Security on O2

When using O2, all cluster users must adhere to Harvard security policies, such as the Information Security Policy and the Harvard Research Data Security Policy. In practice, the scope of these policies are wide-ranging. They govern the type of data that can be uploaded to the cluster, as well as the general account security measures that need to be followed. Please read the example cases below for further insight on how these security policies apply to using the O2 cluster.

Account security

Don't share O2 accounts

Each person who wishes to use the O2 cluster must register for their own individual account, as account sharing is prohibited by Harvard security policy. In addition, it is also good practice not to share your account information, because someone could maliciously log on to O2 with your credentials, and remove some of your data! Any account that we identify as being shared between multiple individuals may be disabled.

If you would like to obtain an O2 account, please be aware that a prerequisite is an HMS ID. More information on requesting an O2 account can be found here.

Protect your passwords

In addition to not sharing your O2 account, your O2 password should be protected. Don't share your O2 password with anyone else, including with HMS IT! We can help you without knowing your password. 

Do not reuse passwords that you have used elsewhere in non-Harvard contexts. Ensure that you're using a complex password that cannot be easily be guessed by another person or by a computer. If you need help in generating a complex password, or with storing your passwords, you can use a password manager like 1Password. Harvard offers 1Password Premium for free to those with a * email. See here for more details.

Be aware of phishing attacks, which often try to trick you into giving up your account information. More information on phishing can be found here. Avoiding clicking on unsafe links and providing personal information can keep your data on O2 safe!

My account's been compromised. What do I do now?

If you think your HMS account credentials have been compromised (e.g. through a phishing email), change your password at! The O2 cluster relies on HMS IDs for authentication. You can also reach out to HMS IT for additional help at

Data security

Harvard Data Security Levels

Before we can discuss what type of data can be stored on O2, we must first briefly discuss the Harvard Data Security Levels. Harvard Information Security Policy defines 5 levels of data security. Level 1 includes data that is deemed public information, whereas Levels 2-5 have data that is considered "confidential information." The higher the data level, the more likely harm would be caused to individuals or the University if the data were divulged. Each security level has defined requirements for keeping information safe and protected. See here for the full Information Security Policy. 

What type of data can I store on O2?

O2 can be used for storing and analyzing data that is Harvard Security Level 3 or below. The O2 cluster is not HIPAA compliant. It cannot be used for storing personally identifiable genetic information or personally identifiable healthcare information; these are both are considered Harvard Data Security Level 4. All data processed on O2 must be de-identified.