Enterprise Security Policy

Introduction

Harvard has developed this Enterprise Information Security Policy to ensure that Harvard's technical resources are properly protected, that the integrity and privacy of confidential information is maintained, that information resources are available when they are needed and that users of these resources understand their responsibilities.

The following policies are provided with detailed information, including a Discussion on the policy and Best Practices for compliance. View guidelines for School and Central Administration compliance [1].

Scope

These policies apply to everyone at Harvard who works with Harvard confidential information, to vendors who contract with Harvard to work with Harvard confidential information and to the physical and computer environments that support their work.


1. High Risk Confidential Information (HRCI) [2]	6. Working With Vendors [3]
2. Confidential Information [4]	7. Computers & Servers [5]
3. Student Information [6]	8. Other IT Policies [7]
4. Credit Card Information [8]	9. Federal & Regulatory [9]
5. Building Access & Physical Environment [10]	10. Web Based Surveys [11]

Links:
[1] http://security.harvard.edu/enterprise-security-policy/compliance-assessment
[2] http://security.harvard.edu/enterprise-security-policy/1-high-risk-info
[3] http://security.harvard.edu/enterprise-security-policy/6-working-with-vendors
[4] http://security.harvard.edu/enterprise-security-policy/2-confidential-info
[5] http://security.harvard.edu/enterprise-security-policy/7-computers-and-servers
[6] http://security.harvard.edu/enterprise-security-policy/3-student-info
[7] http://security.harvard.edu/enterprise-security-policy/8-other-it-policies
[8] http://security.harvard.edu/enterprise-security-policy/4-credit-card-info
[9] http://security.harvard.edu/enterprise-security-policy/9-federal-regulatory
[10] http://security.harvard.edu/enterprise-security-policy/5-access
[11] http://security.harvard.edu/enterprise-security-policy/10-surveys