Topics Map > Services > Records Management
Records Management - Training
Annual training for Unit Records Coordinators
To complete the online training:
- Course Content
- Download the RM Training 2022 03-22 final.pdf file to read and review the slides. This is the current version of the training curriculum.
- Click on the Mark Reviewed button to confirm you've read the material
- Click on the Verification link and select Begin to complete the training
- Select Yes to indicate that you understand the material presented
- Click Save and Submit
- Click OK to view results
- Click OK on the bottom right-hand corner to move on to viewing your Achievement Certificate
- On the left side menu, click on Achievements to view and print your NDSU Records Management Training Certificate
Electronic Records Management
- E-records Day 2019
- E-records Day 2019 Personal Tips
- E-records Day 2019 Reasons For E-records
- E-records Day 2019 Government Tips
- E-records Day 2019 Managing E-communication in Government
- Cleaning Up Shared Drives
Institutional Records and Working Remotely
Following is information and guidance on working with institutional records as a remotely working employee, kindly provided by Enrique Garcia, NDSU Chief Information Security Officer, on Aug. 28, 2020.
Records are constantly being created by employees while using a computing device. Employees have a duty to protect those records from threats. Some examples are:
- Disclosure. Access to an institutional record by an individual who is not authorized to see that record
- Cryptolocking. Data on a computer are encrypted by malware. and ransom is demanded in order to decrypt the information. Legal counsel’s current opinion is that NDSU cannot pay ransom.
- Exfiltration. Data on a computer is sent to a repository on the internet. Ransom is demanded in order to not make the information public.
- Alteration and destruction. Data is modified or deleted knowingly or unknowingly by an unauthorized individual.
- NDSU owned devices such as computers, cellphones and tablets
- Limit browsing to sites needed for work related activities. Using a work device for everyday browsing exposes the device to sites that can contain malware and infect the computer.
- Only the employee should use the device. Other individuals could access records that are protected by privacy laws such as FERPA. Additionally, institutional records could be altered or deleted. Finally, non-employees are more likely to browse to sites not related to work and therefore exposing the device to malware.
- Personally-owned devices
- Security of the device is not managed by NDSU IT so the level of security varies widely
- Personally -owned devices can be used by many individuals which cannot ensure the confidentiality of institutional records
- Browsing on personally owned devices is not limited to safe sites which exposes the computer to a higher probability of malware infection
- Not all personally owned computers have disk encryption approved by NDSU IT. If the device is lost, there is a potential for disclosure of institutional records
- The use of personally owned computers is discouraged for the following reasons:
Use of NDSU email accounts
Following is information and guidance on use of our NDSU email accounts, kindly provided by Enrique Garcia, NDSU Chief Information Security Officer, on March 9, 2022.
· NDSU Policy 158.1, “E-Mail as an Official Communication Method for Employees,” section 6.4, “Business Use of E-mail,” states that:
“Individuals’ NDSU official e-mail addresses are to be used in accordance with the business of the University and for purposes directly related to their position and/or job functions. Official e-mail addresses may not be used for conducting personal business. Incidental personal use is allowed and is to be determined by the respective dean, provost, vice president, president, director, department chairperson, or department head. Personal use must follow all applicable NDSU policies and laws. Use of email to store or transmit social security numbers, dates of birth, credit card numbers, or any similarly sensitive pieces of information is explicitly disallowed for both business and incidental personal use.”
In simple (and frightening) terms, this means that if we don’t want our employer to know our personal business, we should not use NDSU email for our personal matters, and here is why: when sensitive information is sent, O365 sends an alert, and NDSU’s IT Security has to review the data. The result is that information we emailed from our NDSU account about things like personal purchases, tax returns, house refinancing, debts, loans, and the like, is no longer private.