Financial Administration (FAD) Information Systems Security Best Practices

FAD information systems security best practices for managing and storing High Risk Confidential Information (HRCI) and Confidential Information (CI) apply to all FAD staff and help ensure that the organization is compliant with Harvard's Enterprise Security Policy (ESP) and Massachusetts data protection regulations. The ESP requires that FAD identify the locations of systems and records containing HRCI including all computing systems (laptops and desktops,) portable devices, and paper records and that we reasonably monitor these systems and files for unauthorized use/access.

These best practices are intended to serve as a guide when handling HRCI and to minimize the likelihood of inappropriate disclosure of Harvard's confidential administrative, academic and research data. FAD requires that all staff follow these best practices and incorporate them into their work routines.

FAD Information Security Best Practices
Many employees keep sensitive information in their files, including names, Social Security numbers, credit cards, HUIDs or other personally identifiable information. Inappropriate disclosure of HRCI can lead to fraud or identity theft, resulting in regulatory, reputational and financial repercussions.

The Federal Trade Commission has outlined five key principles to help keep your identity safe:

• Take Stock. Know what personal information is in your files and on your computer
• Scale Down. Keep only what you need for your business
• Lock It. Protect the information that you keep
• Pitch It. Properly dispose of what you no longer need
• Plan Ahead. Create a plan to respond to security incidents

Additionally, links to other related information can be found below. These include:

• Harvard University Security Mandates
• Security Training link Eureka! Information Security Principles
• Educational Security Incidents is a repository for reported information security incidents that have occurred at institutions of higher education