Stanford's information assets need protection whether on-campus or not, and University equipment and other devices used for  Stanford work must be configured to provide that protection in case a device is lost, stolen or otherwise compromised. Learn more about what you need to do protect your devices and Stanford data, or under specific conditions - to request an exception from information security requirements.

Information Security Compliance Exceptions

Endpoints that provide critical support to Stanford research equipment or applications but which cannot comply with the information security requirements must request an exception via the Compliance Exception Request form.  Specific controls may need to be implemented to compensate for the risk posed by being unable to meet the requirements.

If your department has more than 10 requests for temporary information security exceptions that are similar to each other (similar description of device and type of justification), rather than submit each one individually, you can submit them in a batch and we will process them in bulk.  You will need to complete a spreadsheet template from which you can create a comma-delimited or CSV file we can use to import your exception requests.

“Bulk Import” of Exception Requests into the REDCap Exception Management System (administered by School of Medicine TDS)

Step 1:
Please submit a HelpSU ticket (helpsu.stanford.edu) with the following information:

Request Category *
  Privacy and Information Security

Request Type *
  Other Security Issue or Concern

Request Description *
  In the text field, include:

• You wish to “Bulk Import” exception requests - (please tell us how many requests you have)

• You would like the “Data Import” and “Exception Field Mapping Values” files.
 

Step 2:
Once the ticket has been assigned, we will send you the “Data Import” and the “Exception Field Mapping Values” files in response.  We will also reach out to you directly, to initially review your request and discuss the process and expectations.  

What to do with the spreadsheet files: Within the “Data Import” file, enter complete data with a row for each record or device in the request. Use the “Exception Field Mapping Values” spreadsheet as a key reference; you must input correct values into each column for a successful import. When filling out the form, please refrain from using any commas—except when separating multiple IP addresses or Hardware Addresses. Extra commas outside of these two fields will cause importing errors. Incomplete information will delay importing and approving your requests.

Step 3:
Save your completed form as a .CSV formatted file. Reply to your existing HelpSU ticket via email and include the .CSV file as an attachment.

Your request will be reviewed for formatting or other errors. We will confirm your final approval of the accuracy of the data, after which your data will be imported into the Temporary Exception Request system.

Need Help?

If you have further questions, please email som-encryption@stanford.edu, or call 650-725-8000.

Q. How can I begin the “Bulk Import” process?
A. Submit a HelpSU ticket.  Before you submit the bulk import file, we will discuss your bulk exceptions and the process with you. We will review what is expected in filling out the bulk exception template, and the corresponding values that are needed for a successful bulk import.

Q. How long will the exception requests take to process?
A. As this a complex process, fully completed bulk exception requests take a minimum of five days to complete. Unfortunately, at the present time, we cannot expedite bulk exception requests.  Missing or poorly formatted data will delay the processing of your request.