Information Technology Services - nav image

1.1 Storing High-Risk Confidential Information

Harvard Enterprise Security Policy:

Policy Excerpt
No member of the Harvard community and no vendor to Harvard is permitted to store High-Risk Confidential Information (other than their own) in any way relating to Harvard or Harvard sponsored activities locally on any individual user computer or on a portable storage device. Servers storing high-risk confidential information must be protected as Target Computers.
Non-electronic records containing high-risk confidential information must kept in secure locked containers except when in use.
People or groups at Harvard who wish to collect or work with High-Risk Confidential Information or to contract with a vendor to collect or work with such information must obtain prior approval from the School and/or University CIO.

HLS Policy:

The HLS policy is that no HRCI can exist on a laptop, desktop, thumb drive or other digital media, Other digital media includes Handheld devices such as PDA’s or cell phones.

Non-electronic records must be kept in locked filling cabinets when not in use. Access to the area containing the filing cabinets must be monitored.

For a copy of the HRCI collection approval form please email Security(@law.harvard.edu).

Approved Solution:

All HRCI must be stored on HLS network shared drives.

ITS has created a special folder structure on the M: drive to facilitate sharing of HRCI between departments at HLS.

Frequently Asked Questions:

Q: I have HRCI on my computer and need it to do my job, what should I do.
A: HLS ITS recommends keeping all HRCI on a shared network drive.

Last modified: November 06, 2008

© 2014 The President and Fellows of Harvard College. All rights reserved.