This set of standards interprets our policies into operational requirements for data storage and sharing data according to Indiana State University's Data Security and Management Policy found in section 830 of the University Policy Library.
Some classifications of data may be stored on workstations for short periods of time as required for processing.
If stored locally on such a temporary basis, data must be encrypted and protected from unauthorized access and must be moved to institutional storage as quickly as possible and deleted from the hard drive and the recycle bin.
Hard drives on ISU desktops are not encrypted; hence, certain types of data must never be stored on a desktop hard drive, as indicated in the standards matrix.
Grant/Contract-controlled data must be protected according to specific requirements set out in the governing grant or contract (which includes, but is not limited to, non-disclosure agreements, confidentiality agreements, data use agreements, etc.).
The requirements may not correspond exactly with the University's data classification levels.
In these cases, all requirements specified in the grant/contract must be met first.
The data should be classified at the level that most closely corresponds to the specified requirements and, if there are additional protections required by that data classification level, those protections must be applied as well.
Log off at the end of each session or
Lock your computer with access control software (i.e., screen saver with password) during unattended use
Store and share data according to the data classifications described in the Indiana State University Data Storage Standards Policy Matrix.
Personal devices should never be used to store university Internal, restricted, or highly restricted data.
Personal devices should never be used for the administration of systems storing or transmitting university Internal, restricted, or highly restricted data.