ITS recommends using WCM email, department network shared drives, and the Transfer service to store college data, including confidential data. Storing information on these systems helps decrease the chance for data loss and data breach. External storage devices, such as USB flash drives and external hard drives, can be easily lost or stolen, which has regulatory and financial implications for you and the college.
If flash drives or external hard drives are required for business needs, they will need to meet the compliance standards for encryption set by the U.S. Department of Health and Human Services. Any external storage device used to store college data, including confidential data, must meet the FIPS 140-2 encryption standard. Using a FIPS 140-2 compliance storage device will help render unsecured Protected Health Information unusable, unreadable, or indecipherable to unauthorized individuals.
Storing WCM data securely
If you need to store college data, please use WCM email, department network shared drives, and the Transfer service first. These are fully supported ITS services that provide safe data storage. However, if you need to store data on an external flash or hard drive, ask your department to purchase one that has FIPS 140-2 encryption software already built in. ITS recommends two manufacturers that exclusively produce FIPS 140-2 compliant flash and external hard drives available through CDW-G:
Please note that while ITS recommends these manufacturers, they are non-standard devices at the college. If the device malfunctions or you encounter any other issues while using the device, the Service Desk can offer a consultation, which may require a service fee.
Purchasing a flash drive or hard drive
If you are considering purchasing a flash drive or external hard drive, please determine if you are able to transfer the information through WCM email, your department network shared drive, or the Transfer system first. If you still need to use an external storage device, check with your Department Administrator for approval to purchase one of the recommended devices listed above. If you lose a flash drive or hard drive, report it immediately to the Service Desk and indicate when and where the device was lost or stolen.