SPG:Drafts:Acceptable Use Policy March 2015

From EGIWiki
Revision as of 19:33, 12 January 2016 by Dkelsey (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Acceptable Use Policy

As discussed and agreed at the March 2015 SPG meeting, we are producing an updated version of the Acceptable Use Policy (AUP). This version includes the outcome of the discussion with the CERN Legal Service and a subsequent meeting at CERN in July 2015 discussing data protection issues.

This addresses the following aims:

a. Generalise to include all EGI service offerings (Grids, Clouds, Long Tail of Science, etc.)
b. Add policy requirement to acknowledge support in publications
c. Address liability issues
d. Address Data Protection issues (a new requirement identified during discussion with CERN lawyers)

It is an evolution from the current version (https://documents.egi.eu/document/74).

External Draft Text (phase 2)

This policy is one of a set of documents that together define the Security Policy [Ref]. This individual document must be considered in conjunction with all the policy documents in the set.

Acceptable Use Policy and Conditions of Use

By registering as a user you declare that you have read, understood and will abide by the following conditions of use:

  1. You shall only use the resources/services to perform work, or transmit or store data consistent with the stated goals, policies and conditions of use as defined by the body or bodies granting you access.
  2. You shall provide appropriate acknowledgement of support or citation for your use of the resources/services provided as required by the body or bodies granting you access.
  3. You shall not use the resources/services for any purpose that is unlawful and not (attempt to) breach or circumvent any administrative or security controls.
  4. You shall respect intellectual property and confidentiality agreements.
  5. You shall protect your access credentials (e.g. private keys or passwords).
  6. You shall keep all your registered information correct and up to date.
  7. You shall immediately report any known or suspected security breach or misuse of the resources/services or access credentials to the specified incident reporting locations and to the relevant credential issuing authorities.
  8. You use the resources/services at your own risk. There is no guarantee that the resources/services will be available at any time or that their integrity or confidentiality will be preserved or that they will suit any purpose.
  9. You agree that logged information, including personal data provided by you for registration purposes, may be used for administrative, operational, accounting, monitoring and security purposes. You agree that this logged information may be disclosed to other authorised participants via secured mechanisms, only for the same purposes and only as far as necessary to provide the services.
  10. You agree that the body or bodies granting you access and resource/service providers are entitled to regulate, suspend or terminate your access without prior notice and without compensation, within their domain of authority, and you shall immediately comply with their instructions.
  11. You are liable for the consequences of your violation of any of these conditions of use, which may include but are not limited to the reporting of your violation to your home institute and, if the activities are thought to be illegal, to appropriate law enforcement agencies.