Box Policies

The first policy details that ISU faculty and staff must use an official ISU backup solution and must follow all of ISU's information security policies


1. The individual must abide by ISU’s information security policies in relation to the handling of all Critical Information which they have been granted permission to store locally on non-Information Technology Services-managed electronic devices or electronic media.

Users must use an official ISU Backup Solution. That same policy says, "Institutional information must not be stored on non-ISU owned hardware nor in cloud services that have not been approved by Information Technology Services."

Idaho State University's Official Backup Solution for Faculty, Staff, and other employees is Box. Box is intended to store ISU research, HIPAA, and FERPA information as well as user data. Faculty and staff will store all of their ISU data inside of Box, and edit that data inside of the Box folder. If you are an ISU Faculty or staff member, you should already have a Box account setup. If you are a student employee that needs a Box Account, please fill out the form at the bottom of this page.

ISU Policy ISUPP 2430 describes confidential information, otherwise known as Private Sensitive Information:

"Private Sensitive Information: Information identified by applicable laws, regulations or policies as personal information, individually identifiable health information, education records, personally identifiable information, non-public personal or institutional data, confidential personal information, or sensitive scientific or sponsored project information

Individuals creating, maintaining, using, or disseminating PSI or Institutional Information must take reasonable precautions to protect it from loss, misuse, unauthorized access or disclosure, and unintended alteration or destruction."

As an IT office, we will always encourage CoSE Faculty and Staff to utilize Box as the first reasonable precaution to protect PSI from loss, misuse, unauthorized access or disclosure, and unintended alteration or destruction.

Additionally, that policy states:

ISU has legal ownership of all Information stored, processed, or transmitted on its IT System, and reserves the right to access this information without prior notice whenever there is a genuine business need.