SPG:Drafts:Acceptable Use Policy March 2015

From EGIWiki
Revision as of 12:04, 16 July 2015 by Dkelsey (talk | contribs)
Jump to: navigation, search

Acceptable Use Policy

As discussed and agreed at the March 2015 SPG meeting, we are producing an updated version of the Acceptable Use Policy (AUP). This version includes the outcome of the discussion with the CERN Legal Service and a subsequent meeting at CERN in July 2015 discussing data protection issues.

This addresses the following aims:

a. Generalise to include all EGI service offerings (Grids, Clouds, Long Tail of Science, etc.)
b. Add policy requirement to acknowledge support in publications
c. Address liability issues
d. Address Data Protection issues (a new requirement identified during discussion with CERN lawyers)


It is an evolution from the current version (https://documents.egi.eu/document/74).

External Draft Text (phase 2)

This policy is one of a set of documents that together define the Security Policy [Ref]. This individual document must be considered in conjunction with all the policy documents in the set.


Acceptable Use Policy

By registering as a user you declare that you have read, understood and will abide by the following conditions of use:

  1. You shall only use the services to perform work, or transmit or store data consistent with the stated goals, policies and conditions of use as defined by the body or bodies granting you access.
  2. You shall provide appropriate acknowledgement of support or citation for your use of the resources or services provided as required by the body or bodies granting you access.
  3. You shall not use the services for any purpose that is unlawful and not (attempt to) breach or circumvent any administrative or security controls.
  4. You shall respect intellectual property and confidentiality agreements.
  5. You shall protect your access credentials (e.g. private keys or passwords).
  6. You shall keep all your registered information correct and up to date.
  7. You shall immediately report any known or suspected security breach or misuse of the services or access credentials to the specified incident reporting locations and to the relevant credential issuing authorities.
  8. You use the services at your own risk. There is no guarantee that the services will be available at any time or that they will suit any purpose.
  9. You agree that logged information, including personal data provided by you for registration purposes, may be used for administrative, operational, accounting, monitoring and security purposes as defined in the "Policy on the Processing of Personal Data" (provide URL). Further details on the management of your personal data, retention periods, your rights of access to such data, who to contact/how to seek correction of any mistakes are all documented in the VO Data Privacy Policy. You agree that this logged information may be disclosed to other authorised participants via secured mechanisms, only for the same purposes and only as far as necessary to provide the services.
  10. You agree that the access-granting bodies and service providers are entitled to regulate, suspend or terminate your access without prior notice and without compensation, within their domain of authority, and you shall immediately comply with their instructions.
  11. You are liable for the consequences of your violation of any of these conditions of use, which may include but is not limited to the reporting of your violation to your home institute and, if the activities are thought to be illegal, to appropriate law enforcement agencies.