NCES/IES Restricted-Use data Licenses impose significant restrictions on who can have a License, who can access the data, and where and how the data can be housed. One such restriction includes the use of secure data room where the Restricted-Use data is stored and used by Licensed researchers.

Due to the widespread demand for NCES/IES Restricted-Use data from our student and faculty researchers at HGSE combined with the significant resource overhead required of license applicants (e.g., NCES/IES Restricted-Use data can only be stored and used on...

Read more about NCES/IES SDR

Restricted-Use Data

Restricted-Use data are licensed datasets containing information typically held to higher information security standards to prevent unauthorized disclosure. Some common minimum security requirements for Restricted-Use data include its use and storage only at a licensed project office; restricted access to the secure project office for approved license users only; limited data access to users with an affidavit for the data provider or organization on file; and the use of data only on a stand-alone, non-networked desktop computer.


Read more about Restricted-Use Data

Secure Data Rooms

HGSE researchers are frequently the recipients of highly sensitive or confidential information from their data providers. As such, these researchers are sometimes required to reserve a secure data room in which to perform and analyze their research due to 1.) Certain data classification levels assigned by their respective Institutional Review Board (IRB) (either ...

Read more about Secure Data Rooms

Vendor Compliance

HGSE’s confidential information is only as secure as our third-party service providers, or vendors, that we entrust with it. The rising cost of technology and an institution’s desire to improve the bottom line is fostering many decisions to outsource more and more of infrastructural and research project processes and functionality. Outsourcing IT and School business systems and processes saves money only if the vendor neglects to have a security breach. Unfortunately, many vendors leave the door open for attack, as they don’t necessarily keep client security interests top of mind...

Read more about Vendor Compliance

Security Consultations


Many members of the HGSE community engage in research that involves the collection or use of legally protected information including Human Subject Information (HSI). In conjunction with HGSE and Harvard security policies, the Harvard Research Data Security Policy (HRDSP) specifically outlines protections around the collection and use of research data. While there are many angles to research data security throughout the lifecycle of a research project at...

Read more about Security Consultations

Incident Response

Please complete the below reporting steps if you experience or are aware of any of the following:

I've lost possession of an HGSE-owned/managed electronic device or a device that contains Harvard data.

  • Contact HGSE’s Director of Security Operations (DSO) via the IT Service Center
  • If you are an HGSE or Harvard employee, contact your manager
  • Open a case with the Harvard University Police Department (HUPD)...
Read more about Incident Response

Security Policies

In higher education, an information security policy is a document required by state and federal law that just outlines how the school plans to protect its sensitive, confidential, or legally-protected information. An information security policy is often considered a "living document," meaning that the document is never finished, but is continuously updated as community, technology, and University, requirements change. 

University Policies

  • ...
Read more about Security Policies

Information Security

Everyone at Harvard has a responsibility for the proper handling and protection of confidential information that's entrusted to or generated by us as required by University and local School security policies. 

The Harvard Graduate School of Education (HGSE) is committed to protecting the information that is critical to teaching, research, and the University’s many varied activities, our business operation, and the communities we support, including students, faculty, staff members, and the public. These protections may be governed by legal, contractual, or...

Read more about Information Security