Manage Servers with High Risk Confidential Information

Implement annual vulnerability testing

 Server operators must take reasonable actions to ensure that Level 4 systems undergo at least annual vulnerability testing and vulnerability remediation.

No Level 4 On Devices

Work from materials stored on approved servers or services and do not copy them to your local system. If you are conducting field research to collect Level 4 data and cannot meet this requirement send an email to to request an information security consultation for Harvard-approved external encrypted portable storage media and process.