The Responsibility Matrix indicates whether University IT or the client is ultimately responsible for performing the listed task. In instances where there are check marks (✓) in both columns, both the client and University IT must coordinate their efforts to ensure the successful completion of the task. It is not the intent of any Responsibility Matrix to absolutely define every process, function or task performed as a contracted function.
| SERVICE NAME | Client | University IT |
|---|---|---|
| HANDLING PROTECTED HEALTH INFORMATION (PHI) | ||
|
Identify users with PHI |
✓ | |
| Notify University IT when users with PHI are enrolled in the service, using Stanford Services | ✓ | |
| Disable web-based restore capability for users with PHI, allowing restores only via the desktop client | ✓ | |
| SOFTWARE DISTRIBUTION, INSTALLATION and CONFIGURATION | ||
| Make default, system-specific client installers available online | ✓ | |
| Create organization-specific client installers | ✓ | |
| Install client software | ✓ | |
| Post and maintain documentation indicating include/excludes for default configurations | ✓ | |
| ACCOUNT MANAGEMENT, BILLING | ||
| Identify a single individual to act as a "Client Contact" for technical and billing communications | ✓ | |
| Be responsible for the distribution and usage of a client's unique Organizational Serial Code | ✓ | |
| Immediately deactivate user accounts and delete all user archives when users or devices become ineligible for the service. | ✓ | |
| Notify University IT if unauthorized user accounts are identified and corrective administrative action is needed, using Stanford Services | ✓ | |
| Review monthly billing reports and immediately report discrepancies, using Stanford Services | ✓ | |
| Review the number of client licenses used by each Organization Serial Code and make quarterly billing adjustments | ✓ | |
| SUPPORT and INCIDENT MANAGEMENT | ||
| Alert the campus community to sustained, unscheduled interruptions using the University Alerts system | ✓ | |
| Administer and troubleshoot the CrashPlan server | ✓ | |
| Troubleshoot client software | ✓ | |
| Push out updated client software (done by CrashPlan) | ||
| Restore individual user data | ✓ | |
| Perform individual test restores | ✓ | |
| Send automatically-generated emails alerting users to missed backups | ✓ | |
| Monitor individual user backups | ✓ | |
| Monitor system-wide backup performance | ✓ | |
| PRIVACY and SECURITY | ||
| Enforce encryption of backup data, authentication mechanisms and proper handling of user archives | ✓ | |
| Collect identifying client information, including IP address and location, authenticating activity (SUNet IDs), specific restore and backup actions | ✓ | |
| Perform log analysis to identify suspicious activity | ✓ | |
| Conform to the responsibilities for handling electronic data as found in the Stanford Administrative Guide, Section 6 | ✓ | ✓ |
