Aalto Cloud Info

Classification for Cloud Services

Level A, the Aalto University core system

This level includes all the systems critical for the operations of Aalto University or services owned by Aalto University due to the security classification of the material. Users of the service are always provided with support by the University IT unit or collaboration partner.  The procurement or introduction of these services is always approved by the account manager.

Level A, Aalto University core system

The university is the owner of this service. Users of the service are always provided with support by the University IT unit or collaboration partner.

Level B, service maintained by Aalto University or its collaboration partner

Services classified as secure by Aalto IT may be taken to use by the university units and groups without separate authorisation. The provider of the service may also be external to the university. As a rule, B-level services are supported by Aalto IT. See the service list on the IT Inside pages. The procurement or introduction of the services is always done through the account manager

Level B, Service maintained by Aalto University or its collaboration partner

The service may be taken to use by the university units and groups without separate authorisation. The administrator of the service may also be external to the university.

Level C, Public cloud services evaluated by Aalto

The use of these services requires discretion. Since not all material is suitable for use via a public service, any material or information intended only for Aalto University members shall not be processed using these services. Remember that C-level services may also claim ownership of the information or change their licence terms and conditions without informing the service users of the changes. These services collect and often disclose information to third parties such as advertisers, authorities and collaboration partners.

For instance, study attainments, student evaluations, research plans, development work, personal data, legal information (typically connected to matters still in the preparation phase), financial information (related to trade or business secrets), or other information which the university is obligated to retain in its records shall not be processed using external services.

The use of these services in university contexts may lead to serious difficulties due to the university not having administration rights for the service, for instance in cases of unfortunate events preventing the service user from accessing the information (e.g. serious illness or death of the service user, matters related to legislation etc.) and neither the next of kin of the affected person nor the university have access to the material stored in the system. The university is only able to solve problematic situations related to services it is responsible for providing.

In addition, most C level services do not meet the provisions on the processing of personal data contained in the Finnish regulations or those of the EU.

If you are unsure of what constitutes personal data, see the Kunnat.net website for a very good description of the processing of personal data, written from the viewpoint of teaching. Practically, all data collected of a student which may in any way be connected to the student is considered personal data.

Level C, Evaluated cloud services

The service is created and maintained by a third party. As a rule, no support is provided for the use of the service.

Any material or discussions intended for Aalto University members only shall not be processed using C level services.

Keep in mind that public cloud services often disclose information to third parties, and may also claim ownership of the information or change licence terms and conditions without informing its users of the changes.

If the service use involves
(1) processing of personal data, (2) processing of secret material,  (3) processing of bank details, (4) administration requirements, (5) requirements for 24/7 usability, (6) licences, (7) costs, (8) a large number of users, (9) several units
always contact the 
account managers.

Level D, services posing a risk

Cloud services classified as level D services are prohibited in all the systems of Aalto University or those of its units. Typical examples of such services are applications which compromise information security and services that disrupt the operations of the network or are associated with the distribution of illegal material. For examples of such services, see the start of this site.

If a service you are interested in is not on the list of allowed or prohibited services, please contact us.


Level D, Services posing a risk

The use of the service poses major risks to information security, data protection or copyrights.
Typical risks
• The information security of the university is compromised.
• The ownership of the material is assigned to the service provider.
• Material is not retained appropriately.
• Personal data of the user is disclosed to third parties.

If the service use involves
(1) processing of personal data, (2) processing of secret material,  (3) processing of bank details, (4) administration requirements, (5) requirements for 24/7 usability, (6) licences, (7) costs, (8) a large number of users, (9) several units
always contact the 
account managers.

There is no content with the specified labels

  • No labels