Contact
Personal data breaches must be reported immediately in the IA system.
Using cloud services
Last changed: 03 June 2026
Cloud services is a term used to describe IT services and resources such as data storage, computing power, databases, networks and software that are delivered over the internet from a provider’s servers and data centres, rather than from local systems or in-house servers. This could include, for example, storage, a survey tool or software that is used on demand and accessed using a web browser.
Cloud services may be used at SLU, but the choice of service must be based on the type of information that will be handled. Procuring cloud services must be done in accordance with SLU’s IT procurement policy.
The following rules apply to cloud services at SLU:
Before use (mandatory)
Classify the material and ensure that the relevant information and IT security are met.
General rule (restrictions)
Confidential information and sensitive personal data must not be processed or stored in cloud services.
Exceptions for confidential information
If confidential information nevertheless needs to be handled, a documented appropriateness assessment is required. Please use the template under 'Links' below.
A confidentiality agreement with the supplier is also required, unless confidentiality is already covered in the main contract.
The assessment must also take into account any transfers to third countries (transfers to countries outside the EU/EEA).
Send the template to dataskydd@slu.se for a recommendation.
The information owner (usually the head of department or equivalent line manager) is responsible for carrying out the assessment and deciding whether the cloud service may be used. The final assessment must be registered in Public 360.