Security Policies
In higher education, an information security policy is a document required by state and federal law that just outlines how the school plans to protect its sensitive, confidential, or legally-protected information. An information security policy is often considered a "living document," meaning that the document is never finished, but is continuously updated as community, technology, and University, requirements change.
University Policies & Guidelines
(See the University's full list on the Office of the Provost's website)
- Harvard Enterprise Information Security Policy (HEISP)
- Harvard Research Data Security Policies
- Harvard University Digital Accessibility Policy
- Harvard University Privacy Statement
- Privacy Disclosures under Non-US Law for Individuals Located Outside the United States
- Policy on Access to Electronic Information (AEI)
- Generative AI Guidelines
- Digital Millennium Copyright Act (DMCA)
- IT Professional Code of Conduct to Protect Electronic Information
- University Credit Card Merchant Handbook
- Harvard FERPA Common Directory Elements
- Harvard Records Management
- Harvard Staff Personnel Manual
HGSE Policies & Statements
General Information Security Frameworks
Research-Specific Frameworks
- Controlled Unclassified Information (CUI)
- NIST Special Publication 800-171
- NSPM-33
- Federal Information Security Modernization Act (FISMA)
- Export Control Regulations
State and Federal Regulations
Massachusetts
Federal
- Family Educational Rights and Privacy Act (FERPA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Digital Millennium Copyright Act (DMCA)
