Ensure the security of your systems, vendors, and apps
HMS Information Security provides a range of security assessment services to strengthen the digital environment at HMS.
For further assistance or to initiate any service, contact the HMS IT Service Desk.
-
System vulnerability scanning
A proactive approach to discern system vulnerabilities.- Objective – Identify vulnerabilities in systems and software to ensure security.
- Scope – Regular assessments of both systems and web applications.
HMS Information Security schedules regular vulnerability scans that categorize threats based on their criticality. This ensures timely patches and remediation.
-
Vendor security assessments
Ensuring third-party vendors uphold HMS's data security standards.- Objective – Review and approve vendors' security postures.
- Scope – Any vendor accessing, storing, or processing HMS data.
You can engage with HMS Information Security by emailing iso@hms.harvard.edu to initiate vendor security reviews. The process entails:
- Receiving a business unit request.
- Procuring and examining vendors' security controls.
- Reviewing vendors' policy and governance documentation.
- Data classification using Harvard standards.
- Sending and reviewing the data classification worksheet with the vendor.
- Conveying the final assessment to the requesting business unit.
Ensure a contract with the vendor exists and has been reviewed by the Harvard Office of General Counsel.
-
Web application security assessments
Prioritizing the security of web applications.- Objective – Identify vulnerabilities in web applications.
- Scope – Applications before production and periodic reviews.
Before being introduced and during their lifecycle, web applications must be screened for potential threats. HMS Information Security collaborates with developers to rectify any found vulnerabilities.
Given the invasive nature of these scans, it's recommended:
- To back up site content and databases.
- Turn off email forms.
- Supply authentication credentials if applicable.
For third-party hosted applications, notify the provider before a scan. To arrange a scan, reach out to HMS Information Security.
-
Research data security services
Aligning data security with research requirements.- Objective – Review and meet diverse security requirements.
- Scope – Collaboration with Harvard Longwood Medical Area IRB and HMS Sponsored Programs.
HMS Information Security collaborates with several Harvard divisions to guarantee data security compliance in research, considering institutional policies and legal prerequisites.