Sharing files for accreditation activities

Issue/Question

We need a secure method of providing sensitive information to outside entities for accreditation.  We may also need to collaborate with outside entities during the process and would like a location to do that securely.   What methods and services does USD support for this?   

Environment

• Microsoft Teams
• Microsoft Sharepoint
• FERPA
• PII
• HIPAA
• GLBA
• GDPR
• Data Loss Prevention
• Data Stewards

Cause

USD is committed to helping the Schools, Departments, Faculty, and Staff protect data from breach threats such as physical breaches, electronic breaches, and skimming.  These breaches can occur due to human error, physical theft, ransomware, phishing, or even malicious insiders.  To improve our security posture and meet complex compliance and regulatory requirements such as The South Dakota Breach Law, FERPA, GDPR, HIPAA we are requesting that ITS supported services be used to share data with external entities.  Data sharing is authorized and governed through the current data governance process and it's data stewards.

Both Microsoft Teams and Microsoft Sharepoint are the most universally compliant file sharing and collaborative services that ITS supports.  One of those two services should be chosen for file sharing and collaboration with external entities during accreditation activities, with approval from data stewards.  Technical controls to protect data in these platforms include:

• Restricting view permission on a per file basis
• Making files view only
• Making files viewable only in web browser and not available in desktop version of Office
• Blocking of file downloads
• Blocking of printing
• Tagging of data as confidential
• Alerting of suspicious use of files like bulk downloading
• Alerting of use of files from suspicious location
• Restricting access to the files or the whole site based on geo-location

Resolution

1. Once data sharing has been authorized, via current data governance process, chose one of the following services, setup your site, and invite guests.
   • Microsoft Teams Information and setup Teams document - generally recommended for file sharing and collaboration
   • Microsoft Sharepoint Information and setup Sharepoint document - generally recommended for file sharing
2. Protect and Classify Documents in bulk or Protect Office files individually that need extra protection prior to uploading them to your Team Site. 
   note: This may be done by Data Stewards prior to them releasing data.
3. Provide users with instruction on how to view protected files
   • View protected Office Files by opening them in Excel, Word, Powerpoint, etc.  The functionality is built-in
   • View protected PDFs

Please contact the Service Desk if you need assistance with Teams or Sharepoint setup or if you have security concerns