Skip to Main Content
Application owners must ensure that only users with a specific business reason to access an application can access that application and no more than that application. Access rights to applications that can access confidential information must reflect a user’s current university status.
Administrative access rights to servers with confidential information must be limited to system administrators with a specific business reason for access and such access must be logged; any access rights must change if their university or status changes.
Access to non-electronic records containing confidential information must be restricted to people with a business need to access the records.
HLS ITS works with business owners of applications to identify and audit access to applications hosted by HLS. In the case of externally hosted applications HLS ITS will work with application owners and outside vendors to implement policies, practices and business processes to support and comply with this policy.
Periodic reviews of physical security requirements for non-electronic records will be conducted with departments or individuals who keep such records.
HLS ITS has created access forms for all systems hosted by HLS that contain High Risk Confidential Information. Access to such HRCI systems will not be granted until a form is properly processed.
Staff expiration information is given to HLS ITS by HLS Human Resources. For Non staff users managers or business owners of systems must contact HLS ITS directly to remove access.
Refer to Section 2.4 for more information regarding access to HRCI systems.
Q: What is the process for requesting access to an HRCI application?
A: The process for gaining access to an HRCI application differs slightly from application to application based on where the application is hosted. Contact HLSHELP(@law.harvard.edu) to start the process. HLS ITS will provide the requisite forms and contacts to facilitate access.
Back to Top