In cases where a potential breach of security is observed such as a shared or publicly displayed password with no High Risk Confidential Information (HRCI) is involved, the local School security administrator, security liaison, IT manager, or CIO should be notified.

In cases of potential network security breach, the School network administrator should be notified. If the local network security administrator is not known or is not available, the University Network Security group should be notified in cases of potential security breach nsirt@harvard.edu.

In cases where a laptop is lost and there is no high risk confidential information, review best practice for reporting loss. www.security.harvard.edu/resources/best-practices

In cases where High Risk Confidential Information (HRCI) is breached or a laptop with high risk confidential information is lost or stolen, report the breach to the Office of General Counsel. Call 617-495-1280.

Upon discovery of a security breach that may jeopardize credit information, the user is required to immediately contact Harvard Cash Management (Cheryl Margey 617-495-5471).

In cases where there is a concern about compliance with the Enterprise Security Policy, please contact your Central Administration IT manager or School CIO. For an independent, confidential conversation, you may contact the University Ombudsman - http://www.universityombudsman.harvard.edu/.

In addition, the University Compliance Hotline is available to University affiliated persons wishing to remain anonymous when reporting concerns regarding compliance matters. The Compliance Hotline is answered by an independent third-party vendor and is a toll-free, 24-hour-a-day resource to report concerns if you do not feel comfortable speaking with a supervisor or other resource.   To report via the Compliance Hotline please call 1-877-694-2ASK (2275) or submit a report online.