Skip to content Skip to navigation

Information Security

6.3.1 Information Security

Last updated on:

The purpose of this policy is to ensure the protection of Stanford's information resources from accidental or intentional unauthorized access or damage while also preserving and nurturing the open, information-sharing requirements of its academic culture. This Guide Memo states requirements for the protection of Stanford's information assets.

6.2.1 Computer and Network Usage Policy

Last updated on:

This policy covers the appropriate use of all information resources including computers, networks, and the information contained therein.

6.1.1 Administrative Computing Systems

Last updated on:

This Guide Memo describes the policy that governs the Administrative Computing Systems at Stanford University and identifies Administrative Computing System ownership, development and management responsibilities. This policy applies to all computerized systems involved with the creation, updating, processing, outputting, distribution, and other uses of administrative information at Stanford.

6.4.1 Identification and Authentication Systems

Last updated on:

This Guide Memo states requirements for identifying and authenticating users of Stanford computer systems and networks, and describes centrally-supported identification and authentication facilities.

3.4.2 Card and Payment Account Acceptance and Processing

Last updated on:

This policy provides guidelines on acceptance and processing of credit and debit card, account number, or third party account numbers at Stanford.

8.1.3 Provision of Mobile Equipment and Related Services

Last updated on:

This guide memo outlines policy on the provision of Equipment/Services. The policy requires that the employee's supervisor approve the Stanford business need for Equipment/Services. The policy establishes the responsibilities of the employee and the department regarding any personal use of Equipment/Services. Schools and departments may adopt stricter provisions. The policy sets further requirements regarding the use and maintenance of Equipment/Services.

6.6.1 Information Security Incident Response

Last updated on:

This Guide Memo describes the procedures to be followed when a computer security incident is discovered to have occurred involving an Academic or Administrative Computing System operated by Stanford University, its faculty, students, employees, consultants, vendors or others operating such systems on behalf of Stanford. It also describes the procedures to be followed when Prohibited or Restricted Information residing on any computing or information storage device is, or may have been, inappropriately accessed, whether or not such device is owned by Stanford. This policy outlines the procedures for decision making regarding emergency actions taken for the protection of Stanford's information resources from accidental or intentional unauthorized access, disclosure or damage.

6.5.1 Chat Rooms and Other Forums Using Stanford Domains or Computer Services

Last updated on:

Establishes policy for use of electronic communication forums at Stanford.

1.6.2 Privacy and Security of Health Information (HIPAA)

Last updated on:

This Guide Memo describes Stanford University's implementation of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations ("Privacy Rule" and "Security Rule") governing the protection of identifiable health information by health care providers and health plans. The portions of Stanford University that are impacted by HIPAA include the Stanford University HIPAA Components and the Group Health Plan, defined in Sections 3 and 4, respectively.

This Guide Memo references Stanford University HIPAA Components policies on the University HIPAA website and the Group Health Plan HIPAA policies. The Group Health Plan maintains HIPAA policies and procedures in the Resource Library section of the Benefits website. These policies outline more specific rights of individuals regarding their protected health information ("PHI") as well as the operational and system requirements to comply with the Privacy and Security Rules.

1.6.1 Privacy Policy

Last updated on:

Stanford University has an interest in ensuring that the privacy of its students, faculty, and staff is respected. The University is committed to protecting the privacy of Prohibited, Restricted and Confidential Information within its control in a manner consistent with applicable laws, regulations and University policies.

Subscribe to RSS - Information Security