Encryption

HMS Information Technology

More... Share to Twitter Share to Facebook
Encryption

All University owned laptops must be protected with whole disk encryption (WDE). Note that the University considers any laptop purchased with a grant to be University owned as well as laptops that are purchased through normal procurement methods. High Risk Confidential Information which includes a person's name in conjunction with the person's Social Security, credit or debit card, individual financial account, driver's license, state ID, or passport number, or a name in conjunction with biometric information about the named individual. This information must only be stored, when absolutely required, on University owned systems with WDE. The HMS CIO must approve the storage of all HRCI on any system other than a centrally managed server or storage system.

Laptops

HMS currently recommends using Bit Locker for Windows 7 or later, or File Vault for Mac OS X 10.7 or later.  Both solutions meet the University’s minimum requirements for Whole Disk Encryption.
When using either of these products, it is very important to keep a copy of the encryption key in a safe place.  If you forget your password, the encryption key is the only way to unlock the computer.

In order to ensure the complete safety of your data on your laptop, HMS IT also strongly recommends that your laptop is backed up with CrashPlan.

For assistance with setting up Bit Locker or File Vault, or any other questions regarding laptop encryption, please contact the HMS Information Technology Service Desk at (617) 432-2000 or by email at itservicedesk@hms.harvard.edu.


Smartphones

All smartphones must require that a password or Personal Identification Number (PIN) be entered in order to use the device. The device must be set to lock automatically after a period of 5 minutes and set to erase all data on the phone after 10 unsuccessful password entry attempts. To learn more about smartphone passwords and encryption please visit the Mobile Computing page.