To obtain access to Harvard Business School’s technology resources through Research Computing Services (RCS), you must acknowledge this agreement either electronically, on paper, or via request form indicating that you have read, understood, and accepted the statements in this agreement and that you agree to comply with applicable policies and laws governing the use of Harvard Business School’s technology resources and the protection of data privacy.

HBSGrid accounts are only available to HBS faculty and their sponsored collaborators, staff, and doctoral students. Collaborators must be sponsored by a faculty member or qualified staff member, who must sign and agree to the Guest User Agreement form.

Before putting any Level 3 or 4 sensitive data onto the research storage attached to the HBSGrid cluster, researchers must send their Data Usage Agreement and/or approved IRB proposals to the RCS staff. Level 5 data may NOT be stored anywhere on RCS' research storage. Furthermore, RCS staff should be notified if there are any changes made to the IRB or DUA.

When working on the HBSGrid, users must understand that the cluster is a shared resource. If over-requesting resources (CPU cores and RAM) or allowing sessions to sit idle over long periods of time, these unused resources are reserved exclusively for your use, which may result in others not being able to do their work. Users should follow the System Resources and Limits section in the HBSGrid documentation to ensure that you select the CPU and RAM profile that best fits your work at hand. Users who fail do so may have his/her access to resources terminated.

All members of the Harvard Business School community, including guest users, have a shared responsibility to protect confidential information and critical HBS network resources. Harvard University has put policies in place to ensure that the integrity and privacy of confidential information are properly protected. Please review the full list of policies at http://security.harvard.edu (Click “Policy” in the banner).

These requirements include

• Use strong passwords and do not share account credentials
• Use HBS confidential information only for work‐related purposes covered by this agreement
• Share HBS confidential information with others only for work-related purposes covered by this agreement
• Properly dispose of confidential information you no longer need to retain
• Immediately report any loss or possible unauthorized access to confidential information
• Immediately report loss of any of the devices on which you use confidential information
• Protect confidential information in your physical possession
• Properly protect confidential information when storing or transferring it
• Implement proper security features on all mobile/portable devices on which you use confidential information
• Read through and comply with Harvard University information security requirements at https://policy.security.harvard.edu/security-requirements that is appropriate for the data used

As a user of the Harvard Business School HSBSGrid cluster and affiliated with a member of the HBS community, I understand that I may have access to Confidential Information in the course of my activities. For purposes of this Agreement, "Confidential Information" shall have the meaning set forth in the Harvard Enterprise Information Security Policy:

These requirements include

1. I understand that, I may have access to information that HBS considers confidential. I have reviewed and understand Harvard’s Data Classification as explained on http://security.harvard.edu/dct.
2. I will protect Confidential Information by having a strong password (see http://policy.security.harvard.edu/u4-strong-passwords)that I do not share with anyone for each of my Harvard accounts.
3. I agree that I will protect Harvard Data according to its sensitivity:
• Level 3 data will only be stored on devices which have been fully encrypted. I understand that this requirement applies to both desktops/laptops and to mobile devices.
• Level 4 data will not be stored on any local device, including desktops, laptops, and mobile devices.
• Level 5 data will only be used in adherence to the specific requirements of that data; at this time, Level 5 data may not be stored on the HBSGrid. NOTE: for any questions concerning the appropriate classification of data, please refer to the Harvard University Data Classification categories listed at: http://security.harvard.edu/dct.
4. Except as required by my HBS sponsoring researcher, I shall not, either during my relationship with the Harvard Business School or thereafter, directly or indirectly use or disclose any Confidential Information (Level 3 or higher) without the prior written consent of HBS.
5. I agree that I will access only that Confidential Information that is necessary to perform my duties as a Harvard affiliate.
6. I will store Confidential Information in paper form securely.
7. I will report any breach of security of Harvard University Confidential Information that I learn about.

HBSGrid cluster users must implement the required security features on all mobile/portable devices on which they use Harvard or HBS confidential information. If you cannot ensure a device meets the minimum system requirements, you will not use it to access HBS resources.

Computers ‐ Laptops and desktops

• Use a complex password (Details on password complexity requirements can be found at https://policy.security.harvard.edu/u4-strong-passwords)
• Set an inactivity timeout (i.e. my screensaver will come on within 5 minutes of inactivity)
• Keep Antivirus and malware software up to date
• Keep security patches up to date
• Ensure my computer firewall is active
• Ensure my computer is encrypted before downloading and/or storing any HBS information

Smartphones and tablets

• Enable a password or access code
• Set an inactivity timeout (i.e. my device will lock within 5 minutes of inactivity)
• Erase data after 10 unsuccessful pin/password attempts
• Devices must be encrypted.

HSBGrid cluster users must notify HBS IT immediately in the event that any device which they have used for HBS business has been lost or stolen, or in the event that they believe that it may have been compromised by malware.

HBSGrid cluster users must acknowledge and accept the agreement that, when they depart from HBS, they must remove all data stored on the HBSGrid and/or research storage. Guest users of a departing HBS sponsor must delete all HBS information from their computers and mobile devices. In the event that guest users have been authorized by HBS to retain a portion of this data, they should continue to safeguard it according to HBS standards. Departing users may refer to our off-boarding checklist.

^{Last Updated 5/27/2021}