What types of data can be used in different services?

INN University offers a variety of systems and services, but not all are approved for all types of data. Here, you will find an overview of the types of data that can be used in different systems and services.

When we make risk assessments of the systems, we also decide what types of data our different services and systems are approved for, and what must be in place for the approval to be valid. 

According to the management system, all information at INN University is classified as: 

  • open (green) 
  • internal (yellow) 
  • confidential (red) 
  • strictly confidential (black) 

The table below provides an overview of which data can be processed and where. 

In order to ensure correct data processing, it is important that all guidance and routines for systems and services are followed. These may include measures that are required for a given type of information to be processed in a system or service. 

The information in the table below does not apply if a system or service is used in a different way than described. If so, contact the system owner directly for clarification on whether the use is permitted. 

Footnotes point to the list below the table that provides key prerequisites for the approval to apply. 

See more detailed explanation of the different categories in the Information Security Management System (LSIS)

Overview of approved content in systems and services

System / Service  Open 
(Green)
Limited 
(Yellow) 
Confidential 
(Red)
Strictly confidential 
(Black)

Services for Sensitive Data (TSD) 

OK

OK

OK

OK

Nettskjema 

OK

OK

OK1

OK1

E-mail (Office 365) 

OK

OK

Not approved 

Not approved 
OneDrive for Business (Office 365) 

OK

OK

OK2

Not approved 
Sharepoint (Office 365) 

OK

OK

OK2

Not approved 
Skype for Business (via UH-skype) 

OK

OK

OK3

Not approved 
Teams (Office 365) 

OK

OK

OK2

Not approved 
Sway5 (Office 365) 

OK

Not approved  Not approved  Not approved 
Stream (Office 365) 

OK

OK

Not approved  Not approved 
Forms (Office 365)

OK

OK

Not approved  Not approved 
Inspera 

OK

OK

OK4

Not approved 
Zoom 

OK

OK

Not approved  Not approved 
Mediasite 

OK

OK

Not approved  Not approved 
Public360 

OK

OK

OK

OK

Common Student System (FS) 

OK

OK

Not approved  Not approved 
Canvas 

OK

OK

Not approved  Not approved 
Home Area (H:\) 

OK

OK

Not approved  Not approved 
Common areas 

OK

OK

Not approved  Not approved 

Footnotes: 

  1. Nettskjema has support for collecting information and transferring it directly to Services for Sensitive Data, which is approved for storing black data. Red data collected in Nettskjema must be deleted within a reasonable amount of time, or moved to e.g. Sharepoint (Office365), OneDrive for Business (Office365), or Public 360. Nettskjema’s dictaphone and image app stores data in an encrypted form, and is considered usable on private devices as well.. 
  2. This is subject to the following security measures being followed: classification of information, two-factor authentication activated. Information that is subject to restrictions regarding export form Norway (e.g. pursuant to the Security Act) cannot be processed here either. 
    NB: The Teams instant messaging (chat) feature is not encrypted. 
  3. Skype calls are encrypted. Regarding Skype meetings that involve confidential content, it is recommended that the ‘lobby function’ is activated so that the host must actively let in those who attempt to connect to the meeting. Note: copies of instant messaging (chat) are stored in the e-mail client, so that the security level for e-mails applies to them. 
  4. Sensitive personal data (e.g. medical certificates) must not be processed in Inspera. However, confidential information such as examination papers before the examination has been held can be processed in this service. 
  5. Sway is approved for open data only. Please note that Sway stores all user data in the United States.