Using Microsoft OneDrive and Teams for Research

Information classification (also known as data classification) is a crucial step in building a research projects’ security posture. It identifies the safeguarding requirements that should be in place for the project to be compliant with the university policies.  

To identify information classification: 

1. Consult UBC Information Security Standard U1(ISS-U1) and our Research Information Classification page;
2. Review the nature of the information; 
3. Identify the elements collected, processed or stored that meet the highest risks in ISS-U1; 
4. Assign an Information classification to all research information based on the results of step 3. 

My research information is very valuable to my research project, but is not classified as High or Very-High risk; can I still apply the highest safeguarding requirements? 

Yes, while the information classification above is modeled on severity and impact, other risks such as loss of data could result in a researcher applying a High Risk classification to their research information. Based on your information classification, you must apply the security requirements of UBC Information Security Standard U7 (ISS-U7); but it is also recommended to apply higher security controls to any valuable information, regardless of their classification.

What if my information classification changes?

If your information classification has changed, you should adjust safeguarding measures to meet the requirements of the new information classification. Note that, per Information Security Standard U1 (ISS-U1), classification can go up (e.g.: from Medium to High risk), but not down (e.g.: from Medium to Low risk).

Should I encrypt my information?

File level encryption is recommended for files containing personal information, personal identifiable information, as well as any confidential files who requires restricted access.
Note: You may be required to encrypt information if it is subject to a specific regulation, agreement, or 3rd party requirement.

How long should information be stored using these tools?

UBC OneDrive and Teams storage are available as part of an agreement between UBC and Microsoft, and will be available for the duration of this agreement (or its extension, where applicable). However, note that access to OneDrive and Teams are contingent on your affiliation with UBC; if you leave the institution, you will lose access to your files. Depending on the nature of your research information, UBC has dedicated repositories for the long-term storage of research information.

For guidance on long-term storage options (archiving or data preservation) and to meet the requirements for retaining research data for a minimum of 5 years after publication, contact:

UBC Vancouver: research.data@ubc.ca
UBC Okanagan: csc.ok@ubc.ca

Can I use Teams and OneDrive to archive information?

Teams and OneDrive are intended to be used for active storage and are not recommended for information archival. Furthermore, information stored in Teams will be automatically purged after one (1) year of inactivity on the platform. Visit our UBC Research Storage Finder page for alternate storage options or contact arc.support@ubc.ca to schedule a consultation with one of our subject matter experts.

Can I recover deleted information in Teams and OneDrive?

Deleted files will be kept in the recycle bin for a maximum of 90 days, after which they will be permanently deleted from the cloud, and will not be recoverable.
Additionally, OneDrive and Teams allow the recovery of a certain number of versions for a specific file. Visit the Microsoft Support knowledge base to learn more about this feature. 

Will my information be backed-up?

Microsoft Teams and OneDrive do not undergo regular backups. If you store valuable or regulated research information, it is recommended that you keep a recurring backup copy of the information outside OneDrive/Teams.
Note: There is no reason for concern about accidental data loss due to the redundancy built into the architecture.

Are there other storage options available at UBC?

If UBC Microsoft Teams or OneDrive are not suitable for your research project, some alternative storage solutions are offered by UBC and other service providers. For more information about these alternatives, visit our UBC Research Storage Finder page or contact arc.support@ubc.ca to schedule a consultation with one of our subject matter experts.

Can non-UBC users access OneDrive or Teams without a Microsoft Office license?

Yes. When a file or folder is shared, users can use the OneDrive or Teams web-application available through most browsers.

What is the best way to share information using UBC OneDrive?

We recommend using the OneDrive web-application to share information, as the interface has comprehensive settings and is design to prevent incidental sharing.

What is the best way to share information using UBC Teams?

We recommend using the “Files” tab of the Teams desktop or mobile Application has comprehensive settings and is design to prevent incidental sharing.

Can I limit access to shared files on UBC OneDrive and Teams?

Yes. As the file (or folder) owner, you may decide whether users will have read/write, or read-only access when sharing.

Can I share sensitive information through UBC OneDrive and Teams?

Yes. UBC has approved UBC OneDrive and Teams to store and share information of all classifications. However, it is recommended to password protect (or encrypt at file level) files containing information of sensitive nature that will be shared outside the organization.