This page outlines the risk classification of commonly used services here at Yale. This indicates the risk level (high, moderate, low) of work allowed on the service. Users must ensure the work they are doing on these services matches or is lower than the risk level listed.
Note: this page replaces what was previously called the Approved Services page.
What is Risk Classification?
Here at Yale, we classify our data and systems based on risk. All users of Yale data and systems must know the classification of the work they do. This means they know the risk of the work they do and use systems that protect that risk level. For more details visit our Risk Classification Guideline.
Risk Classification of Commonly Used Services at Yale
If you are using the service for the risk level listed, a Security Planning Assessment (SPA) is not needed.
If the service you want to use is not listed here, it does not mean you can't use that service. You can use the service once a Security Planning Assessment (SPA) is completed. The SPA process will confirm that you have a plan to operate a secure service for its life at the University. The SPA is based on Yale's Minimum Security Standards (MSS). For more information on the process, or to request a SPA, visit the SPA webpage.
Request a SPA Visit the SPA webpage
| Services | Low Risk | Moderate Risk | High Risk |
|---|---|---|---|
| Audio and Video Conferencing: Zoom, Skype for Business, Microsoft Teams | Yes | Yes | Yes |
| Audio and Video Conferencing: WebEx, Cisco Meeting Place | Yes | ||
| Data Backup: CrashPlan, Storage@Yale | Yes | Yes | Yes |
| Calendar: Office 365 | Yes | Yes | Yes |
| Calendar: EliApps | |||
| Clinical Trials Management: Oncore | Yes | Yes | Yes |
| Content Management: Drupal, CampusPress (WordPress) | Yes | ||
| Document Management: Box at Yale, EliApps, Google Team Drive, Globus | Yes | Yes | |
| Document Management: Secure Box, Sharepoint, Storage @ Yale, Office 365 OneDrive, Microsoft Teams, FileNet | Yes | Yes | Yes |
| Email: Office 365 (for internal and YNHH systems), Office 365 (for external, use encrypted email) | Yes | Yes | Yes |
| Email: EliApps, Google Mail | Yes | Yes | |
| Encryption: Bitlocker, FileVault | Yes | Yes | Yes |
| File Storage: Storage @ Yale, Secure Box, O365 One Drive, Microsoft Teams | Yes | Yes | Yes |
| File Storage: Box at Yale, EliApps, Google Team Drive, Globus | Yes | Yes | |
| File Transfer: Secure USB | Yes | Yes | Yes |
| Instant Messaging: O365 Skype for Business, Microsoft Teams | Yes | Yes | Yes |
| IT Service Management: Service-Now | Yes | Yes | |
| Personal Health Record System: | Ye | Yes | Yes |
| Survey Tool: Qualtrics | Yes | Yes | Yes |
| Survey Tool: Survey Monkey, Doodle, Sawtooth | Yes | ||
| Voice Messaging: Cisco Unified Messaging: Cisco Unified Messaging | Yes | ||
| Virtual Private Network (VPN): ITS VPN | Yes | Yes | Yes |
All Yale IT Systems must have a risk classification. All Yale IT Systems must meet the Minimum Security Standards for their classification. See the Risk Classification Guideline or Yale's Minimum Security Standards for more details.