Usage and Policies
Terms of Service
Terms of Service
Account Creation Requirements
Research Storage Requirements
Shared Resource Requirements
Confidentiality Requirements
All members of the Harvard Business School community, including guest users, have a shared responsibility to protect confidential information and critical HBS network resources. Harvard University has put policies in place to ensure that the integrity and privacy of confidential information are properly protected. Please review the full list of policies at http://security.harvard.edu (Click “Policy” in the banner).
These requirements include
- Use strong passwords and do not share account credentials
- Use HBS confidential information only for work‐related purposes covered by this agreement
- Share HBS confidential information with others only for work-related purposes covered by this agreement
- Properly dispose of confidential information you no longer need to retain
- Immediately report any loss or possible unauthorized access to confidential information
- Immediately report loss of any of the devices on which you use confidential information
- Protect confidential information in your physical possession
- Properly protect confidential information when storing or transferring it
- Implement proper security features on all mobile/portable devices on which you use confidential information
- Read through and comply with Harvard University information security requirements at https://policy.security.harvard.edu/security-requirements that is appropriate for the data used
Confidentiality Agreement
As a user of the Harvard Business School HSBSGrid cluster and affiliated with a member of the HBS community, I understand that I may have access to Confidential Information in the course of my activities. For purposes of this Agreement, "Confidential Information" shall have the meaning set forth in the Harvard Enterprise Information Security Policy:
These requirements include
- I understand that, I may have access to information that HBS considers confidential. I have reviewed and understand Harvard’s Data Classification as explained on http://security.harvard.edu/dct.
- I will protect Confidential Information by having a strong password (see http://policy.security.harvard.edu/u4-strong-passwords)that I do not share with anyone for each of my Harvard accounts.
- I agree that I will protect Harvard Data according to its sensitivity:
- Level 3 data will only be stored on devices which have been fully encrypted. I understand that this requirement applies to both desktops/laptops and to mobile devices.
- Level 4 data will not be stored on any local device, including desktops, laptops, and mobile devices.
- Level 5 data will only be used in adherence to the specific requirements of that data; at this time, Level 5 data may not be stored on the HBSGrid. NOTE: for any questions concerning the appropriate classification of data, please refer to the Harvard University Data Classification categories listed at: http://security.harvard.edu/dct.
- Except as required by my HBS sponsoring researcher, I shall not, either during my relationship with the Harvard Business School or thereafter, directly or indirectly use or disclose any Confidential Information (Level 3 or higher) without the prior written consent of HBS.
- I agree that I will access only that Confidential Information that is necessary to perform my duties as a Harvard affiliate.
- I will store Confidential Information in paper form securely.
- I will report any breach of security of Harvard University Confidential Information that I learn about.
System Requirements
HBSGrid cluster users must implement the required security features on all mobile/portable devices on which they use Harvard or HBS confidential information. If you cannot ensure a device meets the minimum system requirements, you will not use it to access HBS resources.
Computers ‐ Laptops and desktops
- Use a complex password (Details on password complexity requirements can be found at https://policy.security.harvard.edu/u4-strong-passwords)
- Set an inactivity timeout (i.e. my screensaver will come on within 5 minutes of inactivity)
- Keep Antivirus and malware software up to date
- Keep security patches up to date
- Ensure my computer firewall is active
- Ensure my computer is encrypted before downloading and/or storing any HBS information
Smartphones and tablets
- Enable a password or access code
- Set an inactivity timeout (i.e. my device will lock within 5 minutes of inactivity)
- Erase data after 10 unsuccessful pin/password attempts
- Devices must be encrypted.
Lost or Stolen Devices
Removal of HBS Data
Last Updated 5/27/2021