The HUIT standard for the design and management of AWS accounts to control for the lack of accountability and reduction in economies of scale that can take place in a large and decentralized institution.
This document presents a consolidated reference for consistent naming of Cloud Resources across all IT Organizations, which benefits the University in cost savings, automation and reduction of ambiguity.
This document describes the required metadata tags for Cloud Resources (e.g. instances, volumes, snapshots, managed databases, load balancers, distributed caching services) so that resources can be effectively leveraged across stakeholders.
This HUIT standard presents a discussion and implementation guide for incorporating enterprise level meta-data on IT resources and infrastructure. Details of the tags can be found in the attached pdf document.
This analysis of the architecture guidance on the number of production VPCs (Virtual Private Clouds) for services deployed in AWS examines four dimensions: Security, Cost, Operations, and Business Continuity and Disaster Recovery.
This document discusses the top challenges researchers experience in the use of the Cloud and provides recommendations and guiding principles for putting a solution into place.
This document outlines potential problems associated with multiple applications running on a single instance, describes current best practices for isolating production applications, and makes recommendations to mitigate potential problems when best practices are not followed.
This document defines a basic set of data elements related to operational monitoring and instrumentation that should be provided by systems on-premises, in our AWS Cloud, or a SaaS provider.
The scope of this standard extends to all server instances that are within the HUIT domains on a fully-managed basis, or are hosted within HUIT on behalf of customers that administer the server instances. The overarching goal of this work is to satisfy Harvard’s HUIT Information Security Policy Objectives and NIST Cyber-Security Framework (CSF) Objectives.
The purpose of this document is to provide guidance and governance for the sourcing of software and packages installed standalone or as part of an operating system on HUIT supported systems.
A tool to assess applications (e.g. developed, licensed, and SaaS solutions) for inclusion in the application portfolio. The checklist includes important considerations that must be accommodated and those that should be honored.
This HUIT standard presents a discussion and implementation guide for incorporating enterprise level meta-data on IT resources and infrastructure. Details of the tags can be found in the attached pdf document.
This document allows end users the ability to create SharePoint sites/O365 Groups/Microsoft Team sites as a self-service model while maintaining a naming convention for reporting and tracking purposes.
This document provides a series of guidelines for determining whether a Software as a Service (SaaS) solution should be established with a single shared subscription or multiple subscriptions.
The purpose of this document is to provide guidance and governance for the sourcing of software and packages installed standalone or as part of an operating system on HUIT supported systems.
This document provides a discussion and recommendations for the use of http cookies in web sites and applications to avoid operational and security issues.
This document provides recommendations for choosing an authentication system for Salesforce, based on user experience, security and practical considerations.
This advisory provides some guidelines for the product and portfolio teams to enable them to determine whether or not Oracle APEX is an appropriate tool for a specific custom build.
The Harvard University Digital Accessibility Policy addresses the needs of individuals with disabilities who seek to use University Websites to participate in University programs and activities and/or conduct University Business.
This document provides recommendations for choosing an authentication system for Salesforce, based on user experience, security and practical considerations.
This document is intended as a high-level overview of the concepts, methods, benefits, and challenges of user research as a discipline within an Information Technology organization.
This advisory provides guidance on striking a balance between using website traffic analysis tools (i.e. analytics) to create a better user experience for website visitors and avoiding unnecessary collection of information about our users that could constitute a breach of trust.
This document includes the HUIT standard for including REST APIs in the API gateway and portal, as well as a guide to decisions related to HUIT’s API program.
A set of documents that define a Trust Model, describe what is currently in place, and a plan to move toward reducing complexity and the need for data sources to provision applications individually.
This HUIT standard presents a discussion and implementation guide for incorporating enterprise level meta-data on IT resources and infrastructure. Details of the tags can be found in the attached pdf document.
A set of principles that guide the selection of standards for APIs at Harvard and general development recommendations that impact effective interoperation of our systems and services.
This document discusses the top challenges researchers experience in the use of the Cloud and provides recommendations and guiding principles for putting a solution into place.
This advisory provides guidance on striking a balance between using website traffic analysis tools (i.e. analytics) to create a better user experience for website visitors and avoiding unnecessary collection of information about our users that could constitute a breach of trust.
This document includes the HUIT standard for including REST APIs in the API gateway and portal, as well as a guide to decisions related to HUIT’s API program.
A set of principles that guide the selection of standards for APIs at Harvard and general development recommendations that impact effective interoperation of our systems and services.
This document discusses the top challenges researchers experience in the use of the Cloud and provides recommendations and guiding principles for putting a solution into place.
This document provides recommendations for choosing an authentication system for Salesforce, based on user experience, security and practical considerations.
This document provides an overview of the overall process, roles, and technical requirements required to utilize the eCommerce Gateway with Salesforce.
This document outlines a mid-term future-state vision, strategy and design approach for directory services across the University to address overlapping services and data, inconsistent provisioning, and varying levels of support.
This document provides an overview of the overall process, roles, and technical requirements required to utilize the eCommerce Gateway with Salesforce.
The HUIT standard for the design and management of AWS accounts to control for the lack of accountability and reduction in economies of scale that can take place in a large and decentralized institution.
These Information Security Requirements apply to everyone at Harvard. They provide additional detail on how to be compliant with Policy and should be used as a normal part of daily life at Harvard in order to keep both Harvard confidential data and your own personal information secure.
This document allows end users the ability to create SharePoint sites/O365 Groups/Microsoft Team sites as a self-service model while maintaining a naming convention for reporting and tracking purposes.
The scope of this standard extends to all server instances that are within the HUIT domains on a fully-managed basis, or are hosted within HUIT on behalf of customers that administer the server instances. The overarching goal of this work is to satisfy Harvard’s HUIT Information Security Policy Objectives and NIST Cyber-Security Framework (CSF) Objectives.
This document provides a discussion and recommendations for the use of http cookies in web sites and applications to avoid operational and security issues.
This document provides recommendations for choosing an authentication system for Salesforce, based on user experience, security and practical considerations.
This advisory provides guidance on striking a balance between using website traffic analysis tools (i.e. analytics) to create a better user experience for website visitors and avoiding unnecessary collection of information about our users that could constitute a breach of trust.
This document provides guidance to Harvard University’s minimum standards and recommended best practices for Integrated Automation of Operations Technology and Industrial Control systems design and implementation