Reducing Your Risk: Handling Stanford Information
Data Risk Assessments
If you need to use, share, and store High Risk Data, first you should complete a Data Risk Assessment (DRA). The first part of the questionaire will help determine whether you should proceed to a full Data Risk Assessment with the UIT Information Security and University Privacy offices. If so, they will work with you to ensure that you can securely proceed with your necessary work.
Your Computer and Other Devices
If you access Stanford information with any of your devices, even just checking your Stanford email, Stanford's minimum security standards require that device to be protected in the following ways:
Storing Information
Sensitive or regulated Stanford information must be encrypted at all times: in storage and in transit.
- Secure Storage Options
UIT Secure File Storage Recommendations
Code42 (CrashPlan) and other secure backup options. Code42 CrashPlan is approved for all risk levels of Stanford information, including PHI.
- Protect Portable Information: If you MUST transport sensitive information, use a pre-encrypted USB memory stick or external drive.
Or, instead of carrying the information from place to place, consider sending it securely instead.
Research & Security
- Data Risk Assessments: If you need to use, share, and store High Risk Data, first you should complete a Data Risk Assessment (DRA). The first part of the questionaire will help determine whether you should proceed to a full Data Risk Assessment with the UIT Information Security and University Privacy offices. If so, they will work with you to ensure that you can securely proceed with your necessary work.
- Research and Security: To have your research data security plan reviewed and signed off, or, for help assessing your data needs and creating a solid plan, go here
- HIPAA Anonymization: Before sharing research data, please review HIPAA Security and Privacy policies here.