Audio and Video Conferencing: Zoom and WebEx, Microsoft Teams
IMPORTANT: Teams is only approved for PHI data with Cardinal Key. | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Backups: Backup and Recovery Service for Servers (BaRS) | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Backups: CrashPlanPROe | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Calendar: Office 365 | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Cardinal Fax | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Cardinal Print | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
Cloud Infrastructure: Amazon Web Services, Microsoft Azure, Google Cloud Platform
IMPORTANT: Only approved for High-Risk & PHI data with the provision set up by UIT, and configured and managed by a Stanford professional services team. (e.g. Stanford Research Computing or TCG) Only HIPAA-approved services allowed for PHI-containing cloud accounts. See GCP and AWS. | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Content Management: Stanford Domains | Approved for low risk data | Not approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Content Management: Drupal (Stanford Sites), WordPress | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Content Management: OpenText | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Not approved for high risk data |
|---|
| Database Hosting: MySQL | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
Document Management: Office 365 OneDrive, SharePoint, OneNote
IMPORTANT: Only approved for PHI data with Cardinal Key. | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Document Management: Medicine Box | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
Document Management: Google Drive (including Shared Drives, Docs, Sheets, Slides, and Forms)
IMPORTANT: Only approved for PHI data with Cardinal Key with Google Drive. | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Document Management: Google G Suite: All others (Photos, Jamboard, Sites, etc...) | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
Electronic Data Capture (EDC): REDCap, Forte, REDCap Cloud
Note: Compliant with Title 21 CFR Part 11. | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
Electronic Signature: AdobeSign
IMPORTANT: Only approved for PHI data with the system configuration set up by UIT. | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Electronic Signature: DocuSign | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Email: Google Mail, Office365 (with “Secure:” in subject line) | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Email: Google Mail, Office365 (without “Secure:” in subject line) | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Email: Other Departmental Systems | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Encryption: MDM Compliant Device, Stanford Device Registration Compliant Device | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Encryption: VLRE Compliant Device | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| File Storage: AFS, CIFS, NFS | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| File Storage: Secure AFS, Secure File Storage, Wasabi Cloud Storage | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| File Transfer: Globus | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Cardinal Voice Softphone | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Slack Messaging: Public Channels | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Slack Messaging: Direct Messages and invite-only (private) channels | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Not approved for PHI data |
|---|
| Issue Tracking: JIRA | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Not approved for PHI data |
|---|
| Network Access Control: SUNAC | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
Project Management: M365 Planner
IMPORTANT: Only approved for PHI data with Cardinal Key. | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| ServiceNow | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
Smartsheet: Collaboration and Project Management Statement from Stanford CISO October 2025 | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Stanford Profiles: CAP | Approved for low risk data | Not approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Survey Tool: Qualtrics - University, SoM, and GSB instances | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Survey Tool: Qualtrics - All other instances, M365 Forms | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Task Tracking: M365 To-Do | Approved for low risk data | Approved for moderate risk data | | |
|---|
| Voice Messaging | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| VPN | Approved for low risk data | Approved for moderate risk data | Approved for general high risk data | Approved for PHI data |
|---|
| Web Programming: CGI | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|
| Wiki: Confluence | Approved for low risk data | Approved for moderate risk data | Not approved for general high risk data | Not approved for PHI data |
|---|