Unless the following 3 conditions are met, according to 2430-IT-Asset-Management Policy (https://www.isu.edu/media/libraries/isu-policies-and-procedures/information-technology/2430-IT-Asset-Management.pdf)
1. A written justification is submitted to the Dean, Department Chair, or Vice President detailing why having Critical Information stored locally is absolutely necessary to conduct the business of the University and to perform the official duties of the person making the request,
2. The Dean, Department Chair, or Vice President must grant written permission to the requesting individual, with a copy being sent to the departmental System Administrator and to Information Technology Services. While permission is not required to retain student grades, letters of recommendation, patentable research findings, etc., that are used regularly in the performance of faculty and staff duties, individuals storing such information on local devices must comply with ISU’s information security policies in relation to this information.
3. The individual must abide by ISU’s information security policies in relation to the handling of all Critical Information which they have been granted permission to store locally on non-Information Technology Services-managed electronic devices or electronic media.
Users must use an official ISU Backup Solution. That same policy says, "Institutional information must not be stored on non-ISU owned hardware nor in cloud services that have not been approved by Information Technology Services."
Idaho State University's Official Backup Solution for Faculty, Staff, and other employees is Box. Box is intended to store ISU research, HIPAA, and FERPA information as well as user data. Faculty and staff will store all of their ISU data inside of Box, and edit that data inside of the Box folder. If you are an ISU Faculty or staff member, you should already have a Box account setup. If you are a student employee that needs a Box Account, please fill out the form at the bottom of this page.
ISU Box Support comes in two varieties:
- WebDAV: This Box solution is a network shared drive that looks like a regular folder on Windows or Mac OSX.
- Website: Navigate to www.box.com , and from there you'll be able to login to Box to access your files.
- Is not officially supported by the University. The risk of having a local copy of valuable institutional data on a non ISU computer is high. Except for extreme circumstances, Box Sync won't be enabled for ISU faculty and staff. Local copies of FERPA, HIPAA, Educational Records, or other PSI, is not safe, reliable, or secure. If you believe you have a legitimate need for Box Sync, contact us.
ISU Policy ISUPP 2430 states that:
"Private Sensitive Information: Information identified by applicable laws, regulations or policies as personal information, individually identifiable health information, education records, personally identifiable information, non-public personal or institutional data, confidential personal information, or sensitive scientific or sponsored project information
Individuals creating, maintaining, using, or disseminating PSI or Institutional Information must take reasonable precautions to protect it from loss, misuse, unauthorized access or disclosure, and unintended alteration or destruction."
As an IT office, we will always encourage CoSE Faculty and Staff to utilize Box as the first reasonable precaution to protect PSI from loss, misuse, unauthorized access or disclosure, and unintended alteration or destruction.
Additionally, that policy states:
ISU has legal ownership of all Information stored, processed, or transmitted on its IT System, and reserves the right to access this information without prior notice whenever there is a genuine business need.