Cloud services can help the Institute to deliver instruction, collaborate, and share information and ideas. While it can be very simple to create an account with a cloud service provider and start using their service, there are some things we need to consider to ensure we are meeting our obligations to our students and each other. Before entering into an agreement with a cloud service provider, you should consider the following items:

1. Consider the type of data to be shared with the cloud service provider
   1. Is this data protected by federal law (e.g FERPA, HIPAA)
   2. Does the Institute consider this information to be sensitive
2. Contact LIU procurement and LIU Legal to assist with purchasing the service:
3. Read research agreements to verify they allow the use of cloud services
4. Verify the cloud service agreement provides the following guarantees:
   1. LIU maintains sole ownership of our data
   2. The cloud service provider must notify LIU in the event of a data breach
   3. LIU has the right to reclaim our data
   4. LIU has the right to review independent audit reports or to audit the cloud service provider
5. Verify the cloud service implements the following security measures if you are considering using the service in conjunction with sensitive LIU data:
   1. Storage encryption
   2. Transmission encryption
   3. Password protection
   4. Data backup
   5. Secure data/drive disposal