Document the name, department, and role of the informed IT liaison (practice manager or service owner), contact information, and the data classification level. This should be stored in a secure local repository (such as Service Now) or a spreadsheet which is stored securely.
Set to require the use of SSL, TLS or other encrypted protocol for email and calendar access. Regardless of device type, if you are considering use of applications that will access or transfer Harvard confidential information and have questions about whether this is appropriate, contact your help desk.
University staff members who are authorized to use confidential information must annually acknowledge the University Confidentiality Agreement (found in Peoplesoft-->Self-Service-->My Preferences and Agreements).
University staff members who are authorized to use confidential information must annually complete ...
Before deletion or shredding of records, check to ensure that the records are no longer needed, and remember that some records that contain Social Security Numbers (SSNs) or other High Risk Confidential Information may be scheduled as eligible for transfer to Archives. Store an Archive-selected identifiable records containing full SSNs securely; and see the HU Records Management Services for further...
Use only the confidential information that you need for your role. If you change roles, ensure that any access that is no longer required is removed.
If you move from a job with one security access level to another role with a different level of access, make sure your new level is appropriate for your role. Check with your manager or HR officer for the right level of access.
SA13: Servers storing or processing information belonging to more than one classification must meet the requirements associated with the highest classification, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).