Protected Data Guideline for AWS
Amazon Web Services - Sensitive Data Guidance
AWS has a core set of secure services, but it is up to each user to implement appropriate security controls and to comply with applicable University policies, notably policies relating to the protection of University data and Level 1 data policies.
Third-party content that is available through AWS are generally governed by separate contract terms and conditions, including separate fees and charges. AWS may not have tested or screened third-party content.
| Data Type | Data Use | Comments |
|---|---|---|
| Credit Card (PCI-DSS) | Not permitted. | Not acceptable for PCI-DSS data. |
| Export Control | Consult | Consult with Information Security. |
| Electronic Protected Health Information (ePHI) subject to HIPAA | Consult | HIPAA Business Associate Agreement has been signed. Consult with Information Security. |
| Human Subject Research | Consult | Consult with Information Security. |
| Intellectual Property | Consult | Consult with Information Security. |
| IT Security Information | Permitted | When appropriately configured. |
| Other Sensitive Institutional Information (e.g. Fundraising, Attorney/Client Privileges) |
Consult | Consult with Information Security. |
| Personally Identifiable Information (PII) | Consult | When appropriately configured; consult with Information Security. |
| Public Information | Permitted | |
| Research Data (Animal General, Non-Humanoid Subject Research) |
Permitted | Consult with Information Security and office of research. |
| Student Education Records (FERPA) |
Permitted | Excluding student health records. Consult with Information Security. |