Skip to main content

Risk Classification of Commonly Used Services at Yale

know your risk icon

This page outlines the risk classification of commonly used services here at Yale. This indicates the risk level (high, moderate, low) of work allowed on the service. Users must ensure the work they are doing on these services matches or is lower than the risk level listed.

Note: this page replaces what was previously called the Approved Services page.

 

What is Risk Classification?

Here at Yale, we classify our data and systems based on risk. All users of Yale data and systems must know the classification of the work they do. This means they know the risk of the work they do and use systems that protect that risk level. For more details visit our Risk Classification Guideline.

Risk Classification of Commonly Used Services at Yale

If you are using the service for the risk level listed, a Security Planning Assessment (SPA) is not needed.

If the service you want to use is not listed here, it does not mean you can't use that service. You can use the service once a Security Planning Assessment (SPA) is completed. The SPA process will confirm that you have a plan to operate a secure service for its life at the University. The SPA is based on Yale's Minimum Security Standards (MSS). For more information on the process, or to request a SPA, visit the SPA webpage.

Request a SPA      Visit the SPA webpage

 

Risk Classification of Commonly Used Services at Yale

Services Low Risk Moderate Risk High Risk
Audio and Video Conferencing: Zoom, Skype for Business, Microsoft Teams Yes Yes Yes
Audio and Video Conferencing: WebEx, Cisco Meeting Place Yes    
Data Backup: CrashPlan, Storage@Yale Yes Yes Yes
Calendar: Office 365 Yes Yes Yes
Calendar: EliApps      
Clinical Trials Management: Oncore Yes Yes Yes
Content Management: Drupal, CampusPress (WordPress) Yes    
Document Management: Box at Yale, EliApps, Google Team DriveGlobus Yes Yes  
Document Management: Secure Box, Sharepoint, Storage @ Yale, Office 365 OneDrive, Microsoft Teams, FileNet Yes Yes Yes
Email: Office 365 (for internal and YNHH systems), Office 365 (for external, use encrypted email) Yes Yes Yes
Email: EliApps, Google Mail Yes Yes  
Encryption: Bitlocker, FileVault Yes Yes Yes
File Storage: Storage @ Yale, Secure Box, O365 One Drive, Microsoft Teams Yes Yes Yes
File Storage: Box at Yale, EliApps, Google Team DriveGlobus Yes Yes  
File Transfer: Secure USB Yes Yes Yes
Instant Messaging: O365 Skype for Business, Microsoft Teams Yes Yes Yes
IT Service Management: Service-Now Yes Yes  
Personal Health Record System Ye Yes Yes
Survey Tool: Qualtrics Yes Yes Yes
Survey Tool: Survey Monkey, Doodle, Sawtooth Yes    
Voice Messaging: Cisco Unified Messaging: Cisco Unified Messaging Yes    
Virtual Private Network (VPN): ITS VPN Yes Yes Yes

 

If the Yale IT System you want to use is not listed, it is not approved for specific risk classifications.

 


All Yale IT Systems must have a risk classification. All Yale IT Systems must meet the Minimum Security Standards for their classification. See the Risk Classification Guideline or Yale's Minimum Security Standards for more details.