Units within the university shall implement terms and conditions, consistent with any trust relationships established with other organizations owning, operating, and/or maintaining external information resources, allowing authorized individuals to: a. Access the information system from external information systems; and b. Process, store, or transmit university information using external information resources.


  • The information resource owner, or designee, is responsible for ensuring that the measures described in this Control are implemented. The intended audience for this Control includes, but is not limited to, all information resources owners and custodians.


  • 1

    The information resource owner, or designee, shall develop policies governing the use of external information systems and resources including the type and classification of data that can be stored outside of the university.

  • 2

    The information resource owner, or designee shall establish terms and conditions for contracting with external information resource providers.