Risk Levels

There are three levels of risk classifications enforced by the Stanford University Information Technology office regarding information assets: High Risk, Moderate Risk, and Low Risk. Risk classifications are also broken down into three areas of practice: Data, Server, and Application. Detailed information for each risk classification, as well as examples and approved services, can be found here. Approved services indicate which classifications of data are allowed on a selection of commonly used Stanford University IT services.

Security and privacy concerns are often intertwined but not identical. There are multiple factors to consider when putting together the best data management practice and storage/compute environment for your research. In addition to accurately classifying the risk levels of your data and storage/compute environment, relevant privacy issues should be considered as well. Examples include applicable laws, regulations, data use agreement, and sensitivity of data.

Please note that our Yen servers, Box, and CloudForest service are approved for moderate risk data. If you are uncertain about the risk level of your research data/device/environment you are planning to use, please contact the Stanford University Privacy Office for a Data Risk Assessment.