Skip to content Skip to site navigation

High Risk Data in Stanford Google Drive

Cardinal Key is required in order to store High Risk Data (including PHI) in Stanford’s Google Drive and Microsoft O365 environments. Cardinal Key ensures that devices used to access these data meet the university’s cybersecurity requirements. If you will be only sharing PHI data with internal Stanford community members,  follow the steps below to facilitate workgroup integration for easier user management:

  1. If you don't already have it installed, set up Cardinal Key on each of your devices:
    1. For laptops/desktops, we now have an installer to simplify the process.
    2. Once installed, you can test each of your devices and browsers via https://cardinalkey-test.stanford.edu.
    3. For mobile devices (iOS only), use these installation instructions.
  2. Prepare a separate workgroup for Cardinal Key enforcement:
    1. Create a new workgroup via https://workgroup.stanford.edu → Create a New Workgroup.
    2. Enable Google Group integration: Select your new workgroupWorkgroup Integration → click Link in the Google Group row.
      1. The integration does not take effect immediately. Check back on this page for confirmation of when the integration has been established.
    3. Add members to the workgroup who will be accessing the High Risk Data.
    4. Notify the members that they will need to use Cardinal Key for access to Stanford’s Google services.
  3. Notify ISO of your new workgroup via a Help request so it can be enabled for Cardinal Key enforcement. Await confirmation before proceeding to Step 4.
  4. For Google Drive: Prepare a dedicated shared drive specifically for storing the High Risk Data in Google.
    1. Create the shared drive in Google: https://drive.google.comShared drivesNew.
    2. Restrict access to the share drive: Select the drive → Shared drive settings:
      1. Uncheck “People outside Stanford University can be added to files.”
      2. Uncheck “People who aren't shared drive members can be added to files.”
    3. Grant the workgroup access to your shared drive: select the drive → Manage members.

Once the steps above have been completed, you can adjust access at any time by adding/removing members to/from your workgroup.

Please submit a Help request if you have any questions.  You can also use the #iso-cardinalkey Slack channel to reach the support team.

Last modified June 19, 2023