Information Security

Remote Work & Travel

Harvard University aims for excellence in its administrative operations and the employment experience it provides. Flexwork (also know as flexible work arrangements, or flex) can contribute to this excellence, providing the potential for employees to perform consistently at the highest levels, work together efficiently and effectively to meet the University’s mission and business objectives, and maintain a good quality of life.

One common type of flex work seen at Harvard and HGSE is the ability for staff and faculty to work remotely, including the ability to allow...

Read more about Remote Work & Travel

Secure Collaboration

The below use-case examples, service descriptions, and comparison charts aim to highlight the features and functionality across the University’s various file storage and collaboration tools to help guide users’ tool selections appropriate to their specific business and security requirements. If there is any doubt about the appropriateness of a solution for your data, please contact HGSE's Director of Security Operations to discuss by...
Read more about Secure Collaboration



NCES/IES Restricted-Use data Licenses impose significant restrictions on who can have a License, who can access the data, and where and how the data can be housed. One such restriction includes the use of secure data room where the Restricted-Use data is stored and used by Licensed researchers.

Due to the widespread demand for NCES/IES Restricted-Use data from our student and faculty researchers at HGSE combined with the significant resource overhead required of license applicants (e.g., NCES/IES Restricted-Use data can only be stored and used on...

Read more about NCES/IES SDR

Restricted-Use Data

Restricted-Use data are licensed datasets containing information typically held to higher information security standards to prevent unauthorized disclosure. Some common minimum security requirements for Restricted-Use data include its use and storage only at a licensed project office; restricted access to the secure project office for approved license users only; limited data access to users with an affidavit for the data provider or organization on file; and the use of data only on a stand-alone, non-networked desktop computer.


Read more about Restricted-Use Data

Secure Data Rooms

HGSE researchers are frequently the recipients of highly sensitive or confidential information from their data providers. As such, these researchers are sometimes required to reserve a secure data room in which to perform and analyze their research due to 1.) Certain data classification levels assigned by their respective Institutional Review Board (IRB) (either ...

Read more about Secure Data Rooms


Know Your DataAs an end-user within the Harvard Graduate School of Education (HGSE) and broader Harvard University community, encryption is a tool that is required by the ...

Read more about Encryption

Vendor Compliance

HGSE’s confidential information is only as secure as our third-party service providers, or vendors, that we entrust with it. The rising cost of technology and an institution’s desire to improve the bottom line is fostering many decisions to outsource more and more of infrastructural and research project processes and functionality. Outsourcing IT and School business systems and processes saves money only if the vendor neglects to have a security breach. Unfortunately, many vendors leave the door open for attack, as they don’t necessarily keep client security interests top of mind...

Read more about Vendor Compliance

Security Consultations


Many members of the HGSE community engage in research that involves the collection or use of legally protected information including Human Subject Information (HSI). In conjunction with HGSE and Harvard security policies, the Harvard Research Data Security Policy (HRDSP) specifically outlines protections around the collection and use of research data. While there are many angles to research data security throughout the lifecycle of a research project at...

Read more about Security Consultations

Approval Process

The below process is provided simply to give HGSE researchers a better sense of what a path to research data/project approval and acquisition generally looks like at HGSE--many projects may deviate from this outline.

Similarly, you will see the names of and links to three primary online applications below: ESTR-IRB, the Data Safety Application, and the...

Read more about Approval Process