Encrypting your laptop and desktop computers using the Stanford Whole Disk Encryption (SWDE) service is the single most important step you can take to protect your and the University’s data in the event the device is lost or stolen.
The SWDE service is for both Windows and Macintosh desktop and laptop computers that support native encryption. Once installed, all files are automatically encrypted. The data is protected while the computer is in standby or hibernation mode as long as the hard disk is password protected.
The University established a goal of verifiably encrypting all faculty, staff, and postdoc Windows and Macintosh computers. This requirement applies to both Stanford and personally owned computers that are used for Stanford activities on the campus network, other than those granted exceptions due to special requirements.
- Only those with password access to the system are authorized to access the data, which protects the data if your computer is lost or stolen.
- Every computer using SWDE automatically checks in with a logging and administrative server on a regular basis. In the event of loss or theft of a computer with High Risk Data, Stanford policy requires notification of the Information Security Office (ISO). ISO in turn will use the logs to determine if a lost or stolen computer is a "reportable" event, possibly requiring notification of persons whose data may have been lost or stolen.
- In the event you lose or forget your password, a self-service process to recover your encryption key is available.
- If necessary, the whole disk can be unencrypted (with the assistance of your local IT support).
Note: Computers on which you access or use High Risk Data must run SWDE. Computers on which you access or use other types of Stanford data (i.e., Moderate or Low Risk Data) are recommended to run SWDE but can run the VLRE application, which periodically reports on the computer's encryption status.
To download and install SWDE, see: