Policies & Regulations
Why You Need to Secure Your Information
Stanford's data protection policies are here to help you: they're in place in order to comply with various federal and state regulations. In the case of an unauthorized data breach, not only the University but you personally can be held liable, and are therefore subject to the responsibilities and penalties at all levels:
University and School of Medicine Policies
Sensitive information must be transferred securely. If other secure options are not feasible and external USB media must be used, that media must be encrypted. For individuals whose role will require them to handle or transmit High Risk data at some point in their time at Stanford, all computers used for Stanford work will need to have an agent installed to prevent inadvertently copying data from the computer to an unencrypted drive.
Risk Classifications and Minimum Security Standards
Stanford's Risk Classifications for its information resources provides a framework to determine the risk of information resources. Based on these risk categories, Minimum Security Standards have been established for:
- Software-as-a-Service, Platform-as-a-Service
- Infrastructure-as-a-Service & Containerized Solutions
University Information Privacy & Security Quick Reference Guide
If you have questions or need assistance, call 650-725-8000 (M-F 7a-6p) or submit a help ticket at tdshelp.stanford.edu.