In the course of supporting the business of the University, IT staff performing regular duties may have access to data in applications, emails and file systems or on desktops, servers and networks and other systems that must be protected by the University. In performing their duties IT staff will comply with applicable University policies including the Harvard Information Security Policy and Harvard's Policy on Access to Electronic Information.
As a Harvard IT organization,
- IT staff will receive communications and training on the Code of Conduct
- IT staff will be required to annually review and affirm the Code of Conduct
- IT leadership will provide guidance on this Code of Conduct as challenges are observed or encountered.
- IT leadership will review and revise the Code of Conduct as needed in response to any incidents or as technology changes
As IT professionals,
- We have access to user’s electronic information1, some of which may be personal and confidential
- We require access to user’s electronic information in order to develop, test, implement and support the University’s applications, systems and networks and to ensure they run properly; to protect against threats such as attacks, malware, and viruses; to protect the integrity and security of information; to help support business continuity; and to help deal with threats to campus safety and the safety of individuals.
- It is part of our job to help protect all user’s electronic information from unauthorized access
As IT professionals,
- We only obtain the information we need to perform our job or which we have been directed to obtain by proper University or legal authorities
- We only use the information gathered for the purpose for which it was obtained, properly protect the information while in our possession, and dispose of it properly once it is no longer needed for business purposes
- We will not peruse or examine user’s electronic information for any purpose other than to address a specific issue
- We understand any failure to meet the Code of Conduct is considered a violation of trust and is grounds for disciplinary action up to and including dismissal
- We will sign a yearly acknowledgment that we have received, read, and understood this Code of Conduct Below are some examples of the Code of Conduct in practice.
These are meant to be representative and helpful, but not comprehensive. If a need arises for exceptions to the principles and examples in this Code of Conduct document, approval must be obtained from the University CIO, University CSO or school CIO.
|Quality Engineers, Developers, Project Managers and Business Analysts||
|Help Desk Staff||
Never ask users for passwords
Only enable email forwarding to another designation when requested by the mailbox owner
|System Administrators & DBAs||
|Production Control and Computer Operations||
1 For definition of “user’s electronic information” see: http://hwpi.harvard.edu/files/provost/files/policy_on_access_to_electron...