Managing Data, Files and Folders in OneDrive
Information Security Best Practice


Information Security Best Practices (ISBP) are developed in support of District Information Security Standards including the California Community College Information Security Standard.

Periodically Review Permissions

To minimize the risk of accidental or inappropriate exposure of confidential information or protected data, users shall perform periodic reviews of existing shares and remove those accounts (former employees, prior vendors, etc.) that no longer require access.

See Change Existing Permissions or Stop Sharing with Users for instructions.

Sharing Files and Folders

OneDrive is a great resource that provides the institution with increased opportunities; however, we, as users, must constantly question how we store, share, and transmit information in order to protect ourselves against those that would perpetrate fraud. Luckily, there are few simple things we can do in OneDrive to help with that effort.

  • Select permissions based upon the need to know.
  • Do not use the default option Anyone with this link.
  • Do share files and folders using the option Specific People
  • Periodically review file and folder permissions and adjust accordingly.
  • Do not use District resources to conduct confidential personal business.

If you use OneDrive to share folders and files, please review the following IITS Information Security Procedure for sharing files and folders in OneDrive.

Non-Business Related Information

District information and technology resources should not be used for personal activities unrelated to appropriate District functions (including commercial use), except in a incidental manner (Administrative Regulation 6006).

Users should be aware that all communications conducted on or from district systems whether electronic or otherwise are subject to review and disclosure outlined by the California Public Records Act, current case law, as well as other Federal and/or State laws and regulations. Therefore, users should exercise extreme caution in using electronic communications to communicate or store information of a confidential or sensitive nature (Administrative Regulation 6006).

Furthermore, using District systems to transmit personal taxes, refinance forms, medical verification forms, or anything else containing your confidential information puts you at risk should your account, or the account of the business you deal with, become compromised.