Security Assessments

All servers on campus must conform to School of Medicine minimum security standards, whether hosted by IRT or otherwise. If you are running a server that is not physically located in the data center, you will need to make sure that you're following Stanford policies about keeping the data properly secured. You may also choose to have your server moved to the data center and hosted or managed by IRT. Read the information below to determine whether your server is secure in its current location, and whether IRT Information Security Services should help you move the server into the data center.

There are three levels of classification for Stanford data: High Risk, Moderate Risk, and Low Risk.

If you are running a server that stores any information that is defined as High Risk

  • Social Security Numbers

    Credit Card Numbers

    Financial Account Numbers, such as checking or investment account numbers

    Driver’s License Numbers

    Health Insurance Policy ID Numbers

    Health Information and other PHI

— you must have permission from the Data Governance Board to be storing it on your computer. If you are storing any information that is High Risk, Moderate Risk, or Low Risk, you must encrypt the computer it is stored on, and you must follow Stanford's security procedures. (See this handy chart of the minimum security requirements for servers.)

To find out whether your current server is adequately secured, you can go through Stanford Secure Computing's Data Risk Assessment questionnaire.   Keeping a server properly secured on your own can be difficult, and it may well be to your advantage to have it hosted in IRT's secure data center.

IRT Server Hosting

If you've determined that your server should be located in the data center, contact IRT Security. Someone will arrange a time to sit down with you, go through a security questionnaire and assessment, and help you with the server move. For more information about IRT's hosting and system administration requirements and services, visit the IRT server management page.


If you are unsure about how to best secure your server, contact the IRT Service Desk at 5-8000 and the folks there will answer your questions.