Skip to main content

Desktop, Laptop, and Tablet PC Computing Standards (Policy 8030)

University Policy 8030

Download a Printable Version of Policy 8030

Effective Date

November 1997

Last Revision Date

September 20, 2023

Responsible Party

Office of Information Technology, (208) 426-4357
Chief Information Security Officer, (208) 426-4127

Scope and Audience

This policy applies to all colleges, departments, divisions, and units of Boise State University, including all University-owned or -controlled devices, and is meant to enhance the academic and business functions of the University.

Additional Authority

  • Idaho Technology Authority

1. Policy Purpose

To provide reliable desktop, laptop, and tablet PC platforms to enhance the workflow, security, and productivity of the University community.

2. Policy Statement

Boise State University promotes the secure sharing of information by establishing reliable desktop, laptop, and tablet PC computing standards. Such standards promote device and data security and compatibility for thorough, consistent support from the Office of Information Technology (OIT) and vendors.

3. Standards

3.1 Hardware Standards

a. All computers must be under warranty and within the dates of the manufacturer’s supported lifespan. Computers must be enterprise models offered by state contracted vendors. Purchase of computers with University, sponsored project funds, or gift funds is only done by OIT. The current specific hardware requirements are found on the Minimum Standards for Desktop and Software.

b. Upon University completion of use, all electronic storage will be erased using either Department of Defense (DOD) zero fill standards, magnetron, or device destruction. Hardware will be disposed of in accordance with University and Idaho Technology Authority policies and procedures.

3.2 Software Standards

Software must be compatible with University administrative system, and if the current version is within the manufacturer’s supported product lifecycle. All software must be fully licensed and supported. Operating systems must be regularly updated and within the manufacturer’s supported product lifecycle. University standards for what systems are used are found on the Minimum Standards for Desktop and Software.

3.3 Backups

The backup of files on Desktop, laptop, and tablet PC computers is the responsibility of the department. Approved computers that have Level 1 data, as defined by the University Data Classification Standards in the Minimum Security Standards for Systems, must only back up data to University network file servers. Level 2 data must be backed up to University network file servers or University standard cloud storage vendors. Other cloud storage vendors are not permitted. Level 3 data may be backed up to external media, such as a USB (Universal Serial Bus) key.

3.4 Best Practices

Managers of Boise State University IT resources must seek and adopt, whenever possible, best practices with regards to the acquisition, implementation, management, and replacement of IT resources.

4. Responsibilities and Procedures

4.1 Modification of Policy

The Chief Information Security Officer (CISO) is responsible for administering this policy including its maintenance and compliance. Others wishing to make recommendations may make them directly to the CISO.

4.2 Exceptions to Policy

A Request for Exception, along with a plan for risk assessment and management, must be submitted and approved prior to implementation of any exception to this policy. Non-compliance with these standards may result in revocation of access, notification to the supervisor, and reporting to Internal Audit and the Office of Institutional Compliance and Ethics.

4.3 Enforcement

Violations of this policy will be handled consistent with University disciplinary procedures applicable to the relevant individuals or departments. Failure to comply with this policy may also result in the suspension of access to network resources until policy standards have been met. Should the university incur monetary fines or other incidental expenses from security breaches, the university may recoup such costs from the non-compliant department, school, or auxiliary organization.

5. Related Information

Minimum Security Standards for Systems

Request for Exception

Minimum Standards for Desktop and Software

Revision History

April 1998; March 2000; July 2001; December 2005; October 2006; January 2020; September 20, 2023

Back To Top