Skip to main content

Help Guide: Handling P3 and P4 Data Securely

Updated

1. Purpose

This guide provides best practices for securely handling P3 and P4 classified Institutional Information, ensuring compliance with UC’s IS-3 policy by using approved storage solutions and implementing access controls.

2. Approved Cloud Storage for P3/P4 Data

UCSB provides Google Drive (Connect Account) and Box as approved platforms for storing P3 and P4 data. To ensure compliance:

  • Only use UC-approved accounts (e.g., UCSB Google Drive or UCSB Box) for storage.

  • Do not store P3/P4 data on personal devices or unauthorized cloud services.

3. Steps for Secure Data Migration & Purging Local Copies

  • Identify P3/P4 Data stored on local devices (Excluding Bren Staff Department Share)

    • If your P3 or P4 data is related to grant funded research, please contact the appropriate ORU IT staff for assistance.

  • Move data to UCSB Google Drive or UCSB Box using secure upload methods.

    • If your workflow requires local file server storage of P3 or P4 data please contact the Bren Compute team for options.

  • Verify successful upload by checking file integrity and permissions.

  • Purge Local Copies:

    • Securely delete files from local storage.

    • Use UC-approved data sanitization tools to ensure complete removal.

    • Empty the Recycle Bin/Trash and confirm deletion.

  • Disable Offline Access / Caching of Syncing Tools
    • Ensure Cloud Syncing Applications or Tools (Box Sync, Google Drive, etc.) have offline access disabled.

4. Role-Based Access Control (RBAC) & Auditing

To enforce least privilege access and maintain security:

  • Restrict access to only those who need it. (For UCSB Google Drive we recommend using Google Groups to manage access rights efficiently in a role based manner.)
  • External collaboration (Non-UC User Accounts) is not permitted for P3 or P4 data.
  • Review and update permissions at least quarterly.

  • Revoke access for users who no longer require it.

  • Note: Shared Drives do not allow more restrictive access to subfolders. You may need to:

    • Create multiple shared drives for different permission levels.

    • Work with the Bren Compute Team to set up shared folders from a functional account, which allows for a more flexible permission hierarchy.

5. Compliance & Support

  • Regular audits will ensure policy adherence and security best practices..

For further assistance, contact the Unit Information Security Lead (UISL) at itcontact@bren.ucsb.edu

Powered by Zendesk