RDCRN Folder Classifications and Policies

Owned by Michael Wagner
Last updated: Jun 02, 2020
2 min read

In order to organize Box data space and differentiate between various access policies based on the nature of data protection we established the following 4 folder and data classifications.

 

Classification

Purpose

PHI/PII ok?

Management /Ownership Responsibility

Sample Top-Level Folder Names

Box settings

Classification

Purpose

PHI/PII ok?

Management /Ownership Responsibility

Sample Top-Level Folder Names

Box settings

 

 

Folder and documents are for RDCRN-internal purposes, e.g., to be shared network-wide or consortium-wide.

No. Permissions are controlled at the group (network, consortium, protocol, committee) level.

Folders classified as RDCRN-internal are generally managed by DMCC and or consortium management staff. All users must be in-network, no links allowed.

RDCRN AllConsortia,

BBD-Consortium, etc.

1User is “editor” or “viewer”

2,3Only RDCRN auth.

 

 

 

 

Tightly controlled folder, may not be shared with external collaborators due to potentially sensitive (PHI/PII) content.

Yes.

Folders can be owned/managed by individual RDCRN members, must provide quarterly attestation that sensitive information is being handled appropriately.

BBD-7701-upload

1User responsible for permissions and attestation is “co-owner” on the folder.

2,3Only RDCRN auth.

 

 

 

Folder and documents intended for collaborative work. Contents can be shared with external (non-RDCRN) collaborators.

No.

Folders can be owned/managed by individual RDCRN members, as long as they abide by the governing policies.

BBD-OI-collaboration

User responsible for permissions is “co-owner” on the folder.

External users require Box 2FA.

No further restrictions.

 

 

Personal sandbox folder for individual users.

Yes.

Folders are owned by individuals with full box license, but no sharing is allowed.

John Doe - Home

1User is “editor”

2,3Only RDCRN auth.

 

1 “[x] Only box folder owners and co-owners can send collaborator invites” - although this doesn’t disable links they will not grant further access if the user is not a “co-owner”.

2”[x] Restrict collaboration to within RDCRN”

3”[x] Only collaborators can access this folder via shared links”