VII:01:04 Cloud Use Policy

I. Purpose

This policy provides guidance on the usage of Volunteer State Community College’s cloud-based data storage, sharing, and synchronization. This policy has been created to provide the greatest level of protection against data loss and to minimize the risk of exposure so that academic and business objectives can be met while remaining in compliance with all other information technology policies, plans, and procedures.

II. Definitions

For the purposes of this policy, the following definitions shall apply:

  1. Adobe Creative Cloud – A cloud storage, file sharing, and Adobe applications service from Adobe that allows subscribed users to store, protect, and share files across multiple devices and to access and use authorized applications from within the Adobe cloud environment.
  2. Cloud Backup – A data protection solution using cloud storage that ensures Vol State’s server and virtual machine data are secure, encrypted, and accessible. This is used for backup, disaster recovery, and long-term retention.
  3. Information Technology Resources – all Volunteer State Community College information technology hardware assets, software assets, computing systems, networks, network components, facilities, services, data, and information, regardless of location, provider, management, medium, or how the resource is provided/delivered, that exists for the purpose of conducting business or academic activities. This includes, but is not limited to, computers, servers, mobile devices, email systems, internet access, cloud-based applications, databases, and any associated peripherals or support services.
  4. Microsoft OneDrive for Business – A cloud storage and file sharing service from Microsoft that allows users to store, protect, and share files across multiple devices. It also integrates with the Office 365 environment.

III. Policy

  1. Authorized Users of Vol State IT resources and cloud storage solutions shall:
    1. Use only the College-approved cloud-storage solutions for storing Vol State’s data.
    2. Comply with all Tennessee Board of Regents (TBR) and Vol State IT policies and procedures, as well as applicable federal and state laws, executive orders, directives, regulations, standards, and guidelines, as they pertain to cloud-based storage solutions.
    3. Understand that any cloud service that is self-provisioned (not College-approved) provides zero protection against personal liability from the College in the event of a data leak or breach.
  2. The Vol State IT Team shall:
    1. Manage the daily operations involving Microsoft OneDrive for Business.
    2. Provide access to and storage space within the Microsoft OneDrive for Business platform in accordance with Vol State IT procedures for authorized users of Vol State’s IT resources.
    3. Provide access to and storage space within the Adobe Creative Cloud environment for authorized, subscribed users in accordance with Vol State IT procedures.
    4. Restrict or terminate access to Microsoft OneDrive for Business and/or Adobe Creative Cloud when appropriate as a response to actual or suspected breach or data loss.
    5. Manage daily operations involving the College’s cloud backup solution.
  3. The following are the ONLY College-approved Cloud-based storage solutions:
    1. Microsoft OneDrive for Business
      1. This is the primary cloud-based storage solution approved for use at Vol State for the storage of College data.
      2. It is accepted by the TBR and Vol State for the storage of:
        1. Information requiring protection under the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA), and
        2. Any other information that is regulated, restricted, confidential, sensitive, or personally identifiable and requires protection from unauthorized access and data loss.
      3. It is a properly vetted cloud-based storage solution supported by the Vol State IT Department.
    2. Adobe Creative Cloud
      1. It is the secondary cloud-based storage solution approved for use at Vol State for the storage of Vol State’s data.
      2. It is accepted by the TBR and Vol State for the storage of:
        1. Information requiring protection under the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), and any other information that is regulated, restricted, confidential, sensitive, or personally identifiable and requires protection from unauthorized access and data loss.
      3. It is a properly vetted cloud-based storage solution supported by the Vol State IT Department.
    3. Cloud Backup
      1. The College’s cloud backup solution is for internal use by the IT Department only.
      2. It is used for routine backups of IT servers. As such, users have no authorized access to the College’s cloud backup environment.
  4. The Chief Information Officer (CIO) or their designee has the final authority to interpret the terms of this policy and the referenced information technology maintenance plan/procedures/processes.
  5. The CIO or their designee may grant exceptions to this policy, in writing, based on an evaluation of the risks versus the benefits.

 

TBR Source: None.

VSCC Source: September 12, 2016, President’s Cabinet; June 11, 2025, President’s Cabinet