Monitoring Tools Privacy Information

Our goal is to stay ahead of cybersecurity threats by using advanced technologies and tools that help us to monitor and detect potential issues. This way, we can identify and address vulnerabilities before they can be exploited.

We prioritize the privacy of all members of our Stanford community and strive for transparency in our actions. To make it easier for you to understand these protection measures, we’ve consolidated the privacy information from individual service pages.

Function	Tool	Requirements	Information collected	Information not collected	Learn more
Endpoint Device Management	BigFix	macOS Windows	BigFix collects certain basic inventory information about the computer, such as the presence or absence of critical security updates, IP address, operating system, and some hardware data.	BigFix does not collect any direct personal identifiers (email, calendar events, contacts, personal files, etc) from your laptop or desktop computer.	See the complete list of collected information.
Endpoint Device Management	Jamf	macOS	Stanford’s implementation has been customized to collect only the data needed to support Stanford Mac devices and maintain the security of our networks and data. Jamf can: View model, serial number, and operating system Identify your device by name Reset lost or stolen device to factory settings View disk encryption status View information for installed applications (e.g. log files, plist settings files)	Jamf does not collect personal information, such as the contents or names of individual files (documents, email, etc.) or any browsing history. Jamf cannot: View browsing history on a device Access personal emails, documents, contacts, or calendars Access your passwords View, edit, or delete photos View frequency of application use Determine the location of a device	Refer to the Jamf FAQs for macOS.
Endpoint Device Management	Jamf	iOS iPadOS	Here's a list of the information collected by Stanford's MDM system and why it's needed: Device and network ID, and information on storage capacity, operating system, carrier, and firmware to uniquely identify your device in MyDevices and to ensure that we're looking at the correct records if it’s lost or stolen. List of apps installed by MDM, not including your personal apps. This is needed by MDM to confirm whether apps provided by Stanford have been installed. MDM can list all installed apps, but we have explicitly disabled that capability. Jailbreak or root detection, which indicates whether built-in security features have been bypassed. Jailbreak or root detection informs you if these features have been disabled).	MDM cannot access your application data, call history, voicemail, or SMS messages on your mobile device. Stanford cannot and does not collect your personal data, and while the capability exists, we do not collect GPS location information.	Refer to: MDM privacy information Additional iOS privacy information
Endpoint Device Management	Intune	Android	Here's a list of the information collected by Stanford's MDM system and why it's needed: Device and network ID, and information on storage capacity, operating system, carrier, and firmware to uniquely identify your device in MyDevices and to ensure that we're looking at the correct records if it’s lost or stolen. List of apps installed by MDM, not including your personal apps. This is needed by MDM to confirm whether apps provided by Stanford have been installed. MDM can list all installed apps, but we have explicitly disabled that capability. Jailbreak or root detection, which indicates whether built-in security features have been bypassed. Jailbreak or root detection informs you if these features have been disabled).	MDM cannot access your application data, call history, voicemail, or SMS messages on your mobile device. Stanford cannot and does not collect your personal data, and while the capability exists, we do not collect GPS location information.	Refer to MDM privacy information.
Endpoint Device Management	VLRE	macOS Windows	VLRE does not have the capability of modifying or enforcing settings on your computer, but rather periodically reports on your computer's configuration in order to determine its level of compliance with the university's endpoint security requirements.	VLRE does not collect any personal data (email, calendar events, contacts, personal files, etc) from your laptop or desktop computer.	Refer to VLRE privacy information.
Email Security	Proofpoint URL Defense	Active @stanford.edu email address	Proofpoint logs whenever someone clicks a link. This information is accessible to the Information Security Office (ISO) to identify an account that has interacted with a malicious link. ISO then contacts the individual to ensure their credentials aren’t compromised.		Refer to Proofpoint FAQs.
Threat Detection	Crowdstrike Falcon	macOS Windows Linux	CrowdStrike Falcon enhances visibility into real-time and historical endpoint security events by gathering event data needed to identify, understand and respond to attacks — but nothing more. This default set of system events focused on process execution is continually monitored for suspicious activity. When such activity is detected, additional data collection activities are initiated to better understand the situation and enable a timely response to the event, as needed or desired. The specific data collected evolves as we advance our capabilities and in response to changes in the threat landscape. Information related to activity on the endpoint is gathered via the Falcon sensor and made available to the customer via the secure Falcon web management console.		Refer to: CrowdStrike FAQs CrowdStrike sensor events
Vulnerability Management	Qualys		ISO manages a fleet of on-campus appliances that conduct regular IP-based scans of our administrative networks. In doing so, we gather asset information (IP address, operating system, etc) and network configuration (ports, services, etc) on a regular basis. When the Qualys Cloud Agent software is installed on a server, it collects additional information. This can include operating system specifics and software and application data; login and account metadata; security and compliance data; file system and registry data; asset status and activity. Our enterprise agreement with Qualys allows them to securely inventory the information and correlate the data for analysis. The campus community can then run reports on vulnerabilities and misconfigurations of their servers, printers and other networked devices.	Dynamic networks (for example, the campus Wifi network used for mobile devices) are not scanned. Data that is inventoried will be expunged when the device is no longer detected on the campus network after 90 days.	Refer Qualys FAQs.
Vulnerability Management	Wiz	Cardinal Cloud AWS, GCP, and Azure accounts	Wiz automatically scans all Cardinal Cloud AWS, GCP and Azure accounts, non-disruptively, using cloud service providers’ native APIs. Information about the cloud accounts’ vulnerabilities, misconfigurations, malware and account activity is collected and securely stored. A representative selection of data is read (but not stored or transmitted) to determine data risk classification, detection of PII or PHI, credit card data and other sensitive data types. This is to correlate with other findings to classify the overall severity of issues detected. Along with logs from the cloud service providers, all the data is analyzed and correlated with the intention of presenting campus cloud engineers the ability to review findings and address vulnerabilities.	Wiz does not evaluate virtual hard drives that do not contain the primary operating system. Files are never stored or shared for threat analysis.	Refer to Wiz FAQs.