Compliance with the minimum security standards requires the following actions:
All SoM Community Members
1. Everyone at the medical school will be asked to complete a Data & Device Attestation to identify whether you are exposed to High Risk Data and if so, the kinds of devices you use. Please only report the Stanford-owned and personally-owned devices that you use for Stanford business. You do not need to report devices owned by SHC or LPCH.
2. All mobile devices that store or access Stanford data must be configured with the Mobile Device Management technology, available for iPhones, iPads, and most Android devices. See: MDM Installation information »
As an additional level of security, all SoM devices enrolled in MDM must have a Restricted MDM profile, and not a Basic profile. If you currently have a Basic profile set up for a device, the only way to get a Restricted profile is to unenroll and re-enroll the device.
3. BigFix, Stanford's computer and security management tool, must be installed on all laptops and desktops used for School of Medicine that are used to store or access High Risk Data. This includes Stanford-owned and personally-owned laptops and desktops as well as VM machines. For users who do not access High Risk Data, BigFix is recommended but not required. See: BigFix Installation guide »
4. Everyone with BigFix must complete a Device Identification Survey to identify the specific computers you use for Stanford business. This survey will be delivered to you via a BigFix pop-up screen on each of your computers.
Stanford employees who work at the School of Medicine
5. All computers and laptops used by Stanford employees for school business must be verifiably encrypted. This can be done by using the SWDE (Stanford Whole Disk Encryption) installer, which does include BigFix. Only individuals who do NOT access High Risk data will be able to use the new encryption tool called VLRE. Although using BigFix to report on encryption status is still recommended, VLRE will not include BigFix and instead will provide an alternate agent to verify encryption.
People who work with High Risk Data
6. All laptops and desktops (whether Stanford- or personally-owned) that may be used to interact with High Risk Data must be SWDE-encrypted. This includes all computers used to access EPIC at either Stanford Health Care or Stanford Childrens Health. See: Installation FAQs »
To support the encryption of devices which may contain or access High Risk Data, the School of Medicine provides multiple options for getting help. You can make use of the self-service materials on this site, your local IT support personnel, IRT Service Desk staff at 650-725-8000, or visit us at the Tech Bar (M-F, 8am - 6pm).