Harvard's Enterprise Information Security Policy (HEISP) consists of three elements that apply to all data stored at Harvard, no matter the intended use. The three elements of HEISP are:
Policy Statements: Everyone at Harvard has a responsibility for proper handling and protection of confidential information as set out in the Policy Statements. These policies apply to the entire Harvard community including faculty, staff, and students. Each policy is supported by Requirements that describe what must be done to be in compliance. Specific implementation steps are described in the How-Tos that accompany the Requirements.
Requirements: Harvard developed use and storage restrictions based on the type of data (Student, Human Resources, Financial, Alumni, etc.) being used, the Data Security Level assigned to the data, and the manner in which the data is being accessed and shared.
How-Tos: Contains categories of common data uses, and details specific processes and requirements for ensuring compliance with internal and external regulations.