Page History

ArgoApps

ArgoApps uses a more modern ‘remote access’ technology to deliver programs to end-devices which resemble programs running natively on client’s devices yet are actually running on our on-premises servers. These applications are delivered in two different yet secure and encrypted (in transit) manners. Via the locally installed “Citrix Client” software or via HTML5 (for devices which can run modern browsers).

The storage of the data being processed by the software delivered via ArgoApps will be the defining factor on Data Restrictions.

• By Default Argofiler (see below) will be used by ArgoApps.

• Local Storage is another option for the data which stores it on the user’s local computer - in this case then the Data Restrictions would be those defined under “Personally owned devices (phone, tablet, laptop, etc.)” (see below).

• G Drive is the last option available (if that service is connected and used via ArgoApps by the user) in this case, Data Restrictions would be defined under G Drive (see below)

Use restrictions for “Argofiler” OR Use restrictions for “Personally owned devices (phone, tablet, laptop, etc.)” OR G Drive as merited by the option selected and described under “Description of Compliance”.

Argofiler

Argofiler is a shared service provides storage solutions to UWF students, faculty and staff. It is intended to provide cost-effective, easy-to-use storage for administrative and research data. Argofiler is available using the Common Internet File System (CIFS) protocol. Argofiler with CIFS enables UWF system administrators to manage storage provisioning and access for their departments.

Argofiler provides a secure environment to store most types of sensitive data. However, you still must exercise caution when storing sensitive data in Argofiler which is not encrypted by default. Data is backed up for disaster recovery.

Social Security numbers (SSNs) should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data, such as the Data Warehouse. ITS Help Desk can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you. (Contact the ITS Help Desk.)

✅ Attorney/Client Privileged Information

✅ Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

✅ Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

✅ Student Loan Application Information (GLBA)

⚠️ Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Banner and ODS

The UWF Banner Enterprise Resource Program (ERP) and Operational Data Store supports reporting activity for university business. The data is organized in sets based on subject areas (for example, Payroll, Student Records, Financials). It is a university service, and only authorized university employees have access to it.

Banner and ODS may be used for

• Student Educational Records (protected by FERPA)

• Social Security Numbers

• Student Loan Application Information (protected by GLBA)

• Sensitive Identifiable Human Subject Research (if all U-M Institutional Research Board requirements are met)

• Export Controlled Research (protected by ITAR or EAR)

It may not be used for

• Protected Health Information (protected by ePHI-HIPAA)

• Payment Card Industry (PCI) information

• Federal Information Security Management Act (FISMA) Data

✅ Attorney/Client Privileged Information

✅  Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

✅ Student Loan Application Information (GLBA)

✅  Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Canvas

Canvas is a cloud-based Learning Management System (LMS) developed by Instructure, Inc. Canvas provides a set of tools for teaching and learning allowing faculty to manage instructional workflows, communicate class requirements, share documents, manage assignments, assess student performance, distribute grades, support course collaboration and discussions. Canvas also offers the ability to integrate with many external tools. Canvas courses are linked to official UWF course rosters so course site access is automatically managed based on course enrollment.

Canvas is a university contracted-for service covered by the university’s agreement with Unizin. Canvas provides a secure environment in which to maintain or share share the university's sensitive unregulated data, as well as some—but not all—types of sensitive regulated data. All Canvas user data is stored in Amazon Web Services (AWS) data centers.

While Canvas is secure, it does not comply with some specific regulatory and UWF policy requirements for certain types of protected regulated data. Data types that may not be maintained, shared, or processed in Canvas are:

• Export Controlled Research. This is because Canvas cannot ensure that only U.S. persons have access to or maintain its systems.

• Protected Health Information.This is because Canvas has not signed the necessary Business Associate Agreement mandated by HIPAA.

• Credit Card or Payment Card Industry (PCI) Information. Credit or debit card numbers cannot be stored in any electronic format without the expressed, written consent of the U-M Treasurer's Office. That office is responsible for the only PCI-compliant environment at the university.

• Data regulated by the Federal Information Security Management Act (FISMA). This is because Canvas does not have documentation or certification that demonstrates FISMA compliance.

• Student Loan Application Information (GLBA). Canvas is not designed to store financial information related to student loan and financial aid applications.

✅ Attorney/Client Privileged Information

🚫  Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

🚫 Student Loan Application Information (GLBA)

⚠️ Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Cloud Storage included with some Software

You or your unit may purchase software licenses or subscriptions for your university work that include cloud-based storage. In most cases, this software is installed on your university-owned computer. For example, some areas make Adobe Creative Cloud software available to UWF units at a discount, and the software subscription includes access to Adobe's cloud-based storage.

Cloud-based storage that is provided as part of a user license or subscription (that is, storage that is tied to a named individual or group account) should not be used to maintain or share the university's sensitive data.

Those who use cloud storage associated with a software license or subscription for university work are responsible for ensuring that sensitive university information is not placed or stored there.

Important Password Tip: If you are asked to select a user ID and password for access to a software license or subscription and any associated cloud storage, do not use your ArgoNet password. Your ArgoNet password should be used only with services provided through the University of West Florida.

🚫 Attorney/Client Privileged Information

🚫 Export Controlled Research (ITAR, EAR)

🚫 IT Security Information

🚫 Other Sensitive Institutional Data

🚫 Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

🚫 Sensitive Identifiable Human Subject Research

🚫 Student Education Records (FERPA)

🚫 Student Loan Application Information (GLBA)

🚫 Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

✅ Attorney/Client Privileged Information

🚫  Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

✅ Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

✅ Student Loan Application Information (GLBA)

✅ Social Security Numbers

⚠️ Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Dynamic Forms

Dynamic Forms provides a simple way for users to build Internet-based, sophisticated, interactive forms.  Key features of this software includes electronic signatures, single sign-on, data exchange between Dynamic Forms and other software (such as Banner), and a user portal (for users to review pending and previously completed forms.

Google “Additional Services” not covered under the TOS

The Google Additional Services (Non-Core) are those outside the Google at UWF Core Services. The Non-Core services are not covered by the university's Google Suite for Education agreement with Google. The Non-Core services include Blogger and YouTube, among many others. Google extensions and add-ons are also Non-Core. Any Google service not specifically identified in the Google at UWF List of Services as a Core service is considered Non-Core. Need to add Hangouts and Keep to Core Services*

Google Additional (Non-Core) Services may not be used to share or maintain any of the university’s sensitive data because these services are not covered by the university’s Google Suite for Education agreement.

When members of the university community use one of these services for the first time, they are required to agree to the Google standard terms of service and privacy policy in order to use the service.

🚫 Attorney/Client Privileged Information

🚫 Export Controlled Research (ITAR, EAR)

🚫 IT Security Information

🚫 Other Sensitive Institutional Data

🚫 Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

🚫 Sensitive Identifiable Human Subject Research

🚫 Student Education Records (FERPA)

🚫 Student Loan Application Information (GLBA)

🚫 Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Google Drive or “G” Drive

Google Drive at UWF is a Core Service within the Google Suite for Education software available to eligible members of the university community. Drive is a document creation and collaboration application. It includes Google Documents, Presentations, Spreadsheets, Forms, and Drawings.

Google Drive at UWF is a university contracted-for service. It is covered by the university’s Google Suite for Education agreement. It provides a secure environment within which to maintain or share the university's sensitive unregulated data, as well as some—but not all—types of sensitive regulated data.

Any restrictions on placing some types of sensitive regulated data in Google Drive are based on compliance rather than security. While Google Drive at UWF is secure, it does not comply with some specific regulatory and UWF policy requirements for certain types of sensitive regulated data. Among the types of data that may not be maintained, shared, or processed in Google Drive at UWF are:

• Protected Health Information (regulated by HIPAA) (because Google has declined to sign the necessary contractual agreement)

• Student Loan Application Information (regulated by GLBA)

• Payment Card Industry (PCI) information

• Export Controlled Research (regulated by ITAR or EAR) (because Google may store the data in data centers outside the U.S.)

✅ Attorney/Client Privileged Information

🚫 Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

🚫 Student Loan Application Information (GLBA)

🚫 Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Gmail and Calendar

Google Mail and Calendar at UWF, as well as Inbox by GMail, are Core Services within the Google Suite for Education software provided to eligible members of the university community.

As Core Services, Google Mail and Calendar at UWF, as well as Inbox by GMail, are covered by the university’s Google Suite for Education agreement. These services provide secure environments for maintaining or sharing the university's sensitive unregulated data, as well as some kinds of sensitive regulated data.

Social Security numbers should generally not be sent through email. Social Security numbers should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data, such as Banner. The ITS Help Desk can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you.

Google Mail and Calendar at UWF, as well as Inbox by GMail, may not be used for

• Protected Health Information (regulated by HIPAA) (because Google has declined to sign the necessary contractual agreement)

• Student Loan Application Information (regulated by GLBA)

• Payment Card Industry (PCI) information

• Sensitive Identifiable Human Subject Research

• Export Controlled Research (regulated by ITAR or EAR) (because Google may store the data in data centers outside the U.S.)

These data restrictions are compliance-based, not security-based. Regulatory requirements mandate that specific sensitive regulated data be restricted from this service, even though the service is secure. It may not be used for Protected Health Information because Google has not signed the necessary Business Associate Agreement mandated by HIPAA. Google may not be used for Export Controlled Research data because Google cannot ensure that only U.S. persons have access to or maintain its systems.

✅ Attorney/Client Privileged Information

🚫  Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

🚫 Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

🚫 Student Loan Application Information (GLBA)

⚠️ Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Google Sites, Talk/Hangouts, Keep, Groups

These are all Google at UWF Core Services that are provided to eligible members of the university community.

• Sites is a website creation application.

• Talk/Hangouts provide chat and online video/audio meetings.

• Keep is an application that lets people manage Notes and Tasks and Reminders.

• Google Groups are groups of people with whom you can share Google resources. Groups created and maintained in the Groups app within MyUWF and are synchronized to Google at UWF to facilitate resource sharing among members of the university community. Membership of these groups may not be visible in Google at UWF. If, however, you create a group using Google Groups, be aware that you are doing so outside the Google at UWF space; the group is outside of Google at UWF and is in Google's public service rather than in the service that UWF is contracting for.

These are Google Core Services covered by the university’s Google Suite for Education agreement. In general, they may not be used for sensitive regulated data. The exception to this is Student Educational Records (regulated by FERPA), which is permitted. Careful use of this data, in accordance with university policies and FERPA regulations, allows these Google services to be used by the students in, and instructors for, a class.

✅ Attorney/Client Privileged Information

🚫  Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

🚫 Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

🚫 Student Loan Application Information (GLBA)

🚫 Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Document imaging and Scanning

Imaging Services provides a scanning application that enables the user to efficiently capture and organize images of paper documents or born-digital documents, retrieve those documents, and instantly access them using a web or client interface. Users may choose to leverage the central scanning service or set up unit-level self-scanning implementation.

ITS Imaging Services provides a secure environment for many types of the university’s sensitive institutional data. Note: Social Security numbers should only be used where required by law or where they are essential for university business processes.

✅ Attorney/Client Privileged Information

✅  Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

✅ Student Loan Application Information (GLBA)

✅  Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Personal Accounts (Dropbox, OneDrive, iCloud, etc.)

Any personal account for an online service. This includes any IT service you have set up an account for that is not maintained by any UWF IT support group. Examples include many cloud-based storage services, including Dropbox, Evernote, iCloud, OneDrive (included in Microsoft Office 365 only allowed to Innovation Institute and FLVC), SugarSync, and so on. This also includes personal Google and other accounts—accounts outside the UWF domains that are not provided by the university.

Personally maintained services are those provided outside of the university that you sign up for or subscribe to on your own. They should never be used to maintain or share the university's sensitive data.

External service providers, including cloud services, should not be used for university information that is private, personal, or sensitive, unless there is a contractual agreement between UWF and the service provider that protects the confidentiality of the information and data. Staff that use cloud computing services for university work are responsible for ensuring that sensitive information is not placed or stored in the cloud.

Important Password Tip: When you create an account for a non-university service, do not use your ArgoNet password. Your ArgoNet password should be used only with services provided through the University of West Florida.

🚫 Attorney/Client Privileged Information

🚫 Export Controlled Research (ITAR, EAR)

🚫 IT Security Information

🚫 Other Sensitive Institutional Data

🚫 Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

🚫 Sensitive Identifiable Human Subject Research

🚫 Student Education Records (FERPA)

🚫 Student Loan Application Information (GLBA)

🚫 Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Personally owned devices (phone, tablet, laptop, etc.)

Safe Computing Reference

Any mobile phone, tablet, laptop, or other computing device that is personally owned, including devices subsidized by the university.

UWF recognizes that those who do work on its behalf may need to access or maintain sensitive university data on their own devices. <Need University Policy/Guidelines Here> guides this use. Departments and units have discretion to prohibit this use or impose additional requirements beyond those outlined in the policy.  

• If your department or unit has informed you that you may work with university data using your own devices, it is your responsibility and obligation to properly manage and secure your personal device(s) to reduce the risk of unauthorized access to, or disclosure, of university data.

• Institutional PCI data is not allowed on personally owned devices because it must only be processed on UWF PCI compliant networks and systems.

• Export control data is not allowed on personally owned devices due to the risks associated with it being transported abroad, or accessed by unauthorized persons.

✅ Attorney/Client Privileged Information

🚫 Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

✅ Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

✅ Student Loan Application Information (GLBA)

⚠️ Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

Qualtrics

Qualtrics Research Suite is a generalized survey service permitting the creation and distribution of surveys, as well as data storage and analysis. Use of the service is free to all University of West Florida units.

Qualtrics is a secure UWF contracted-for cloud service that can be used to maintain or share the university's sensitive unregulated data, as well as some kinds of sensitive regulated data.

Social Security numbers should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data, such as Banner. The ITS Help Desk can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you.

Qualtrics should not be used to maintain or share Export Controlled Research. This is because Qualtrics cannot ensure that only U.S. persons have access to or maintain its systems.

✅ Attorney/Client Privileged Information

🚫 Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

✅ Student Loan Application Information (GLBA)

⚠️ Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

UWF Hosted Server

Hosted Servers use a virtual server environment managed by ITS. Generally and with agreement with ITS via an MOU you are the system administrator and install all software. On certain occasions your agreement with ITS allows for a Managed Server, which allows you to focus on managing applications instead of the operating system. Both options free you from managing physical servers and offer flexibility to select the right options for your campus computing needs.

Hosted servers are an ITS service maintained on the UWF Main Campus.

Social Security numbers should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data, such as Banner. The ITS Help Desk can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you.

✅ Attorney/Client Privileged Information

✅ Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

✅ Student Loan Application Information (GLBA)

⚠️ Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

UWF Hosted Database (DBCENTRAL)

DBCENTRAL is a virtual server cluster combined with a managed database. It is provided by ITS. ITS will monitor, patch, and back up your database, so you can focus on managing your data and applications. You can greatly reduce effort and costs because you do not need to buy and manage your own hardware or software. You also have the flexibility to select the right options for your campus computing needs.

DBCENTRAL is a UWF service maintained on the UWF Main Campus.

Social Security numbers should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data, such as Banner. The ITS Help Desk can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you.

✅ Attorney/Client Privileged Information

✅ Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

✅ Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

✅ Student Loan Application Information (GLBA)

⚠️ Social Security Numbers

🚫 Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data

WEPA Printing

WEPA Printing is UWF’s student “printing as a service” cloud printing provider. WEPA provides convenience to students by allowing 6 different methods by which to print to any of the physical printer stations around campus. For example a student could print from their residence hall and the print-out would be queued in the “cloud” and the student could pick up the physical prints by logging into a WEPA station with their Nautilus card and the print-out would be sent to that printer at that moment in time.

All files are encrypted during transit in the wēpa system and at rest in our data centers, with the exception of emailed attachments sent to us through insecure email. We have the ability to prohibit specific users from using email printing if there is a concern, but honestly, you can email from any email account and get a wēpa code (release code) anyway whether you are a registered user or not, so training is important regarding emailed documents for HIPAA (don’t do it).

Print files are downloaded to the print station on demand, and the print file does live there on the hard drive for some time after printing (same applies to files printed from USB or from cloud storage sources). User print files are cleaned off of the print station hard drive within 24 hours / each day. This hard drive is within the computer that can only be accessed by the “master” key that opens the back of the print station. The printers themselves do not have storage.

We are PCI compliant, and many of those rules serve to protect all of the data in our system, including user print files.

✅ Attorney/Client Privileged Information

🚫  Export Controlled Research (ITAR, EAR)

✅ IT Security Information

✅ Other Sensitive Institutional Data

✅ Personally Identifiable Information (PII)

🚫 Protected Health Information (HIPAA)

🚫 Sensitive Identifiable Human Subject Research

✅ Student Education Records (FERPA)

🚫 Student Loan Application Information (GLBA)

🚫 Social Security Numbers

✅ Credit Card or Payment Card Industry (PCI) Information

🚫 Federal Information Security Management Act (FISMA) Data