Protected Data Guideline for AWS
Amazon Web Services - Sensitive Data Guidance
AWS has a core set ofÌý, but it is up to each user to implement appropriate security controls and to comply with applicable University policies, notablyÌýpolicies relatingÌýto the protection of University dataÌý²¹²Ô»åÌýLevel 1 data policies.Ìý
Third-party content that is available through AWS are generally governed by separate contract terms and conditions, including separate fees and charges. AWS may not have tested or screened third-party content.
| Data Type | Data Use | Comments |
|---|---|---|
| Credit CardÌý(PCI-DSS) | Not permitted. | Not acceptable for PCI-DSS data. |
| Export Control | Consult | Consult withÌýInformation Security. |
| Electronic Protected Health InformationÌý(ePHI) subject to HIPAA | Consult | HIPAA Business Associate Agreement has been signed. Consult withÌýInformation Security. |
| Human Subject Research | Consult | Consult withÌýInformation Security. |
| Intellectual Property | Consult | Consult withÌýInformation Security. |
| IT Security Information | Permitted | When appropriately configured. |
| Other Sensitive Institutional InformationÌý (e.g. Fundraising, Attorney/Client Privileges) |
Consult | Consult withÌýInformation Security. |
| Personally Identifiable Information (PII) | Consult | When appropriately configured; consult withÌýInformation Security.Ìý |
| Public Information | Permitted | Ìý |
| Research DataÌý (Animal General, Non-Humanoid Subject Research) |
Permitted | Consult withÌýInformation SecurityÌýand office of research.Ìý |
| Student Education Records (FERPA) |
Permitted | Excluding student health records. Consult withÌýInformation Security. |