Harvard University aims for excellence in its administrative operations and the employment experience it provides. Flexwork (also know as flexible work arrangements, or flex) can contribute to this excellence, providing the potential for employees to perform consistently at the highest levels, work together efficiently and effectively to meet the University’s mission and business objectives, and maintain a good quality of life.

One common type of flex work seen at Harvard and HGSE is the ability for staff and faculty to work remotely, including the ability to allow...

HGSE researchers are frequently the recipients of highly sensitive or confidential information from their data providers. As such, these researchers are sometimes required to reserve a secure data room in which to perform and analyze their research due to 1.) Certain data classification levels assigned by their respective Institutional Review Board (IRB) (either ...

Virtual Private Network (VPN) is a secure method for remotely accessing data and systems that reside within the Harvard network. VPN technology enables off-net users to connect via encrypted communications to University network resources in the same way they would if they were directly connected to the Harvard network in their office. Most accounts are used by Harvard Graduate School of Education faculty and staff to access their shared drives on the GSE network from outside of the School.

Users with internet access can use the VPN account to build a secure “tunnel” through...

Technology equipment often contains parts and information that cannot simply be thrown away. Proper disposal of equipment is both environmentally responsible and often required by law. In addition, hard drives, USB drives, CD-ROMs and other storage media may contain various kinds of HGSE data, some of which is considered sensitive or legally protected. Normal "erasing" of files does not remove data from a storage device, it just tells the computer that the old data sectors are now available to be overwritten. The old data remains in place, and is thus a major security...

Set your software to auto-update. Install updates, and restart if needed. Millions of lines of code are written every day. With so much code, there are bound to be bugs - but some bugs put your data at risk. We call those vulnerabilities. Software updates fix the code that makes us vulnerable. The information contained within the 'Apply Updates' section of the University's 'Small Actions, Big Difference' security campaign can teach...

Encryption is a tool that is required by the Harvard Enterprise Security Policy (HESP) and Research Data Security Policy (HRDSP) for certain mobile devices (laptops, cellphones, tablets, USB...

The HGSE IT department cannot overstate the value of using an up-to-date antivirus and anti-spyware program. Antivirus software will help keep your computer free of malicious software such as viruses, worms, and trojan horses. You also need to protect yourself against spyware and adware, which can gather your personal information or create an opening for more serious threats.

Obtaining Software

Freeware antivirus software is available on the Internet which will provide you coverage, but may show some ad/banners as well. Generally, HGSE...

HGSE’s confidential information is only as secure as our third-party service providers, or vendors, that we entrust with it. The rising cost of technology and an institution’s desire to improve the bottom line is fostering many decisions to outsource more and more of infrastructural and research project processes and functionality. Outsourcing IT and School business systems and processes saves money only if the vendor neglects to have a security breach. Unfortunately, many vendors leave the door open for attack, as they don’t necessarily keep client security interests top of mind...

The below process is provided simply to give HGSE researchers a better sense of what a path to research data/project approval and acquisition generally looks like at HGSE--many projects may deviate from this outline.

Similarly, you will see the names of and links to three primary online applications below: ESTR-IRB, the Data Safety Application, and the...

Please complete the below reporting steps if you experience or are aware of any of the following:

I've lost possession of an HGSE-owned/managed electronic device or a device that contains Harvard data.

• Contact HGSE’s Director of Security Operations (DSO) via the IT Service Center
• If you are an HGSE or Harvard employee, contact your manager
• Open a case with the Harvard University Police Department (HUPD)...

In higher education, an information security policy is a document required by state and federal law that just outlines how the school plans to protect its sensitive, confidential, or legally-protected information. An information security policy is often considered a "living document," meaning that the document is never finished, but is continuously updated as community, technology, and University, requirements change. 

University Policies & Guidelines

(See the University's full list on the...

Everyone at Harvard has a responsibility for the proper handling and protection of confidential information that's entrusted to or generated by us as required by University and local School security policies. 

The Harvard Graduate School of Education (HGSE) is committed to protecting the information that is critical to teaching, research, and the University’s many varied activities, our business operation, and the communities we support, including students, faculty, staff members, and the public. These protections may be governed by legal, contractual, or...