RDM Wise Practices Guidelines

Consider how much storage space will be required, any associated costs, and how long the data will be stored. Also, consider data type, file versioning, backups and data growth while estimating required storage space. Keep in mind:

• On SharePoint, the maximum storage per site is 25 TB, and the maximum file size is 250 GB.The maximum number of files that can be stored in a site collection is 30 million files. The maximum size of a file attached to a list item is 250 MB (applies to Microsoft Lists and SharePoint lists).
• Large-scale analyses may require high-speed processors and a substantial amount of disk space.
• Researchers conducting any workloads for High Performance Computing use cases, or managing large multi-media data sets, may need a substantial amount of disk space or have specific disk performance needs.

Contact IT Services for more information and to discuss your options.

In general, researchers conducting Sheridan-supported research projects should store their digital data on Sheridan servers through SharePoint. SharePoint is a commercial cloud service that is managed and appropriately secured by IT Services, offering safe and convenient sharing capabilities. Storage platforms offered through IT Services (e.g., SharePoint) are required for externally-funded projects, curriculum-based or other unfunded Sheridan projects, as well as any project using medium- to high-risk data.

• To create a new SharePoint site, submit a request to IT Services, including any details about the storage requirements.
• Set two SharePoint owners for any given site. Owners are responsible for managing and maintaining the site. Their role is crucial for ensuring that the site functions effectively and meets the needs of its members. Key responsibilities involve site administration, permission and content management, user support and collaboration facilitation.
• For fine grain control, you may remove the inherited permissions.

Other IT-supported cloud services (e.g., OneDrive) may be used only for personal file storage for low-risk data where no collaboration is required. Avoid using IT cloud services other than SharePoint for medium- to high-risk data.

Third-party cloud storage services (e.g. Google Drive, DropBox) may be considered only if necessary, and only for low-risk data. Never use third-party cloud services for medium- to high-risk data as these are limited in terms of Sheridan oversight, support in the event of issues, and leverage over service levels. If Sheridan systems are not able to meet the needs of the research initiative, consult with IT Services to assess and recommend solutions. At minimum:

• Terms of use should be examined closely for alignment with regulatory requirements.
• Data storage location should be in Canada, ideally in Ontario.
• Individual contractors should sign confidentiality agreements.
• Researchers should be careful about who they share files with and should enable security features like multi-factor authentication (MFA) and encryption.

For staff and faculty pursuing their own individual research for personal gain (e.g., graduate studies), Sheridan resources should not be used, including Sheridan servers (e.g., SharePoint or OneDrive). Refer to the institution where you are pursuing your studies for directions on data storage.

Contact IT Services for recommendations and resources.

In general, storage devices should only be used as a backup of your research data set, not as the only copy of your dataset.

• The duration of the storage should be limited for only as long as it is required.
• In the case of medium- and high-risk data, all data should be transferred to a Sheridan cloud service as soon as possible and must be deleted from the device upon completion of the tasks.

High-risk data should not be stored on any type of removable or mobile devices, including laptop hard drives, USBs, external hard drives, smart phones, tablets and external servers. In particular, smart devices that provide AI capabilities pose an increased risk of data being shared with a third party, thereby impacting data security.

IT-issued devices (e.g., laptops) may be used for personal file storage for low-risk data where no collaboration is required. Avoid using IT-issued devices for medium- to high-risk data, where possible.

Removable devices, such as small USB flash drives and external hard drives can be easily lost. Avoid using such devices for medium- and high-risk data, where possible. Where using a removable or mobile device is necessary:

• Avoid the use of low- quality storage devices. For medium- to high-risk data, only Sheridan-issued devices should be used.
• Ensure devices are encrypted.

Personal devices (e.g., laptops, smart phones, etc) may be used only for personal file storage for low-risk data where no collaboration is required. Never use personal storage for medium- and high-risk data or any externally-funded projects. Avoid using personal storage locations for curriculum-based or other unfunded Sheridan projects. In cases where it is unavoidable:

• Keep tabs on your hard drive’s health with an analysis and benchmarking utility, or other tool.
• Ensure the device is encrypted.

For staff and faculty pursuing their own individual research for personal gain (e.g., graduate studies), Sheridan resources should not be used, including Sheridan devices. Refer to the institution where you are pursuing your studies for directions on data storage.

Contact IT Services to identify available secure data storage solutions and resources.

When data is collected in physical formats, such as survey questionnaires, interview transcripts, etc., careful handling and storage of the physical materials is important. Transfer data to a secure storage location on campus as soon as practically feasible.

For medium- to high-risk data, any physical material or hardcopies containing sensitive data must be either stored in a secure, access-controlled location on-site at Sheridan College, or sent to archival, as soon as is practically feasible.

Data should be backed up on a regular, scheduled basis to protect from accidental data loss. Follow the LOCKSS principle (Lots of Copies Keep Stuff Safe). The best time to develop a backup strategy is at the beginning of your project.

A backup schedule should be set for regular intervals and when modifications are made to critical files. You will also need to test these backups at a regular time and make sure that the full data can be restored. Sheridan backs up data housed on its infrastructure automatically.

• SharePoint data is backed up by default every 12 hours and retained for 14 days.
• SharePoint Online retains backups of all content for 14 additional days beyond actual deletion (after the data is deleted from second stage Recycle Bin).
• If content cannot be restored via the Recycle Bin or Files Restore, an administrator can contact Microsoft Support to request a restore any time inside the 14-day window.

As part of your backup plan, identify:

• Who will be responsible
• Which files will need to be backed up
• Frequency
• Automation ability (automatic being most ideal)
• Perceived value of the data
• Level of risk associated with the data
• Frequency you will test these back-ups to make sure data can be fully restored

Follow the 3-2-1 backup rule for data storage:

• 3: Keep one original copy and create two backup copies
• 2: Save the backup copies in two types of storage
• 1: Store at least one backup copy in a different location

When using local storage on laptops, hard drives, thumb drives, etc. there is no Sheridan provided backup.