Formal Security Policies at Stanford
University senior management has established security policies and procedures to safeguard essential Stanford services, protect the privacy of students, faculty, and staff, and comply with contractual requirements and legislation. Here are some of the most important of these information security standards.
Stanford Administrative Guide Memo 6.1.1
Administrative Computing Systems
This Guide Memo describes the policy that governs the administrative computing systems at Stanford University and identifies administrative system ownership responsibilities. This policy applies to all computerized systems involved with the creation, updating, processing, outputting, distribution, and other uses of administrative information at Stanford.
Stanford Administrative Guide Memo 6.2.1
Computer and Network Usage Policy
This policy covers the appropriate use of all information resources including computers, networks, and the information contained therein.
Stanford Administrative Guide Memo 6.3.1
The purpose of this policy is to ensure the protection of Stanford's information resources from accidental or intentional unauthorized access or damage while also preserving and nurturing the open, information-sharing requirements of its academic culture. This Guide Memo states requirements for the protection of Stanford's information assets.
Administrative Guide Memo 6.4.1 Identification and
This policy states requirements for identifying and authenticating users of Stanford computer systems and networks, and describes centrally-supported identification and authentication facilities.
Administrative Guide Memo 3.4.2 Card and Payment Account
Acceptance & Processing
This policy provides guidelines on the use of electronic commerce at Stanford.
Administrative Guide Memo 6.5.1 Chat Rooms and other
Forums Using Stanford Domains or Computer Services
This policy describes the University's position on electronic forums: Unless specifically sponsored by an academic or administrative unit of the University, the University’s role in connection with these forums will be solely as a passive Internet service provider.
Stanford Administrative Guide Memo 6.6.1
Information Security Incident Response
This Guide Memo describes the procedures to be followed when a computer security incident is discovered to have occurred involving an Administrative Computing System operated by Stanford University and its employees. It outlines the procedures for decision-making regarding emergency actions taken for the protection of Stanford's information resources from accidental or intentional unauthorized access, disclosure or damage.