| 1.1 Storing High-Risk Confidential Information | |
| 1.2 Human Subject Information | |
| 1.3 Personally Identifiable Medical Information | |
| 2.1 Obtaining Harvard Confidential Information | |
| 2.2 Protecting Confidential Information on Networks | |
| 2.3 Making Information Available through Directories | |
| 2.4 Identifying Users With Access To Confidential Information | |
| 2.4 Identifying Users With Access To Confidential Information | |
| 2.5 Inhibit Password Guessing | |
| 2.6 Limit Application Availability Time | |
| 2.7 Limit User Access to Confidential Information | |
| 2.8 Confidential Information on Harvard Computing Devices | |
| 2.9 Internet Access to Confidential Information | |
| 2.10 Confidentiality Agreements | |
| 2.11 Harvard University ID Numbers | |
| 2.12 Training and Communication | |
| 3.1 FERPA Directory Information | |
| 3.2 FERPA Blocks | |
| 4.1 Accepting Payment Cards | |
| 5.1 Physical Environment | |
| 5.2 Recording Information About the Activities of Individuals | |
| 6.1 Contracts | |
| 7.1 Computer Operation | |
| 7.2 Computer Setup | |
| 7.3 Target Systems and Controllers | |
| 7.4 Network Take-down and Vulnerability Scanning | |
| 8.1 IT Service Resumption | |
| 8.2 Incident Response Process | |
| 9.1 Disposition and Destruction of Records | |
| 9.2 Reporting Security Breaches | |
| 9.3 Interacting with Legal Authorities | |
| 10.1 Web Based Surveys | |
|
|
|
|
