IT Policies

Cloud Management Policy – Google Drive

This policy outlines the rules and guidelines for using company computer systems, networks, and equipment.

Policy ID: IT-POL-007
Effective Date: September 15, 2023
Last Updated: September 5, 2023
Approved by: IT Security Committee

1. Purpose

This Cloud Management Policy provides guidance on the secure and efficient use of cloud-based storage, with a focus on Google Drive, for academic, administrative, and research activities across the university.

2. Scope

The policy applies to all students, faculty, staff, and authorized external collaborators who use the university’s Google Workspace accounts for storing, sharing, or managing data on Google Drive.

3. Account Provisioning

  • University-managed Google accounts must be used for all academic and administrative cloud storage purposes.
  • Personal Gmail accounts must not be used for storing confidential or internal university data.
  • Access is granted upon registration/employment and revoked upon departure from the university.

4. Data Storage and Organization

  • Organize files in clearly named folders reflecting departments, courses, or projects.
  • Use shared drives for collaborative projects rather than individual accounts to ensure continuity.
  • Regularly archive outdated or completed project files to maintain efficiency and compliance with retention policies.

5. Access Control and Sharing

  • Use the principle of least privilege: grant only the minimum level of access necessary for each user.
  • Avoid setting files or folders to "Anyone with the link" unless explicitly approved by the IT Directorate.
  • External sharing requires prior review to ensure no confidential or sensitive data is exposed.

6. Security Practices

  • Enable two-step verification (2SV) for all university Google accounts.
  • Regularly review shared files and revoke unnecessary access permissions.
  • Do not store passwords, private keys, or unencrypted confidential data in Google Drive.

7. Compliance and Legal Considerations

  • All data stored in Google Drive must comply with university policies, data protection regulations, and copyright laws.
  • Research data subject to contractual or legal restrictions must be handled according to sponsor or legal requirements.
  • IT Directorate reserves the right to audit university-managed Google Drive content to ensure policy adherence.

8. Backup and Recovery

  • Google Drive provides version history and file recovery tools; users are responsible for ensuring important data remains recoverable.
  • Critical data should be backed up to secondary secure locations as approved by IT.
  • In the event of accidental deletion or data loss, contact the IT helpdesk promptly for recovery assistance.

9. Training and Support

The IT Directorate will provide training materials and sessions on effective and secure use of Google Drive, including sharing best practices, folder management, and data protection measures.

10. Policy Enforcement

Non-compliance with this policy may lead to restricted access, disciplinary measures, or legal action in accordance with university regulations and applicable laws.

Download PDF Print Policy Share Policy Report Issue

Related Policies

Security Policy

Guidelines for protecting company data and systems from threats.

View Policy

Data Management

Policies for handling, storing, and classifying company data.

View Policy

Network Usage

Rules for using company networks and internet access.

View Policy