Risk & Compliance
Main content start
Compliant Services for Data Security at Stanford
GSE researchers and staff work with data that can range from public to highly sensitive. To protect this Stanford data—and the research subjects—Stanford requires compliance with security and privacy standards. For the GSE community, GSE IT has prepared an overview of Compliant Services for Data Security at Stanford.
Data Risk Assessments (DRA)
The Data Risk Assessment (DRA) process helps determine the level of risk for your project and what safeguards are required.
- DRA Tip Sheet: Submitting a DRA
- DRA Tip Sheet: Reviewing a DRA (Data Protection Champions)
- DRA office hours – meet with University Privacy Office for guidance
Key Stanford Policies & Standards
- Administrative Guide: Information Security Defines roles, responsibilities, and data classification.
- Administrative Guide: Privacy & Access to Electronic Information Explains how and when Stanford may access or disclose electronic information.
- Minimum Security Standards Sets baseline technical and administrative controls for systems and services that handle Stanford data.
- Minimum Privacy Standards Outlines best practices for collecting, using, sharing, and disposing of personal data.
- Third-Party Security Requirements Defines the safeguards vendors must meet when handling Stanford’s sensitive data.