Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SPG:Drafts:Acceptable Use Policy March 2015"

From EGIWiki
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 3: Line 3:


As discussed and agreed at the March 2015 SPG meeting, we are producing an updated version of the Acceptable Use Policy (AUP).
As discussed and agreed at the March 2015 SPG meeting, we are producing an updated version of the Acceptable Use Policy (AUP).
This version includes the outcome of the discussion with the CERN Legal Service and a subsequent meeting at CERN in July 2015.
This version includes the outcome of the discussion with the CERN Legal Service and a subsequent meeting at CERN in July 2015 discussing data protection issues.


This addresses the following aims:
This addresses the following aims:
Line 10: Line 10:
  c. Address liability issues
  c. Address liability issues
  d. Address Data Protection issues (a new requirement identified during discussion with CERN lawyers)
  d. Address Data Protection issues (a new requirement identified during discussion with CERN lawyers)


It is an evolution from the current version (https://documents.egi.eu/document/74).
It is an evolution from the current version (https://documents.egi.eu/document/74).
Line 16: Line 17:


This policy is one of a set of documents that together define the Security Policy [Ref]. This individual document must be considered in conjunction with all the policy documents in the set.
This policy is one of a set of documents that together define the Security Policy [Ref]. This individual document must be considered in conjunction with all the policy documents in the set.
This version includes the outcome of the discussions with the CERN Legal Service and modifications related to Data Protection Issues (July 2015).


'''Acceptable Use Policy'''
 
'''Acceptable Use Policy and Conditions of Use'''


By registering as a user you declare that you have read, understood and will abide by the following conditions of use:  
By registering as a user you declare that you have read, understood and will abide by the following conditions of use:  


# You shall only use the services to perform work, or transmit or store data consistent with the stated goals, policies and conditions of use as defined by the body or bodies granting you access.
# You shall only use the resources/services to perform work, or transmit or store data consistent with the stated goals, policies and conditions of use as defined by the body or bodies granting you access.
# You shall provide appropriate acknowledgement of support or citation for your use of the resources or services provided as required by the body or bodies granting you access.  
# You shall provide appropriate acknowledgement of support or citation for your use of the resources/services provided as required by the body or bodies granting you access.  
# You shall not use the services for any purpose that is unlawful and not (attempt to) breach or circumvent any administrative or security controls.
# You shall not use the resources/services for any purpose that is unlawful and not (attempt to) breach or circumvent any administrative or security controls.
# You shall respect intellectual property and confidentiality agreements.  
# You shall respect intellectual property and confidentiality agreements.  
# You shall protect your access credentials (e.g. private keys or passwords).  
# You shall protect your access credentials (e.g. private keys or passwords).  
# You shall keep all your registered information correct and up to date.
# You shall keep all your registered information correct and up to date.
# You shall immediately report any known or suspected security breach or misuse of the services or access credentials to the specified incident reporting locations and to the relevant credential issuing authorities.
# You shall immediately report any known or suspected security breach or misuse of the resources/services or access credentials to the specified incident reporting locations and to the relevant credential issuing authorities.
# You use the services at your own risk. There is no guarantee that the services will be available at any time or that they will suit any purpose.
# You use the resources/services at your own risk. There is no guarantee that the resources/services will be available at any time or that their integrity or confidentiality will be preserved or that they will suit any purpose.
# You agree that logged information, including that provided by you for registration purposes, may be used for administrative, operational, accounting, monitoring and security purposes and you agree that it may be disclosed to other organisations within the collaboration or including commercial entities, via secured mechanisms, only for the same purposes and only as far as necessary to provide the services.  
# You agree that logged information, including personal data provided by you for registration purposes, may be used for administrative, operational, accounting, monitoring and security purposes. You agree that this logged information may be disclosed to other authorised participants via secured mechanisms, only for the same purposes and only as far as necessary to provide the services.
# You agree that the access-granting bodies and service providers are entitled to regulate, suspend or terminate your access without prior notice and without compensation, within their domain of authority, and you shall immediately comply with their instructions.
# You agree that the body or bodies granting you access and resource/service providers are entitled to regulate, suspend or terminate your access without prior notice and without compensation, within their domain of authority, and you shall immediately comply with their instructions.
# (to be reformulated?) You may request at any time access to your logged information, and if possible with reasonable efforts, that it is corrected in case of factual error.
# You are liable for the consequences of your violation of any of these conditions of use, which may include but are not limited to the reporting of your violation to your home institute and, if the activities are thought to be illegal, to appropriate law enforcement agencies.
# (to be actually formulated) You understand that your personal information may be stored for a maximum of 5 years (or indefinitely?) (i.e. sites would be liable should they keep the data for longer than this period)
# You are liable for the consequences of your violation of any of these conditions of use, which may include but is not limited to the reporting of your violation to your home institute and, if the activities are thought to be illegal, to appropriate law enforcement agencies.

Latest revision as of 18:33, 12 January 2016

Acceptable Use Policy

As discussed and agreed at the March 2015 SPG meeting, we are producing an updated version of the Acceptable Use Policy (AUP). This version includes the outcome of the discussion with the CERN Legal Service and a subsequent meeting at CERN in July 2015 discussing data protection issues.

This addresses the following aims:

a. Generalise to include all EGI service offerings (Grids, Clouds, Long Tail of Science, etc.)
b. Add policy requirement to acknowledge support in publications
c. Address liability issues
d. Address Data Protection issues (a new requirement identified during discussion with CERN lawyers)


It is an evolution from the current version (https://documents.egi.eu/document/74).

External Draft Text (phase 2)

This policy is one of a set of documents that together define the Security Policy [Ref]. This individual document must be considered in conjunction with all the policy documents in the set.


Acceptable Use Policy and Conditions of Use

By registering as a user you declare that you have read, understood and will abide by the following conditions of use:

  1. You shall only use the resources/services to perform work, or transmit or store data consistent with the stated goals, policies and conditions of use as defined by the body or bodies granting you access.
  2. You shall provide appropriate acknowledgement of support or citation for your use of the resources/services provided as required by the body or bodies granting you access.
  3. You shall not use the resources/services for any purpose that is unlawful and not (attempt to) breach or circumvent any administrative or security controls.
  4. You shall respect intellectual property and confidentiality agreements.
  5. You shall protect your access credentials (e.g. private keys or passwords).
  6. You shall keep all your registered information correct and up to date.
  7. You shall immediately report any known or suspected security breach or misuse of the resources/services or access credentials to the specified incident reporting locations and to the relevant credential issuing authorities.
  8. You use the resources/services at your own risk. There is no guarantee that the resources/services will be available at any time or that their integrity or confidentiality will be preserved or that they will suit any purpose.
  9. You agree that logged information, including personal data provided by you for registration purposes, may be used for administrative, operational, accounting, monitoring and security purposes. You agree that this logged information may be disclosed to other authorised participants via secured mechanisms, only for the same purposes and only as far as necessary to provide the services.
  10. You agree that the body or bodies granting you access and resource/service providers are entitled to regulate, suspend or terminate your access without prior notice and without compensation, within their domain of authority, and you shall immediately comply with their instructions.
  11. You are liable for the consequences of your violation of any of these conditions of use, which may include but are not limited to the reporting of your violation to your home institute and, if the activities are thought to be illegal, to appropriate law enforcement agencies.