Data Security Program

Digital Device Security at the School of Medicine

The School of Medicine is dedicated to encrypting all Stanford-owned computers used by Stanford employees who work at the school, and to encrypting all Stanford-owned or personally-owned computers and mobile devices used by Stanford employees and affiliates who work with High Risk Data (previously Restricted or Prohibited Data). (As of May 31, 2015, all computers on the Stanford network should be encrypted as well.)

While we strongly recommend frequent and secure backups of your data, the School of Medicine does not require a centrally managed backup. We will, of course, still offer the CrashPlan service to anyone who wants it. Please be sure that if you are conducting your own backups of devices that may store or access Stanford data, the backups must also be encrypted. (We recommend an encrypted drive such as the Apricorn Padlock.)

There are three ways to install School of Medicine CrashPlan Pro backup service:

1. CrashPlan can be automatically installed on your computer using the BigFix management software. You will need to have BigFix installed.

2. An IT specialist can assist you. Please contact IRT at 650-725-8000.

3. There are step-by-step install directions for people who wish to install CrashPlan themselves.

See: CrashPlan Guide

The School of Medicine provides AMIE ("Am I Encrypted?") to allow you to review your personal compliance with the School of Medicine data security policies. The tool displays the information you supplied in your attestation, and the BigFix, backup and encryption status of each of your computers. It also provides instructions to take actions to correct any issues that are detected. Please note that for a computer to report its status correctly, BigFix must be functioning properly and you will need to have completed the Device Identification Survey, which will appear as a BigFix popup on that machine. Please visit this site to see your current status: https://med.stanford.edu/datasecurity/amie/

AMIE

It is of vital importance that you fully complete the backup of your computer. Failure to complete this step before encrypting your computer may cause irreparable damage to your machine.

A. Open the CrashPlan application

In MacOS: Choose "Show CrashPlan" from the Crashplan icon in the menu bar at the top-right of the screen, or run CrashPlan from the Applications folder.

Once CrashPlan begins the back up, it scans the total number of files on your machine before proceeding with its initial backup, which may take several days to complete.

B. Check Progress Bar

As the backup proceeds, the progress bar under the BackUp tab will indicate how far along you are in the process. Before encrypting your computer, you should make sure all of the files initially scanned by CrashPlan have been backed up.

Note: CrashPlan is constantly backing up your files while you work. Since it cannot backup any documents that you may currently have open and be working on, the progress bar may not show the backup as being 100% complete, though all of the files initially scanned by CrashPlan have been backed up.

CrashPlan Verification

A robust data backup solution ensures that your data is safe during and after the encryption process. Backup protects against permanent data loss, in the event that your computer is lost, stolen, damaged, or suffers a technical failure. It also provides protection when data becomes corrupted or has been accidentally deleted.

Yes. The School of Medicine's data backup system is encrypted, properly secured, and monitored in a School of Medicine Data Center facility. The data can only be accessed by authorized IT staff.

We understand that computers used for Stanford business can contain personal information. The University has a very compelling interest in not accessing or storing your private data. In collaboration with the Privacy Office, the Information Security Office and the Office of General Counsel, workflows and policies have been established to protect your privacy and ensure that all aspects of the data security program adhere to University policy and state and federal law. Backed-up data will be only accessed when necessary: to restore a computer at your direction, as part of a legitimate investigation, or as compelled by legal process.

We understand that computers used for Stanford business can contain personal information. The University has a very compelling interest in not accessing or storing your private data. In collaboration with the Privacy Office, the Information Security Office and the Office of General Counsel, workflows and policies have been established to protect your privacy and ensure that all aspects of the data security program adhere to University policy and state and Federal law. Backed-up data will be only accessed when necessary: to restore a computer at your direction, as part of a legitimate investigation, or as compelled by legal process.

If you have personal data on a computer that you do not want backed up to the School's CrashPlan system, you have the following options:

1. Remove your personal data from the computer before the CrashPlan backup proceeds. All Stanford data must remain on the computer and be available for backup.

2. Remove any personal data captured by the CrashPlan system after the backup and encryption of your computer has completed.

The CrashPlan application on your computer will allow you to identify any personal data that you do not want captured during subsequent backups. Any information so identified that had been previously backed up will be automatically and permanently deleted from the CrashPlan system, but will remain on the computer. All Stanford data must remain on the computer and be available for back up.

By default, the School of Medicine CrashPlan backup service will back up the contents of all local drives in the host computer. This includes all user files, applications, and other data. This is the safest policy in the event of a system failure, as anything that was on the machine can be restored from the backup server.

Some people may be uncomfortable storing personal information on a computer that backs up to the School's backup servers, though the School of Medicine will only access such information as necessary to restore a system at the user's direction, as part of a legitimate investigation, or as compelled by legal process.

Should you wish to exclude individual files or directories from your backups, you can do so from within the CrashPlan application. Files excluded in this manner will be automatically purged from the backup archive. Any personal data so identified that had been previously backed up will be automatically and permanently deleted from the backup system but will remain on the computer.

All Stanford data must remain on the computer and be available for back up.

A. Open the CrashPlan application

Under Windows: Right-click on the CrashPlan icon in the system tray in the lower-right of the screen and select "Show Application", or run CrashPlan from the Start menu.

B. Go to Files Section

In the Backup tab of the CrashPlan application there will be a section titled "Files" - this lists all the backup sources. By default, it will include the "C" drive on Windows machines. It may also include other drives or directories if there are multiple internal drives attached to the computer.

CrashPlan

C. Click the "Change" button to bring up the Change File Selection dialog box

  • You may un-check any files or folders that you do not want to back up.
  • Click "Save" to save your changes.
  • Warning: All Stanford data must be backed up - only use this function to exclude personal data that you do not want backed up.

 

CrashPlan Exclude

 

The School of Medicine will only access such information as necessary to restore a system at your direction, as part of a legitimate investigation, or as compelled by legal process.

Once CrashPlan has been installed, it should start running and backing up your data. If you run the CrashPlan application, you should be able to see the current status on the Backup tab.

Not in any measurable way. The software is configured so that it uses minimal system resources whenever you are actively using your computer.

The School of Medicine's CrashPlan backup system is highly secure and is managed in a School of Medicine Data Center facility that is redundant and fault tolerant. It provides very rigorous protection for the Stanford's data and also the ability to perform thorough and efficient investigations in the unfortunate event that a computer is lost, stolen or compromised. The data in the backups can only be accessed by authorized IT staff according to strictly defined procedures overseen by the Privacy Office and the Office of General counsel in accordance with University policy and state and federal laws.

If you work with High Risk data, School of Medicine policy recommends you install the School's centrally managed CrashPlan software on all computers used for Stanford business. A full backup is strongly recommended prior to encryption to guard against data loss in the event of a failure during the encryption process.

It is certainly possible to run an additional backup that you manage (a common example is the use of a Time Capsule for Apple computers) and in most cases a second form of backup can co-exist with the School's Crashplan without problem. If you do run a personal backup, backups must be encrypted if you use PHI or other High Risk data.

In general the limit is 1TB per user. It may be possible to store more, but we ask that a special request be made in these cases so we can insure that the capacity available to other members of the community is not negatively impacted. If the Crashplan Pro infrastructure is unable to accommodate special requests for large data sets, we will work with you to find an alternate solution.

There are significant challenges posed by the proper management and data backup of large data sets. Meeting these challenges can be an expensive proposition. IRT will gladly work with you to identify a secure and scalable solution.

You can run the CrashPlan software to restore files yourself, or you can request help with restoring files via the IRT help form.

Yes, we have configured our service to permit remote users to be able to perform data backups. In rare instances, a network firewall at a remote location could be configured to block access, and you may want to either try and get that changed, or use VPN software to reach our service.

Technically, yes. But if you choose to do so, please be extra careful. For example, you could conceivably set your backup software to exclude important files (in which case they would not be restorable). Settings can be found in the CrashPlan software on your computer.

All computers that store Stanford should be backed up.This includes both Stanford-owned devices, and personally-owned devices that might store or access Protected Health Information (PHI) and other High Risk data, inlcuding any device used to access the hospitals' Epic and Cerner systems.

If you have been using a Stanford-owned computer, that computer will be turned in to your supervisor, and they may access or pass along the data used in the course of your work. Your data backup will remain on the School's servers, should it need to be restored. If you have been using a personally-owned computer, you will presumably be turning your Stanford data over to your supervisor, and removing it from your computer. You can then uninstall the CrashPlan software and BigFix.