The Administration Guide (http://adminguide.stanford.edu) is the University's official administration policy manual. Chapter 6, Computing, specifically defines your responsibilities regarding network and computer utilization, information security, chatrooms and electronic commerce. Read on for summaries of each section; click the links to download the entire policy as a PDF.
Section 1, Administrative Computing Systems, outlines the hierarchy of administrators and users of an academic computing system—any computerized system that uses administrative information at Stanford—and identifies "ownership, development and management responsibilities."
Section 2, Computer and Network Usage Policy, lays out guidelines for users of Stanford's computers, networks and information on the proper use of information technologies, including:
- Users are bound to respect copyright law and licenses
- Users are bound to respect the integrity of information resources, both hardware and software
- Users are prohibited from seeking to gain unauthorized access to resources
- Users must respect the rights of other computer users, and neither violate their privacy nor broadcast inappropriate content
- University information resources must not be used for political, commercial or personal use except when in compliance with laws and University policies
Section 3, Information Security, states the requirements for the protection of Stanford's information assets, and the principles of information security (the following is quoted from the Guide):
- Information Resource Availability — The information resources of the University, including the network, the hardware, the software, the facilities, the infrastructure and any other such resources, are available to support the teaching, learning, research or administrative roles for which they are designated.
- Information Integrity — The information used in the pursuit of teaching, learning, research or administration can be trusted to correctly reflect the reality it represents.
- Information Confidentiality — The ability to access or modify information is provided only to authorized users for authorized purposes.
- Support of Academic Pursuits — The requirement to safeguard information resources must be balanced with the need to support the pursuit of legitimate academic objectives.
- Access to Information — The value of information as an institutional resource increases through its appropriate use; its value diminishes through misuse, misinterpretation, or unnecessary restrictions to its access.
Section Three also outlines the University's Data Classification Guidelines, the responsibilities of each person with regards to information security, and includes a list of University security resources.
Section 4, Identification and Authentication Systems, discusses University policy regarding SUNetIDs, Stanford ID cards, Kerberos and other forms of ID; and recommendations and guidelines for computer systems requiring ID or authentication.
Section 7, Information Security Incident Response, describes the procedures to be followed when a computer security incident is discovered, or when High or Moderate Risk (Prohibited or Restricted) Information may have been inappropriately accessed. This policy outlines the procedures for decision-making regarding emergency actions taken for the protection of Stanford's information resources from accidental or intentional unauthorized access, disclosure or damage. For a more detailed outline of this section, also see Reporting an Incident.