With cloud services offered by third-​party providers (external IT services) there is no way of knowing for sure in which country the ETH data will be located, which laws will apply (e.g. with regard to data protection) and how well the provider will protect the data.

External cloud services

For this reason, data classified as “internal” or as “confidential” must never automatically be uploaded into external cloud services – and data classified as “strictly confidential” must never be stored or processed in the cloud at all (cf. Article 22 or Article 22^bis of the directive Information Security at ETH Zurich). 

You as the “information owner” are responsible for your data and decide whether you want to outsource it to external cloud services, taking into account the applicable requirements of ETH. The decision to outsource ETH Zurich data is not the responsibility of ETH IT Services. 

Please check the list of released external cloud services to estimate which data should be stored on a particular cloud service.

In-house cloud services

The following in-​house cloud services are available:

• polybox: Storage space available to all ETH members. polybox also enables collaborative work on documents. Confidential data may be stored in polybox.
• If a particularly high level of protection for research data is required, the Scientific IT Services offer suitable platforms, such as Leonhard Med.

Further information

• Usage of external cloud services
• IT Guidelines and IT Baseline Protection Rules of ETH Zurich
• Directive on “Information Security at ETH Zurich”