This information is subject to change without notice as Microsoft update and provide additional information to the University.
Microsoft OneDrive for Business and Microsoft Teams are an enterprise cloud-based document storage platform available to all staff and students. These tools are provided to the University as part of its arrangements with Microsoft that include email services under the Office 365 set of services.
Both OneDrive for Business and Microsoft Teams have been certified by the University’s Information Security team to store any University documents classified as public, internal only and restricted. OneDrive for Business enables users to securely store, protect and manage unstructured sensitive information of varying sizes.
This service is hosted by Microsoft in its own dedicated data centres that are designed to withstand cyber security and disaster events. To achieve this, Microsoft implements a number of strong controls to protect University information including:
- Location – All information is stored within Australia on Microsoft’s hosted systems. This is supported by a second Microsoft data centre site within Australia;
- Backup & replication – All information stored on OneDrive is replicated across the two data centres;
- Encryption – All information saved to OneDrive is encrypted with the University’s individual encryption key. This means that our information cannot be accessed or viewed by Microsoft's other customers or administrators;
- Access control – OneDrive access is governed by the owner of files and access can be revoked via self-service. Staff have the choice to require that an external collaborator has are protected by a FAN login or just provide a link to OneDrive files;
- Monitoring – OneDrive services are monitored by Microsoft at the platform level, with the University’s internal Information Security team monitoring specific user actions. All file changes, additions and deletions are logged against user information across the service;
- User protection – The University utilises the Flinders Authentication Name (FAN) to allow staff and students to access digital information services, including OneDrive. These accounts are centrally monitored and any unusual behaviour is flagged and acted upon by the security operations team. All users are required to set a nine-character password following good security guidelines;
- Administrative access – University staff who administer the OneDrive services limited are required to utilise a second level of authentication and are closely monitored to ensure upmost protection of the University’s information stored within OneDrive;
- Change management – The University operates a change management process that ensures changes to the services are logged, reviewed and approved. This ensures all changes adhere to existing policies, and helps to manage risks to service interruption and security.
Microsoft maintain a number of globally recognised security certifications. Most importantly, the vendor has been certified by the Australian Department of Defence (ASD), which has certified the service to an ‘Unclassified’ government level. This means that the service can be used by Government agencies and other organisations. The certification is very rigorous and includes the assessment of over 800 individual protective controls. More information about this important certification can be found here: