Awareness Training


General Security

University Online Security Training: If you are an HGSE staff member who works with any form of secure data, the University requires you to complete the University online security training provided by HUIT-Security annually. The training module includes a brief online course and a final assessment.

Information Security Foundations: A Harvard IT Academy couse focused on communicating the fundamental concepts of information security, the threats, vulnerabilities, and risks to information at Harvard, and what you can do in your IT professional role to help protect information and mitigate risks. 

'Small Actions, Big Difference' Awareness Videos: These short videos from HUIT-Security give you practical advice for being secure online. After each tip, find out the steps you can take to make yourself more secure right now.

Mindful Strategies for Cyber Safety: In partnership with Harvard’s Center for Workplace Development, Harvard's created a class offering mindfulness techniques that have an immediate and significant effect on response to phishing and other online behavior habits. Participants will be introduced to the basics of mindfulness and learn how mindfulness practices can help regulate their state of mind to remain focused, creative, and resilient even as distractions and intrusive threats of all sorts creep into their day to day work.

Travel Advice & Resources: Both domestic and international travel requires careful planning, even for seasoned travelers. Use some of Harvard's tools and resources to help you travel smart and stay safe.

Research Security

Harvard policies require that all individuals who are involved in human subjects research complete training in the ethical conduct of human research. These individuals include investigators and all study team members who have contact with human subjects or their identifiable data, and faculty sponsors of non-exempt research. Additionally, the updated Harvard Research Data Security Policy (HRDSP) requires that researchers complete annual training which specifically addresses research data security as well as awareness around DUA requirements. The following two courses have been approved to satisfy the research data security training requirement:

  • CITI Information Privacy and Security for Researchers: IPS covers the principles of data protection, focusing on the healthcare-related privacy and information security requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the educational records and data-related requirements of the Family Educational Rights and Privacy Act (FERPA).
  • Harvard Research Data Security Training Course: Provides researchers and administrators with an overview of processes and procedures related to managing research data in compliance with the Harvard Research Data Security Policy and other related University policies. Specifically, the course focuses on human subjects and sensitive or confidential data, as well as data that is subject to contractual requirements. 

Principles of Research Data Confidentiality: This course provides an overview of the principles of research data confidentiality.

Regulation/Policy-Specific Security

Family Educational Rights and Privacy Act (FERPA): An interactive, online training course covers the basics of FERPA for all faculty and staff. The training focuses broadly on defining key terms from within the regulations and outlining what actions are required or permitted under FERPA.

Payment Card Industry (PCI) Awareness TrainingCredit card information is regulated by the PCI Data Security Standard (DSS). This standard is a set of data security requirements that applies to all Harvard University merchants who store, process or transmit sensitive credit cardholder data, as well as to all system components included in or connected to or the cardholder data environment. On an annual basis, all individuals that have access to sensitive credit cardholder data must receive security awareness training to be complicit with the PCI requirements.

Policy on Access to Electronic Information (AEI) Training: The AEI establishes the guidelines and processes for access to user electronic information stored in, or transmitted through, any University system. It is critical that IT professionals understand the policy and when to apply it. A 20-min online training course is available on the Harvard Training Portal that all Harvard IT staff are required to complete.

The General Data Protection Regulation (GDPR): GDPR is a new privacy-related regulation in the EU that became active and enforceable in May of 2018. GDPR requires U.S. organizations doing business in the EU to protect citizen privacy, and those organizations who do not comply may face heavy penalties. In conjunction with, Harvard's Training Portal (HTP) now offers several courses outining the essentials of GDPR.


General Security Awareness Training: Learn some industry and Harvard-specific data security basics along with practical, immediately actionable steps you can take to better secure your data.

Personal Security Actions (PSA) Training: A hands-on session/working meeting where participants are hand-walked through steps to protect their personal and professional accounts and devices against the most common attacks.