facebook pixel Skip to Main Content
Idaho State University home

CAL IT Office Policies

Box

ITS Asset Management ISUPP 2430

The first policy details that ISU Faculty and Staff must use an official ISU backup solution and must follow all of ISU’s Information Security policies.

  • The individual must abide by ISU's information security policies in relation to the handling of all Critical Information which they have been granted permission to store locally on non-Information Technology Servies-managed electronic devices or electronic media.
  • Users must use an official ISU Backup Solution. That same policy states that "Institutional information must not be stored on non-ISU owned hardware nor in cloud services that have not been approved by Information Technology Services."
  • Idaho State University's Official Backup Solution for Faculty, Staff, and other employees is Box. Box is intended to store ISU research, HIPAA, and FERPA information as well as user data. Faculty and Staff will store all of their ISU data inside of Box, and edit that data inside of the Box folder.
  • If you are an ISU Faculty or Staff member, you should already have a Box account set up.
  • If you are a student employee that needs a Box Account, please ask your supervisor to submit a Help Request with our office.

ISU Policy ISUPP 2430 describes confidential information, otherwise known as Private Sensitive Information (PSI):

  • “Private Sensitive Information: Information identified by applicable laws, regulations or policies as personal information, individually identifiable health information, education records, personally identifiable information, non-public personal or institutional data, confidential personal information, or sensitive scientific or sponsored project information.

    “Individuals creating, maintaining, using, or disseminating PSI or Institutional Information must take reasonable precautions to protect it from loss, misuse, unauthorized access or disclosure, and unintended alteration or destruction.”

  • As an IT office, we will always encourage CAL Faculty and Staff to utilize Box as the first reasonable precaution to protect PSI from loss, misuse, unauthorized access or disclosure, and unintended alteration or destruction.

  • Additionally, that policy states that “ISU has legal ownership of all information stored, processed, or transmitted on its IT System, and reserves the right to access this information without prior notice whenever there is a genuine business need.”

Backing Up User Data

As an IT Office, we will follow the applicable procedure for data recovery presented below:

  • The computer will not turn on or user data cannot be accessed by the customer:
    • Our office will pick up the computer, or it will be dropped off in our office. Our office is the best location for data backup because the process can be regularly monitored by us, and we will have access to our office tools.

    • Someone from the CAL IT Office, usually a technician, will run some basic hardware diagnostics on the computer.

    • If we are unable to get the computer running properly, or if we cannot access the hard drive’s data, then:

      • We will remove the hard drive from the computer and connect it to another computer running Ubuntu, a Linux distribution, to attempt to recover data off of the hard drive.

      • If data recovery is possible at this point, data will be securely copied to a folder on our office Box account.

  • The computer will turn on and/or user data can be accessed by our office:
    • Our office will pick up the computer, or it will be dropped off in our office. Our office is the best location for data backup because the process can be regularly monitored by us, and we will have access to our office tools.

    • If data recovery is possible at this point, data will be securely copied to a folder on our office Box account.

Some additional information regarding our office's user backup procedure:

  • We will not store a local copy of the customer’s data unless there are extreme circumstances that warrant it.

  • User backups that we make are uploaded to our CAL IT Office Box account.

  • Once user backup data is uploaded to Box, the customer will be made a ‘co-owner’ of the backup folder. Sole ownership of this folder will be given to the customer when the customer notifies CAL IT that they can successfully access all of their backup data.

  • The tools we use in our office for backing up computer data allow us to transfer 10 files simultaneously to Box; however, the backup process often still takes a few days. The more data the customer needs to back up, the longer it will take.

  • Our tools aren’t perfect. There are usually a few files that won’t back up. This can happen for a number of reasons:

    • The file path is too long for our tools to transfer to Box: /this/folder/path/is/much/too/long/for/box/to/be/able/to/handle

    • The file type is not supported (i.e. .shk, .pea, .ace file types aren’t supported by Box)

    • The file is a system file of some sort.

  • If you are concerned that these files are of importance to you, you are welcome to bring an external hard drive to us, and we can transfer your files to that device. Alternatively, we have an external hard drive in our office that we can copy the files to so that we can transfer those files to another computer or device you have.

  • In the event the user does not want the computer back after we back up its data to Box, we will keep the computer’s hard drive intact for a period of at least 4 weeks, to give the customer time to detect if data is missing from the backup that we can potentially recover from the computer’s hard drive.

Equipment to Loan

Our office has spare external hard drives, video adapters, webcams, lapel microphones, and laptops to loan out if needed by CAL Faculty and Staff. Call or email us if you need to borrow any of these items.

ISU Policies

  • Idaho State University Cyber Infrastructure Plan
  • Information Technology Service Policies
  • Passwords
    • ISU's Acceptable Use Policy, ISUPP 2400, states:
      • "By being given a username and password granting me access to ISU’s data processing hardware; software, data transmission equipment and infrastructure; data storage devices; and the electronic information stored, processed, or transmitted via these components (hereafter referred to as ISU’s IT System) I agree to abide by the following guiding principles:

        “I agree to maintain confidential access to all ISU IT System resources to which I am given access, and to accept full responsibility for any activity performed via my ISU IT System account. All ISU IT System accounts are non-transferable and each individual must obtain separate and unique access. Passwords must be changed from the originally assigned password and remain private, unknown to all others.

        “Misuse includes (but is not limited to): unauthorized access to or usage of ISU’s IT System; unauthorized use or sharing of account passwords; unauthorized alteration or use of another individual's program(s) or file(s); and knowingly attempting to circumvent established security policies and procedures."

      • With that in mind, our office encourages Faculty and Staff to regularly change their password.