Control Category: Governance

  • Incident Reporting

    Promptly report actual or suspected compromise, including loss, theft, improper use, modification of, or access to information to security@mit.edu.

    Read more: Incident Reporting

  • Self Assessment

    Review your systems and procedures regularly to ensure the tasks for this risk level are applied.

    Read more: Self Assessment

  • Security by design

    If you are developing (or contracting a vendor to develop) applications processing this level of information, include security as a design requirement.

    Read more: Security by design

  • Code review

    If you are developing (or contracting a vendor to develop) applications processing this level of information, review code and correct flaws prior to deployment.

    Read more: Code review

  • Annual Review

    Contact security@mit.edu for an annual review to verify that all security tasks are working properly.

    Read more: Annual Review

  • Sponsored research

    If you have received data as part of a sponsored research project, and your contract includes clauses on data security there may be additional tasks. Please contact infoprotect@mit.edu.

    Read more: Sponsored research

  • Payment processing

    If you are accepting credit card payments, you may need to complete additional tasks. Please contact infoprotect@mit.edu

    Read more: Payment processing

  • HIPAA or PHI

    If you handle Protected Health Information (PHI) or Individually Identifiable Health Information, there may be additional tasks to complete. Please contact infoprotect@mit.edu.

    Read more: HIPAA or PHI