Many members of the HGSE community engage in research that involves the collection or use of legally protected information including Human Subject Information (HSI). In conjunction with HGSE and Harvard security policies, the Harvard Research Data Security Policy (HRDSP) specifically outlines protections around the collection and use of research data. While there are many angles to research data security throughout the lifecycle of a research project at the University, one of the first steps required is for a researcher to submit their proposed research activities for approval.
To start, you can familiarize yourself with HGSE's general research Approval Process section. While information security is woven in to all steps of the research approval process, the most notable interactions between the researcher and security at HGSE is within steps 3 (data classification and the research security consultation) and step 4 (completion of Ancillary Reviews within ESTR and Agreements (if project utilizes any Data Use Agreements (DUAs)). Step 3 of the research approval process requires researchers to speak directly with HGSE's Director of Security Operations (DSO) so they may assist with the implementation of any information security tasks required of the researcher by the IRB's preliminary data classification level and/or by the project's DUAs.
However, researchers can set up an appointment with HGSE's DSO at any point during their research process to discuss their security needs by navigating here: calendly.com/sarah_pruski
Frequently staff and faculty members within HGSE implement infrastructural changes or projects within their respective unit or department. Sometimes these changes or projects inadvertently open up information security risks to physical and information technology assets, such as HGSE's network, computing systems, or critical applications.
The completion of a security consultation with HGSE's Director of Security Operations (DSO) is the best way to ensure these information security risks can be identified, prevented, or mitigated. Within each security consultation, any internal or external risks to physical, technical, or administrative processes or assets within the department are evaluated. Following the consultation, HGSE’s DSO works closely with the department and its staff to mitigate any identified risks.
Staff and faculty can set up an appointment with HGSE's DSO at any point during their project process to discuss their security needs by navigating here: calendly.com/sarah_pruski