Working in the University, you may process different types of information, especially digital-based documents. Some of them could be highly confidential which requires cautious handling and access restriction.

Handling University Data
For a better and safer management of University data, a "Data Classification and Data Governance Policy" was introduced, illustrating 3 components while handling digital data

1. Data Classification Standard -  to define confidentiality level of data
2. Data Governance Policy -  to define accountabilities and decision rights of people
3. Enforcement of Data Protection - to develop a system e.g. Rights Management Services (RMS) to enforce data security policies for the protection of various data class. For example, one can add access control on the files, track the activities on a shared document and etc.

The Rise of Public Cloud Service
On the other hand, with the rise of public cloud service, departments might consider procuring the public cloud to manage data and to facilitate daily work with its services.
To know the security recommendations from the University, you may refer to "Minimum Security Standards in Procuring Public Cloud Service".

Data Classification and Data Governance Policy: http://www.itsc.cuhk.edu.hk/en-gb/it-policies/information-security-policies/data-classification-and-data-governance-policy
Minimum Security Standards in Procuring Public Cloud Service: http://www.itsc.cuhk.edu.hk/en-gb/it-policies/information-security-policies/minimum-security-standards-in-procuring-public-cloud-service