5.2 Recording Information About the Activities of Individuals

Harvard Enterprise Security Policy:

Policy Excerpt
Any unit that maintains logs or automatically generated records of actions of individuals must adopt written policies on the purpose of, and retention and access policies for, such logs and records.

HLS Policy:

As a standard practice HLS maintains log files for various applications and web services. Each application or web service may have different logging capabilities. If you have specific questions please contact Security(@law.harvard.edu).

This policy also does not cover the records generated in the normal course of business at Harvard, only the automatically created logs of the activities of individuals such as logs created by building access control systems, web and application servers and surveillance cameras. Other records are subject to the rules defined in the Harvard General Record Schedule.

Approved Solution:

HLS creates approved solutions on a case by case, application by application basis and stores log associated log files for as long as needed depending upon the type of system and data it contains.

Frequently Asked Questions:

Q: Can anyone have access to the log files HLS ITS maintains?
A: No. As a rule access to log files for non-system administrators must be approved by the Office of the General Counsel.

Q: What are the rules defined by the Harvard General Record Schedule
A: For more information visit the Office of Records Management web site found here: http://www.grs.harvard.edu/index.shtml