Security Policies

In higher education, an information security policy is a document required by state and federal law that just outlines how the school plans to protect its sensitive, confidential, or legally-protected information. An information security policy is often considered a "living document," meaning that the document is never finished, but is continuously updated as community, technology, and University, requirements change. 

University Policies

• Harvard Enterprise Security Policy (HESP)
• Harvard Research Data Security Policy (HRDSP)
• Harvard University Digital Accessibility Policy
• General Data Protection Regulation (GDPR) EEA Privacy Disclosures
  • GDPR Readiness Resources
• Policy on Access to Electronic Information
• Digital Millennium Copyright Act (DMCA)
• University Credit Card Merchant Handbook
• Harvard FERPA Common Directory Elements
• Harvard Records Management
  • General Records Schedule
  •  Research Records Schedule
• Harvard Staff Personnel Manual

HGSE Policies & Statements

• Written Information Security Plan (WISP)
• HGSE Confidentiality Agreement
• Website Privacy Statement

State and Federal Regulations

Massachusetts

• 201 CMR 17.00

Federal

• Family Educational Rights and Privacy Act (FERPA)
• Gramm-Leach-Bliley Act (GLB)
• Health Insurance Portability and Accountability Act (HIPAA)
• Digital Millennium Copyright Act (DMCA)

Other

• EU General Data Protection Regulation (GDPR)
• Payment Card Industry Data Security Standard (PCI DSS)