O365's powerful collaboration suite is heavily guarded by protective measures that keep you and your data safe. Below you will find important information you can use to ensure the privacy and security of your institutional data.
Office 365 and require proper security of institutional data including personal information of students, faculty and staff. Failure to comply may result, at a minimum, with suspension of service. In particular, please note the following documents:
Data and systems are classified as High Risk if one or more of the following apply:
- The data is classified as Confidential or Regulated Information;
- Protection of the data is required by law or regulation;
- The University is required to notify the government or affected individuals if the data is inappropriately accessed; and/or
- The loss of confidentiality, integrity, or availability of the data or system could have a significant adverse impact on the University’s mission, safety, finances, or reputation
Data and systems are classified as Medium or Moderate Risk if they are not considered to be High Risk, and one or more of the following apply:
- The data is classified as Information for Internal Use;
- The data is not generally available to the public; and/or
- The loss of confidentiality, integrity, or availability of the data or system could have a minor adverse impact on the University’s mission, safety, finance, or reputation
Data and systems are classified as Low Risk if one or more of the following apply:
- The data is classified as Public Information;
- The data is intended for public disclosure; and/or
- The loss of confidentiality, integrity, or availability of the data or system would have no adverse impact on the University’s mission, safety, finances, or reputation
In addition to being considered high-risk information, please note that Payment Card Industry (PCI) information and Personal Health Information (PHI) are each subject to special regulations, therefore a service that is approved for use with high-risk data may not necessarily also be approved for use with PCI or PHI data.
For assistance with handling such data, please contact Information Security
applications, members of the York community must classify data based on the level of sensitivity and value of that data. More information on data classification can be found in York’s Information Security Classification Standard.
The table below lists which information classifications can be used in different Office 365 applications:
properly maintained over time. Keep these tips in mind:
- Share files with specific individuals or groups, do not use ”share with everyone”;
- Use folders to share groups of files with others;
- Remember that once a file is shared with someone, they can download it to their device and share it with others; and remove access when individuals no longer require access to files or folders.
have been licensed by York University Libraries, may not be shared with students via Office 365 services such as OneDrive for Business, SharePoint or OneNote, Groups, Teams, etc. Online course materials should always be made available to students via York-supported Learning Management Systems, such as Moodle. York’s faculty and staff are responsible for using copyright-protected materials appropriately.
If you would like more information on the use of copyright-protected materials for your course contact York’s Copyright Support Office at email@example.com
|Office 365: Email and Calendar||Canada|
|Office 365: Office Online & OneNote||Canada|
|Office 365: OneDrive for Business||Canada|
|Office 365: Groups||North America|
|Office 365: Skype for Business||Canada|
|Office 365: Teams||North America|
|Office 365: SharePoint||Canada|
|Office 365: Yammer||North America|
|Office 365: All other services||North America|
The Office 365 service for York University is governed by a formal agreement between the University and Microsoft that provides significant assurances concerning the security and privacy of the information stored or handled in Office 365.
The University has also done a risk-based Privacy Impact Assessment of the email service to ensure that potential risks have been identified. Steps were taken to mitigate those risks and the University meets its legal requirements with respect to privacy.
All of York University’s policies, including guidelines on emailing continue to apply to the Office 365 service.