Skip to content Skip to navigation

Request a Compliance Exception

Stanford's data needs protection wherever it goes, and University equipment and other devices used for sensitive Stanford business must be configured to provide that protection in case a device is lost or stolen. Learn more about what you need to do protect your devices and Stanford's data, or request an exception. 

Compliance exceptions

Endpoints that are critical to Stanford business but that cannot comply with the rules (such as devices that operate specialized research equipment or applications) must request an exception via the Compliance Exception Request form.

Exception requests are reviewed on a case-by-case basis, and it is important for you to provide as much information as possible to support your request. The exception review committee may consider numerous factors such as: the total cost for migrating or upgrading the operating system, or, for vendor provided systems, the vendor's plans for upgrades. Approved exceptions will be assigned an expiration date to ensure the request is later reviewed again for validity and necessity.

Devices with approved exceptions may still be at risk once an exception is approved, and University IT can implement special configurations to enhance the security of your device and your data.

Going forward, please ensure that all departmentally purchased computing equipment or specialized equipment with embedded computer operating systems are capable of complying with the University's data security policies.

Note: Please allow seven business days for the processing of your request. If you have not received an email about your request within this time frame, please submit a HelpSU request under the Request Category of Privacy and Information Security.

BlackBerry mobile devices, Windows Phones, and Linux systems are currently not supported by MDM or SWDE, and so are temporarily exempt from encryption until SWDE and MDM are available for these platforms. Until they are available, these devices should not be used to store, process, or transmit Protected Health Information or other Moderate or High Risk Data without a formal exception. All Linux systems should still back up their files.

Last modified September 3, 2015