Information Security

Remote Work & Travel

Harvard University aims for excellence in its administrative operations and the employment experience it provides. Flexwork (also know as flexible work arrangements, or flex) can contribute to this excellence, providing the potential for employees to perform consistently at the highest levels, work together efficiently and effectively to meet the University’s mission and business objectives, and maintain a good quality of life.

One common type of flex work seen at Harvard and HGSE is the ability for staff and faculty to work remotely, including the ability to allow...

Read more about Remote Work & Travel

Secure Collaboration

The below use-case examples, service descriptions, and comparison charts aim to highlight the features and functionality across the University’s various file storage and collaboration tools to help guide users’ tool selections appropriate to their specific business and security requirements. If there is any doubt about the appropriateness of a solution for your data, please contact HGSE's Director of Security Operations to discuss by...
Read more about Secure Collaboration

Secure Data Rooms

HGSE researchers are frequently the recipients of highly sensitive or confidential information from their data providers. As such, these researchers are sometimes required to reserve a secure data room in which to perform and analyze their research due to 1.) Certain data classification levels assigned by their respective Institutional Review Board (IRB) (either ...

Read more about Secure Data Rooms

Secure Destruction

Technology equipment often contains parts and information that cannot simply be thrown away. Proper disposal of equipment is both environmentally responsible and often required by law. In addition, hard drives, USB drives, CD-ROMs and other storage media may contain various kinds of HGSE data, some of which is considered sensitive or legally protected. Normal "erasing" of files does not remove data from a storage device, it just tells the computer that the old data sectors are now available to be overwritten. The old data remains in place, and is thus a major security...

Read more about Secure Destruction

Patching & Updates

Set your software to auto-update. Install updates, and restart if needed. Millions of lines of code are written every day. With so much code, there are bound to be bugs - but some bugs put your data at risk. We call those vulnerabilities. Software updates fix the code that makes us vulnerable. The information contained within the 'Apply Updates' section of the University's 'Small Actions, Big Difference' security campaign can teach...

Read more about Patching & Updates

AntiVirus Software

The HGSE IT department cannot overstate the value of using an up-to-date antivirus and anti-spyware program. Antivirus software will help keep your computer free of malicious software such as viruses, worms, and trojan horses. You also need to protect yourself against spyware and adware, which can gather your personal information or create an opening for more serious threats.

Obtaining Software

Freeware antivirus software is available on the Internet which will provide you coverage, but may show some ad/banners as well. Generally, HGSE...

Read more about AntiVirus Software

Vendor Compliance

HGSE’s confidential information is only as secure as our third-party service providers, or vendors, that we entrust with it. The rising cost of technology and an institution’s desire to improve the bottom line is fostering many decisions to outsource more and more of infrastructural and research project processes and functionality. Outsourcing IT and School business systems and processes saves money only if the vendor neglects to have a security breach. Unfortunately, many vendors leave the door open for attack, as they don’t necessarily keep client security interests top of mind...

Read more about Vendor Compliance

Approval Process

The below process is provided simply to give HGSE researchers a better sense of what a path to research data/project approval and acquisition generally looks like at HGSE--many projects may deviate from this outline.

Similarly, you will see the names of and links to three primary online applications below: ESTR-IRB, the Data Safety Application, and the...

Read more about Approval Process

Incident Response

Please complete the below reporting steps if you experience or are aware of any of the following:

I've lost possession of an HGSE-owned/managed electronic device or a device that contains Harvard data.

  • Contact HGSE’s Director of Security Operations (DSO) via the IT Service Center
  • If you are an HGSE or Harvard employee, contact your manager
  • Open a case with the Harvard University Police Department (HUPD)...
Read more about Incident Response

Security Policies

In higher education, an information security policy is a document required by state and federal law that just outlines how the school plans to protect its sensitive, confidential, or legally-protected information. An information security policy is often considered a "living document," meaning that the document is never finished, but is continuously updated as community, technology, and University, requirements change. 

University Policies

  • ...
Read more about Security Policies

Information Security

Everyone at Harvard has a responsibility for the proper handling and protection of confidential information that's entrusted to or generated by us as required by University and local School security policies. 

The Harvard Graduate School of Education (HGSE) is committed to protecting the information that is critical to teaching, research, and the University’s many varied activities, our business operation, and the communities we support, including students, faculty, staff members, and the public. These protections may be governed by legal, contractual, or...

Read more about Information Security