive Usage Advisory for details. Those using file shares are responsible for deleting documents per the Records Retention and Disposal Policy. Data stored on file shares and other servers managed by the Office of Information Technology are backed up daily with a 90-day retention period. These files can be restored, if necessary, by request.
Permitted Data
Student Educational Records - FERPA
Student Loan Application Information - GLBA/CUI
Personal Identifiable Information - PII
Attorney-Client Privileged Information
Fordham Sensitive Data
Public Data
Data permitted with restrictions
None
Prohibited Data
Protected Health Information - PHI/HIPAA/RHI
Credit Card/PCI
Equipment (Desktop, Laptop, Tablet, Smartphone)
Description
Use of Fordham-provided laptops, tablets, and smartphones (mobile devices) that access University data must comply with the following security measures:
-
All devices, where possible, must be secured using a PIN (6-digit minimum) or other password protection.
-
All devices, where possible, must enable automatic lockout for idle devices for 5 or fewer minutes.
-
All devices, where possible, must have remote wipe capability installed and enabled.
-
Any lost, stolen, or compromised device must immediately be reported to the IT Service Desk at 718-817-3999. To protect the integrity and security of Fordham University data, all users of mobile devices that access University data will be subject to remote locking or data-wiping of lost, stolen, or otherwise compromised devices.
Data Retention and Recoverability
Data on equipment and not on the S:\ drive is manually retained by the individual to whom the device is allocated. Those using equipment and not using the S:\ drives should delete documents as per the
Records Retention and Disposal Policy. Data stored on equipment and not on the S:\ drives is currently not backed up.
Permitted Data
Student Educational Records - FERPA
Personal Identifiable Information - PII
Attorney-Client Privileged Information
Fordham Sensitive Data
Public Data
Data permitted with restrictions
Student Loan Application Information – GLBA/CUI
(2)
Prohibited Data
Protected Health Information - PHI/HIPAA/RHI
Credit Card/PCI
Fordham-Provided Removable Media (USB drives)
Description
Removable media is a component that can be inserted into and removed from a system and used to store data or information (e.g., text, video, audio, image data). Such components are typically implemented on magnetic, optical, or solid-state devices (e.g., CDs, DVDs, flash/USB drives, external hard disk drives, and flash memory cards/drives that contain non-volatile memory).
Removable media may only be used in conjunction with a sanctioned encryption product to protect the data at rest. Please contact Information Security and Assurance at
[email protected] for guidance before copying any Fordham Protected or Fordham Sensitive data to a removable device.
Permitted Data
Public Data
Data permitted with restrictions
Student Educational Records – FERPA
(2)
Student Loan Application Information – GLBA/CUI
(2)
Personally Identifiable Information – PII
(2)
Protected Health Information - PHI/HIPAA/RHI
(2)
Attorney-Client Privileged Information
(2)
Fordham Sensitive Data
(2)
Prohibited Data
Credit Card/PCI
Devices on PCI-Compliant Network
Description
The PCI-compliant network is a network provided by Fordham IT that is compliant with the payment card industry's Data Security Standards (DSS). The only devices that should reside on this network are those that process credit card transactions on behalf of the University. Devices on this network include but are not limited to the Aramark payment devices located in all food service areas at Rose Hill and Lincoln Center and the Ram Van ticketing machines at both Rose Hill and Lincoln Center. Any department that wishes to utilize this network will need to contact the Office of Treasury Operations at 718-817-4940 for further information.
Data Retention and Recoverability
Storage of credit card information is prohibited. Any other data contained on the PCI-compliant network is manually retained. Those utilizing the PCI-compliant network should delete documents as per the
Records Retention and Disposal Policy. Data stored on the PCI-compliant network is currently not backed up.
Permitted Data
Student Educational Records - FERPA
Personal Identifiable Information - PII
Credit Card/PCI
Fordham Sensitive Data
Public Data
Data permitted with restrictions
None
Prohibited Data
Student Loan Application Information - GLBA/CUI
Protected Health Information - PHI/HIPAA/RHI
Attorney-Client Privileged Information
Blackboard®
Description
Blackboard is an online learning management solution. Faculty and students in on- and off-campus courses may use this application as a repository for course material, online course instruction, and sharing and storing information.
Links
Data Retention and Recoverability
Any data contained in Blackboard is manually retained. Those utilizing Blackboard are responsible for deleting documents as per the
Records Retention and Disposal Policy. Data stored on Blackboard is currently not backed up.
Permitted Data
Student Educational Records - FERPA
Fordham Sensitive Data
Public Data
Data permitted with restrictions
None
Prohibited Data
Student Loan Application Information - GLBA/CUI
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA/RHI
Credit Card/PCI
Attorney-Client Privileged Information
Zoom™
Description
Zoom™ is an application for online video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, and telephones. All active Fordham University employees and students are eligible to log in to Zoom with their Fordham credentials.
Links
Data Retention and Recoverability
Recordings stored in Zoom's cloud environment are automatically deleted after 30 days.
Permitted Data
Student Educational Records - FERPA
Public Data
Data permitted with restrictions
Student Loan Application Information – GLBA/CUI
(7)
Personal Identifiable Information – PII
(7)
Protected Health Information - PHI/HIPAA/RHI
(7)
Attorney-Client Privileged Information
(7)
Fordham Sensitive Data
(7)
Prohibited Data
Credit Card/PCI
Panopto®
Description
Panopto® is a cloud-based lecture capture service available to all Fordham University faculty, staff, and students. Panopto is used to record lectures for asynchronous viewing, while Zoom™ and Blackboard® Collaborate are used for live classes / synchronous viewing.
Links
Permitted Data
Student Educational Records - FERPA
Public Data
Data permitted with restrictions
None
Prohibited Data
Student Loan Application Information - GLBA/CUI
Personal Identifiable Information - PII
Protected Health Information - PHI/HIPAA/RHI
Credit Card/PCI
Attorney-Client Privileged Information
Fordham Sensitive Data
OnBase® by Hyland
Description
OnBase® by Hyland, Fordham University's enterprise content management system, stores documents and data that have been captured and indexed according to individual departments' business rules, records management guidelines, and retrieval needs.
This information is accumulated and managed as a system of record in a secure central repository where the documents can be easily retrieved via a line of business applications (e.g., Banner, PowerFAIDS®, Fordham Connect, FSA Atlas) or via the OnBase Web and Unity clients. Rules-based workflows move documents from point A to point B by placing documents in queues, thus eliminating the tedious and risky part of a process. Additionally, workflows route documents based on established process rules (rules-based routing) or based on a user decision (decision-based routing). Finally, each step in every process is tracked and scribed to the audit trail for each transaction to ensure compliance requirements and accountability.
OnBase provides the ability to:
-
Capture documents, including paper, electronic documents, email, system reports, e-forms
-
Manage content according to business rules
-
Store, organize, and track content
-
Create workflows to deliver documents to processes as soon as they are needed
-
Preserve and protect documents in compliance with internal and external standards
Data Retention and Recoverability
Data contained in Hyland/OnBase is manually retained. Those using Hyland/OnBase should delete documents per the
Records Retention and Disposal Policy. We are in the process of implementing a records management module, which will manage the retention and disposition of stored documents according to predefined business rules. Data stored on Hyland/OnBase is backed up at Hyland data centers. Additionally, deleted documents are sent to a document maintenance queue and can be recovered if needed.
Permitted Data
Student Educational Records - FERPA
Student Loan Application Information - GLBA/CUI
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA/RHI
Attorney-Client Privileged Information
Fordham Sensitive Data
Public Data
Data permitted with restrictions
None
Prohibited Data
Credit Card / PCI
ServiceNow™
Description
ServiceNow is an IT Service Management (ITSM) tool used at Fordham University for incident management, service request management, asset management, problem management, configuration management, change management, and Knowledge Management.
Data Retention and Recoverability
Permitted Data
Student Educational Records - FERPA
Public Data
Data permitted with restrictions
None
Prohibited Data
Student Loan Application Information - GLBA/CUI
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA/RHI
Credit Card/PCI
Attorney-Client Privileged Information
Fordham Sensitive Data
MailChimp®, Acoustic Marketing Automation (Fordham Messaging Platform / FMP)
Description
MailChimp® and Acoustic Marketing Automation (Fordham Messaging Platform / FMP) – formerly IBM Watson Marketing and SilverPop – are email marketing tools used for targeted marketing campaigns and the email distribution of newsletters and automated messages.
Links
Data Retention and Recoverability
MailChimp and Acoustic Marketing Automation data is stored and backed up by the vendor. Those downloading data from these services should delete this data as per the
Records Retention and Disposal Policy.
Permitted Data
Public Data
Data permitted with restrictions
Student Educational Records – FERPA
(3)
Fordham Sensitive Data
(3)
Prohibited Data
Student Loan Application Information - GLBA/CUI
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA/RHI
Credit Card/PCI
Attorney-Client Privileged Information
Qualtrics®
Description
Qualtrics® is a web-based survey tool provided for free to all Fordham students, faculty, and staff.
Links
Data Retention and Recoverability
Permitted Data
Student Educational Records - FERPA
Student Loan Application Information - GLBA/CUI
Personally Identifiable Information - PII
Protected Health Information - PHI/HIPAA/RHI
Fordham Sensitive Data
Public Data
Data permitted with restrictions
none
Prohibited Data
Credit Card/PCI
Attorney-Client Privileged Information
Microsoft Azure™ Cloud Computing Platform
Description
The Microsoft Azure™ Cloud Computing Platform, which uses your Fordham-issued account, provides a suite of computing and storage services.
Links
Data Retention and Recoverability
Azure content is stored and backed up by Microsoft. Please contact IT Service Desk to discuss how Azure services should be set up to meet your backup and recoverability needs. Those using Microsoft Azure storage should delete data as per the
Records Retention and Disposal Policy.
Permitted Data
Public Data
Data permitted with restrictions
Student Educational Records – FERPA
(4)
Student Loan Application Information – GLBA/CUI
(4)
Personally Identifiable Information – PII
(4)
Protected Health Information - PHI/HIPAA/RHI
(4)
Attorney-Client Privileged Information
(4)
Fordham Sensitive Data
(4)
Prohibited Data
Credit Card/PCI
Microsoft OneDrive™ for Business
Description
OneDrive™ is used to create, share, sync, and store files. As part of Fordham University's Office 365™ subscription, files can be saved in OneDrive and then accessed and modified from a browser or mobile device. To use Fordham OneDrive for Business or sync your files, sign in to your Fordham-issued account with your AccessIT ID.
Links
Data Retention and Recoverability
Data contained in OneDrive for Business is manually retained. Those using Fordham OneDrive for Business should delete documents as per the
Records Retention and Disposal Policy. Note that Fordham Office 365 documents may be stored on OneDrive, and users are responsible for adherence to the Data Retention and Recoverability and Data Classification Guidelines covering those documents.
Permitted Data
Public Data
Data permitted with restrictions
Student Educational Records – FERPA
(1)
Student Loan Application Information – GLBA/CUI
(1)
Personally Identifiable Information – PII
(1)
Protected Health Information - PHI/HIPAA/RHI
(1)
Attorney-Client Privileged Information
(1)
Fordham Sensitive Data
(1)
Prohibited Data
Credit Card/PCI
Microsoft Office 365™
Description
Office 365™ provides cloud-based versions of Microsoft productivity applications such as Word, Excel, PowerPoint, and Teams.
Links
Data Retention and Recoverability
Office 365 documents may be placed on storage platforms such as local drives, Fordham OneDrive for Business, Fordham Google Drive, Fordham File Shares (S:\ drive), and Managed Servers. Please refer to the Data Retention and Recoverability and Data Classification Guidelines for the selected storage platform.
Permitted Data
Public Data
Data permitted with restrictions
Student Educational Records – FERPA
(1)
Student Loan Application Information – GLBA/CUI
(1)
Personally Identifiable Information – PII
(1)
Protected Health Information – PHI/HIPAA/RHI
(1)
Attorney-Client Privileged Information
(1)
Fordham Sensitive Data
(1)
Prohibited Data
Credit Card / PCI
Reclaim Hosting
Description
Reclaim Hosting provides hosting for digital projects and web-based applications, including WordPress®.
Links
Data Retention and Recoverability
Reclaim-hosted content is not automatically backed up at Fordham. Users of this service are responsible for data backup and data recovery. Those using Reclaim storage should delete data as per the
Records Retention and Disposal Policy.
Permitted Data
Public Data
Data permitted with restrictions
Student Educational Records – FERPA
(1)
Prohibited Data
Student Loan Application Information – GLBA/CUI
Personal Identifiable Information – PII
Protected Health Information – PHI/HIPAA/RHI
Credit Card / PCI
Attorney-Client Privileged Information
Fordham Sensitive Data