All servers on campus must conform to School of Medicine security regulations, whether hosted by IRT or otherwise. If you are running a server that is not physically located in the data center, you will need to make sure that you're following Stanford policies about keeping the data properly secured. You may also choose to have your server moved to the data center and hosted or managed by IRT. Read the information below to determine whether your server is secure in its current location, and whether IRT Information Security Services should help you move the server into the data center.
The official Data Classification Chart outlines what kind of information is considered prohibited, restricted, and confidential. If you are running a server that stores any information that is defined as Prohibited —
Social Security Numbers
Credit Card Numbers
Financial Account Numbers, such as checking or investment account numbers
Driver’s License Numbers
Health Insurance Policy ID Numbers
— you must have permission from the Data Governance Board to be storing it on your computer. If you are storing any information that is Prohibited, Restricted or Confidential, you must encrypt the computer it is stored on, and you must follow Stanford's security procedures. To find out whether your current server is adequately secured, you can go through Stanford Secure Computing's Information Security Questionnaire. Keeping a server properly secured on your own can be difficult, and it may well be to your advantage to have it hosted in IRT's secure data center.
IRT Server Hosting
If you've determined that your server should be located in the data center, contact IRT Security. Someone will arrange a time to sit down with you, go through a security questionnaire and assessment, and help you with the server move. For more information about IRT's hosting and system administration requirements and services, visit the IRT servers page.
If you are unsure about what you need to do, contact the IRT Service Desk at 5-8000 and the folks there will answer your questions.