Formal Security Policies at Stanford

University senior management has established security policies and procedures to safeguard essential Stanford services, protect the privacy of students, faculty, and staff, and comply with contractual requirements and legislation. Here are some of the most important of these information security standards.

• Stanford Administrative Guide Memo 3.4.2 Card and Payment Account Acceptance & Processing
  This policy provides guidelines on the use of electronic commerce at Stanford.
• Stanford Administrative Guide Memo 6.1.1 Administrative Computing Systems
  This Guide Memo describes the policy that governs the administrative computing systems at Stanford University and identifies administrative system ownership responsibilities. This policy applies to all computerized systems involved with the creation, updating, processing, outputting, distribution, and other uses of administrative information at Stanford.
• Stanford Administrative Guide Memo 6.2.1 Computer and Network Usage Policy
  This policy covers the appropriate use of all information resources including computers, networks, and the information contained therein.
• Stanford Administrative Guide Memo 6.3.1 Information Security
  The purpose of this policy is to ensure the protection of Stanford's information resources from accidental or intentional unauthorized access or damage while also preserving and nurturing the open, information-sharing requirements of its academic culture. This Guide Memo states requirements for the protection of Stanford's information assets.
• Stanford Administrative Guide Memo 6.4.1 Identification and Authentication Systems
  This policy states requirements for identifying and authenticating users of Stanford computer systems and networks, and describes centrally-supported identification and authentication facilities.
• Stanford Administrative Guide Memo 6.5.1 Chat Rooms and other Forums Using Stanford Domains or Computer Services
  This policy describes the University's position on electronic forums: Unless specifically sponsored by an academic or administrative unit of the University, the University’s role in connection with these forums will be solely as a passive Internet service provider.
• Stanford Administrative Guide Memo 6.6.1 Information Security Incident Response
  This Guide Memo describes the procedures to be followed when a computer security incident is discovered to have occurred involving an Administrative Computing System operated by Stanford University and its employees. It outlines the procedures for decision-making regarding emergency actions taken for the protection of Stanford's information resources from accidental or intentional unauthorized access, disclosure or damage.