RIS Storage : User Agreement

Use of Research Storage is primarily for research data which may include information that is classified as confidential and protected. Users of the storage who are unsure of the sensitivity of the data they intend to store should refer to the University’s information classification policies (See the information classification policy.) or contact the information security office at infosec@wustl.edu for guidance.

Information in the protected class is required by agency regulation and university policy to be encrypted in transit and at rest. Sensitive information in the Research Storage is not to be removed to unprotected networks and computing resources. It is required to be encrypted if it is not in an approved university data center, on a mobile device or other computing system. See the encryption policy.

It is the responsibility of the storage user to ensure adequate protection of the information at all times when using this service.

Users of this service:

  • Agree to store only data that pertains to official business and is authorized to be stored within the service.

  • Agree to ensure that sensitive information stored within the service is restricted to authorized team members on a need-to-know basis.

  • Agree to ensure that access to sensitive data is based on your role or research.

  • Agree to not retrieve information for someone who does not have authorization to access that information.

  • Agree to ensure that Confidential and Protected information is protected against unauthorized access using encryption, according to Washington University Information Security Policy, when sending it via electronic means (telecommunications networks, e-mail, and/or facsimile) or storing it outside of protected networks (Note1) and devices (Note2). (See the encryption policy. )

  • Agree to coordinate your user access requirements, and user access parameters, with the Research Infrastructure Services (RIS) WashU IT group.

  • Agree to notify the service provider (RIS) if access to the storage resources is beyond that which you or they have authorized.

  • Agree to report all security incidents or suspected incidents to the RIS (ris@wustl.edu) and/or INFOSEC. (infosec@wustl.edu)

  • Agree to discontinue use of the service from any resources that show signs of being infected by a virus or other malware and report the suspected incident.

  • Agree to safeguard storage resources against waste, loss, abuse, unauthorized users, and misappropriation.

  • Agree to ensure that hard or electronic copies of Confidential and Protected information are destroyed after it is no longer needed. (See See the media reuse and disposal policy.)

  • Agree to not store U.S. classified national security information or Controlled Unclassified Information (CUI) on the service.

  • Agree to the monitoring of your use of this service for any violations of the above.

An unprotected network or networks with insufficient protection include any network other than WUCON or a High Trust Domain. Consult with the RIS or INFOSEC groups, if you do not know what network you are on or where the data will reside.

Any device that stores protected information and does not encrypt the information and does not have a password/passcode is considered unsafe and in violation of policy.