Compliant Data Storage


The Office of Information Security Compliance team helps students, faculty, and staff understand their roles and responsibilities under Penn State and legal requirements. They can also help units and individuals understand how to implement Penn State policies, guidelines, and standards, and determine the risk associated with information described in Policy AD95 Information Assurance and IT Security.

AD95 establishes an institution-wide security program designed to ensure the confidentiality, integrity, and availability of Penn State's information assets from unauthorized access, loss, alteration, or damage while supporting the open, information-sharing needs of academic culture. Penn State utilizes a 4 level sensitive information classification system that dictates how data of each nature may be processed and stored.

If any Penn State department or unit reasonably suspects/believes a security incident has occurred, they must immediately notify their local IT staff and the Office of Information Security.  

Getting Started: 

If you are unsure as to which security level applies to your data, Penn State's Office of Information Security offers an Information Classification tool. Additionally, the OIS Compliance team exists to assit researchers in implementing compliant data storage and transfer. Please contact the OIS team directly via e-mail.

To read more about data storage security, please see the full entry on Policy AD95 Information Assurance and IT Security.

More Information: 

University Standard practices for implementing compliant data storage can be located below (click on the link):

All University faculty, staff, students, and units when acting on behalf of the University, and others granted use of University information are expected to:

  • Follow the University’s AD96 Penn State Acceptable Use of University Information Resources
  • Understand this Information Assurance and IT Security Policy
  • Be aware of the type of information they store, transmit, process, or otherwise handle and ensure that appropriate action is taken to protect the information in accordance with Penn State Policies and Guidelines


This service is part of the Research Data category.



  • This is an active service


  • Compliant Data Storage guidelines apply to all faculty, staff, students, workforce members, visitors to the University, and all units and other persons who are acting on, for, or on behalf of the University
  • Additionally, these guidelines apply to third-party vendors who collect, process, share, transmit, or maintain Penn State institutional data (regardlesss of hosting location), and all devices that access or maintain this data
  • This policy excludes Penn State Health and The Pennsylvania College of Technology, which will follow separate policies

Information Security: