...
Classification | Purpose | PHI/PII ok? | Management /Ownership Responsibility | Sample Top-Level Folder Names | Box settings |
|---|---|---|---|---|---|
 | Folder and documents are for RDCRN-internal purposes, e.g., to be shared network-wide or consortium-wide. | No. Permissions are controlled at the group (network, consortium, protocol, committee) level. | Folders classified as RDCRN-internal are generally managed by DMCC and or consortium management staff. All users must be in-network, no links allowed. | RDCRN AllConsortia, BBD-Consortium, etc. | 1User is “editor” or “viewer” 2Only RDCRN auth. |
 | Tightly controlled folder, may not be shared with external collaborators due to potentially sensitive (PHI/PII) content. | Yes. | Folders can be owned/managed by individual RDCRN members, must provide quarterly attestation that sensitive information is being handled appropriately. | BBD-7701-upload | 2Only RDCRN auth. |
 | Folder and documents intended for collaborative work. Contents can be shared with external (non-RDCRN) collaborators. | No. | Folders can be owned/managed by individual RDCRN members, as long as they abide by the governing policies. | BBD-OI-collaboration | |
 | Personal sandbox folder for individual users. | Yes. | Folders are owned by individuals with full box license, but no sharing is allowed. | John Doe - Home | 1User is “editor” |
1 “[x] Only box folder owners and co-owners can send collaborator invites” - although this doesn’t disable links they will not grant further access
2”[x] Restrict collaboration to within RDCRN”