ISU Standard for Computer System Workstation Security


ISU Employees must comply with all University policies while working in either an on-campus or alternative/remote environment, including those that pertain to information and device security. This standard is applicable via the Section 800 Information Technology Policies contained in the university policy handbook available at:  Information Technology Policies | Indiana State University (  

Workstation Security Standard

  • 810 Acceptable Use of Information Technology
    • ISU Employees must:
      • At no time provide their password to anyone, including family members.
      • Lock the workstation before leaving it unattended, even if the expected time away is brief.
      • Have a secure designated worksite that must be established either on-campus and/or at an alternative/remote environment for day to day work activities.  (Alternative/remote worksites must be physically secure with an expectation of privacy at the same level as an on-campus worksite.)
      • Use ISU-managed system to fulfill all work responsibilities on-campus or at alternative/remote environments.
        • The ISU-managed system must be properly configured with an approved and supported standard operating system, software, and web/telecommunication capabilities. No unapproved modifications of the deployed ISU-managed system baseline will be made.
      • Have a reliable internet service provider with necessary bandwidth at their working location. Employees are responsible for providing their own internet and phone services at alternative/remote environments. Wireless networks must be secured with strong passwords and modern security protocols (such as WPA2).
      • Use ISU managed VPN access for access to sensitive systems and departmental file shares from alternative/remote worksites and access from any public network during authorized travel.
      • Not install/use personal VPNs on ISU managed workstations.
      • Are responsible for any university-owned equipment and software used at alternative/remote worksites and are personally responsible for any such equipment that is lost, stolen, or damaged due to the employee's negligence, misuse, or abuse.
        • ISU will solely repair and maintain any provided equipment unless otherwise authorized. The employee will be responsible for:
          1. any intentional damage to the equipment;
          2. damage resulting from negligence by the employee or anyone present at an alternative/remote worksite;
          3. damage resulting from a power surge if no surge protector is used; and
          4. maintaining the system/device to ISU’s configuration and security baseline.
  • 830 Data Security and Management
    • Abide by data security standards for protecting and controlling sensitive or restricted information in both hardcopy and electronic format.
    • Host virtual meetings with MS Teams, Zoom, or other appropriate ISU-supported, secure virtual conferencing platforms.
    • Create, modify, or store data while either working on-campus or remotely using an ISU-managed system and ISU supported storage such as OneDrive for Business or the network file share.


It is expected that all ISU employees adhere to this security standard.

Print Article


Article ID: 144926
Tue 7/12/22 12:38 PM
Fri 6/21/24 11:32 AM