Whole Disk Encryption (WDE)

All University owned laptops must be protected with whole disk encryption (WDE). Note that the University considers any laptop purchased with a grant to be University owned as well as laptops that are purchased through normal procurement methods. High Risk Confidential Information (HRCI) must only be stored, when absolutely required, on University owned systems with WDE. The HMS CIO must approve the storage of all HRCI on any system other than a centrally managed server or storage system.

To review the Massachusetts law governing WDE, read the Standards for the Protection of Personal Information of Residents of the Commonwealth (PDF download)

To view commonly asked questions the regulation and its implementation, review the Frequently Asked Question Regarding 201 CMR 17.00 (PDF download)

Whole Disk Encryption Software

HMS currently recommends using BitLocker for Windows 7 or later, or FileVault for Mac OS X 10.7 or later.  Both solutions meet the University’s minimum requirements for Whole Disk Encryption. When using either of these products, it is very important to keep a copy of the encryption key in a safe place. If you forget your password, the encryption key is the only way to unlock the computer.

In order to ensure the complete safety of your data on your laptop, HMS IT also strongly recommends that your laptop is backed up with CrashPlan.

For assistance with setting up Bit Locker or File Vault, or any other questions regarding laptop encryption, please contact the HMS Information Technology Service Desk at (617) 432-2000 or by email at itservicedesk@hms.harvard.edu.

Currently Using PGP?

HMS Information Technology constantly reviews solutions in place to ensure they meet the requirements of the School's mission, and University policy. After a recent review, HMS IT has decided to stop recommending PGP as the preferred mobile device encryption solution.  While PGP has been a suitable product for providing mobile device encryption, we believe that other solutions, such as BitLocker and FileVault, provide more ease of use, compatibility, and reduce overall complexity and support issues, while providing the same or better levels of security.

HMS will slowly decommission the PGP service over the course of the next months in order to ensure that all current PGP users have adequate time to move to a recommended solution.
Current PGP users who wish to remove PGP and move to BitLocker or FileVault should contact their department Client Services Representative or the HMS Information Technology Service Desk at (617) 432-2000 or by email at itservicedesk@hms.harvard.edu.

If you are traveling with an encrypted laptop

Please be aware that some countries, including the United States of America, have restrictions on exporting encryption technology. If you are traveling abroad, you may want to:

If you have additional questions about any aspect of these regulations, please see the Harvard University Enterprise Information Security Policy or contact the IT Service Desk at 617-432-2000 or itservicedesk@hms.harvard.edu.

Last Updated November 14, 2013

Copyright 2014 by the President and Fellows of Harvard College.
Site Updated: 7/25/2014
IT Photo

more info