University Policy 8030
Download a Printable Version of Policy 8030
Effective Date
November 1997
Last Revision Date
September 20, 2023
Responsible Party
Office of Information Technology, (208) 426-4357
Chief Information Security Officer, (208) 426-4127
Scope and Audience
This policy applies to all colleges, departments, divisions, and units of Boise State University, including all University-owned or -controlled devices, and is meant to enhance the academic and business functions of the University.
Additional Authority
- Idaho Technology Authority
1. Policy Purpose
To provide reliable desktop, laptop, and tablet PC platforms to enhance the workflow, security, and productivity of the University community.
2. Policy Statement
Boise State University promotes the secure sharing of information by establishing reliable desktop, laptop, and tablet PC computing standards. Such standards promote device and data security and compatibility for thorough, consistent support from the Office of Information Technology (OIT) and vendors.
3. Standards
3.1 Hardware Standards
a. All computers must be under warranty and within the dates of the manufacturer’s supported lifespan. Computers must be enterprise models offered by state contracted vendors. Purchase of computers with University, sponsored project funds, or gift funds is only done by OIT. The current specific hardware requirements are found on the Minimum Standards for Desktop and Software.
b. Upon University completion of use, all electronic storage will be erased using either Department of Defense (DOD) zero fill standards, magnetron, or device destruction. Hardware will be disposed of in accordance with University and Idaho Technology Authority policies and procedures.
3.2 Software Standards
Software must be compatible with University administrative system, and if the current version is within the manufacturer’s supported product lifecycle. All software must be fully licensed and supported. Operating systems must be regularly updated and within the manufacturer’s supported product lifecycle. University standards for what systems are used are found on the Minimum Standards for Desktop and Software.
3.3 Backups
The backup of files on Desktop, laptop, and tablet PC computers is the responsibility of the department. Approved computers that have Restricted or Confidential data, as defined by the University Data Classification Standards in the Minimum Security Standards for Systems, must only back up data to University network file servers. Internal data must be backed up to University network file servers or University standard cloud storage vendors. Other cloud storage vendors are not permitted. Public data may be backed up to external media, such as a USB (Universal Serial Bus) key.
3.4 Best Practices
Managers of Boise State University IT resources must seek and adopt, whenever possible, best practices with regards to the acquisition, implementation, management, and replacement of IT resources.
4. Responsibilities and Procedures
4.1 Modification of Policy
The Chief Information Security Officer (CISO) is responsible for administering this policy including its maintenance and compliance. Others wishing to make recommendations may make them directly to the CISO.
4.2 Exceptions to Policy
A Request for Exception, along with a plan for risk assessment and management, must be submitted and approved prior to implementation of any exception to this policy. Non-compliance with these standards may result in revocation of access, notification to the supervisor, and reporting to Internal Audit and the Office of Institutional Compliance and Ethics.
4.3 Enforcement
Violations of this policy will be handled consistent with University disciplinary procedures applicable to the relevant individuals or departments. Failure to comply with this policy may also result in the suspension of access to network resources until policy standards have been met. Should the university incur monetary fines or other incidental expenses from security breaches, the university may recoup such costs from the non-compliant department, school, or auxiliary organization.
5. Related Information
Minimum Security Standards for Systems
Minimum Standards for Desktop and Software
Minor Amendment
October 18, 2024
Revision History
April 1998; March 2000; July 2001; December 2005; October 2006; January 2020; September 20, 2023