SPG:Drafts:Acceptable Use Policy March 2015

From EGIWiki
Revision as of 11:20, 16 July 2015 by Dkelsey (talk | contribs)
Jump to: navigation, search

Acceptable Use Policy

As discussed and agreed at the March 2015 SPG meeting, we are producing an updated version of the Acceptable Use Policy (AUP). This version includes the outcome of the discussion with the CERN Legal Service and a subsequent meeting at CERN in July 2015.

This addresses the following aims:

a. Generalise to include all EGI service offerings (Grids, Clouds, Long Tail of Science, etc.)
b. Add policy requirement to acknowledge support in publications
c. Address liability issues
d. Address Data Protection issues (a new requirement identified during discussion with CERN lawyers)

It is an evolution from the current version (https://documents.egi.eu/document/74).

External Draft Text (phase 2)

This policy is one of a set of documents that together define the Security Policy [Ref]. This individual document must be considered in conjunction with all the policy documents in the set. This version includes the outcome of the discussions with the CERN Legal Service and modifications related to Data Protection Issues (July 2015).

Acceptable Use Policy

By registering as a user you declare that you have read, understood and will abide by the following conditions of use:

  1. You shall only use the services to perform work, or transmit or store data consistent with the stated goals, policies and conditions of use as defined by the body or bodies granting you access.
  2. You shall provide appropriate acknowledgement of support or citation for your use of the resources or services provided as required by the body or bodies granting you access.
  3. You shall not use the services for any purpose that is unlawful and not (attempt to) breach or circumvent any administrative or security controls.
  4. You shall respect intellectual property and confidentiality agreements.
  5. You shall protect your access credentials (e.g. private keys or passwords).
  6. You shall keep all your registered information correct and up to date.
  7. You shall immediately report any known or suspected security breach or misuse of the services or access credentials to the specified incident reporting locations and to the relevant credential issuing authorities.
  8. You use the services at your own risk. There is no guarantee that the services will be available at any time or that they will suit any purpose.
  9. You agree that logged information, including that provided by you for registration purposes, may be used for administrative, operational, accounting, monitoring and security purposes and you agree that it may be disclosed to other organisations within the collaboration or including commercial entities, via secured mechanisms, only for the same purposes and only as far as necessary to provide the services.
  10. You agree that the access-granting bodies and service providers are entitled to regulate, suspend or terminate your access without prior notice and without compensation, within their domain of authority, and you shall immediately comply with their instructions.
  11. (to be reformulated?) You may request at any time access to your logged information, and if possible with reasonable efforts, that it is corrected in case of factual error.
  12. (to be actually formulated) You understand that your personal information may be stored for a maximum of 5 years (or indefinitely?) (i.e. sites would be liable should they keep the data for longer than this period)
  13. You are liable for the consequences of your violation of any of these conditions of use, which may include but is not limited to the reporting of your violation to your home institute and, if the activities are thought to be illegal, to appropriate law enforcement agencies.