Policy

JASMIN - ACCEPTABLE USE POLICIES

Initial version 2014-06-23

JASMIN ICT systems and services are governed by the following three policies which users must familiarise themselves with before accessing the system:

  1. JASMIN Local Policy
  2. Virtual Machine Conditions of Use
  3. JASMIN Compliance with RCUK Acceptable Use Policy

1. JASMIN Local Policy

  1. Users must only login to CEDA servers via SSH using a Public/Private key pair having provided their public key to CEDA.
  2. Users must ensure that their SSH private key is protected by a password
  3. Users must take reasonable precaution to ensure that their account is not used by another person.
  4. Users must not access any datasets visible on the VM that they do not have permission to access (via the CEDA catalogue).
  5. Users must not facilitate access to any datasets visible on the VM by a third party without prior agreed consent from the service provider and/or the original data provider.
  6. Users agree that their contact details may be shared with other JASMIN/CEMS partner organisations for the purposes of user support.
  7. JASMIN users should not store any materials of a personal or confidential nature on JASMIN systems.
  8. JASMIN systems, services and facilities are provided for research purpose only no personal or commercial activity is permitted.
  9. The use of social media on JASMIN is restricted to the support of research activities.

 

2. Virtual Machines Conditions of Use

The JASMIN platform managed by the Centre for Environmental Data Archival (CEDA) and the STFC e-Science Centre provides virtual machines (VMs) for scientific usage. Some users will be granted the role of VM Administrator, which will give them “root” or “sudo” access to specific servers on JASMIN. The condition of use presented here must be agreed to in order for VM Administrator access to be granted.

Virtual Machine Roles

The following roles have been defined for users of the JASMIN system:

  1. CEDA Operations Manager – is the overall manager of the JASMIN service who needs to be consulted for any change requests to services.
  2. JASMIN Administrator – is in charge of setting up JASMIN VMs and ensuring that any major security and operating system updates are applied. The JASMIN Administrator does not have responsibility for individual software packages outside of general operating system management.
  3. VM Administrator – is a CEDA user who has been granted with either “root” or “sudo” access on a JASMIN VM. The VM Administrator is in charge of managing software installations on the VM.
  4. VM User – is a CEDA user who has a login account (via SSH – see below) on a JASMIN VM but no access to “root” or “sudo” privileges.
  5. CEDA User – is anyone who has registered as a user via the BADC registration page.

Conditions of Use for VM Administrators

A VM Administrator may be employed by an organisation external to CEDA. All VM Administrators must agree to abide by the following conditions in order to gain access to “root” or “sudo” privileges on a JASMIN VM.

  1. I will not undertake any illegal activity or copy any offensive material onto the VM.
  2. I will make my home institution aware that I have this responsibility and that I have signed up to these conditions of use.
  3. I will not add or modify any disk mount points on the VM.
  4. I will not create any user accounts on the system to enable others to connect to the VM.
  5. I will not modify the login credentials (such as the “.ssh/” directory) of any users on the system.
  6. I will not grant any other user “root” or “sudo” privileges on the VM.
  7. I will not open any ports on the VM.
  8. I will not access, or facilitate access to, any datasets visible on the VM that I do not have permission to access (via the CEDA catalogue).
  9. I will only login to the server via SSH using a Public/Private key pair as set up by the JASMIN Administrator.
  10. I will not run the “yum update” command (without specifying a particular package), or equivalent command, to update all packages on the system at once without first discussing it with the JASMIN Administrator.
  11. I will not modify iptables rules on the VM.

Failure to comply will result in the suspension of the VM and may result in complete removal of access to the JASMIN platform. VM Administrators should note that all root commands are logged.

If you have any concerns about any activity that might breach the above conditions please contact CEDA.

3. JASMIN Compliance with Research Council Acceptable Use Policy

JASMIN Users must  be made aware of the principles of the Harmonised Research  Council Policy, and any restrictions/guidance, before they have access to Research Council/establishment ICT systems and services.

If you have any questions on Information Security or the  RCUK Acceptable Use Policy, please feel free to contact the Information Security Officer at information.security@stfc.ac.uk.

1.1  JASMIN relies on its computer and communications facilities to carry out its business. All these facilities can be put at risk through improper or ill-informed use, and result in consequences which may be damaging to individuals and their research, the Research Council community and to reputations.

1.2 The policy aims to provide clear guidance to all users concerning the use of Research Council computer and communications facilities. It provides a framework to

  • enable researchers to use Research Council facilities with security and confidence,
  • help maintain the security, integrity and performance of Research Council ICT systems;
  • minimise both the Research Council and individual users  exposure to possible legal action arising from unauthorised use of the ICT systems;
  • help ensure that JASMIN can demonstrate effective and appropriate use of publicly funded resources; and
  • set the minimum standard for acceptable use across all JASMIN ICT systems.

1.3  The policy covers use of all ICT systems and facilities provided either directly or indirectly by the JASMIN.

1.5 Any activity that falls outside acceptable use may result in service suspension. Any suspected illegal action will be reported to the police

2. Monitoring

2.1 Monitoring Statement

2.1.1 The Research Council reserves the right to monitor communications.

2.1.2 The Research Council employs monitoring techniques on its ICT systems and services, including e-mail and Internet access, to enable usage trends to be identified and to ensure that these facilities are not being misused.

2.1.3 Monitoring is limited, as far as practicable, to the recording and analysis of network traffic data. To this end, the Research Council keeps logs of: calls made on communications equipment such as telephones and fax machine; emails sent by e-mail address; internet sites visited by computer system address. In some cases, this means that the identity of the individuals involved in the communication is readily available. These logs are not routinely monitored on a continuous basis but spot-checks are carried out from time to time to help ensure compliance with this policy. Further authorised investigations may be necessary where there is reasonable suspicion of misuse of facilities

2.1.4 Since the Research Council owns and is liable for data held on its communications equipment and systems, it reserves the right, as part of any investigations, to inspect the contents of any e-mails or any other form of communications that are sent or received and of Internet sites accessed, for compliance with this policy. This will only be done where the volume of traffic or the amount of material being downloaded is excessive, or there are grounds to suspect that use is for "unacceptable‟ or "forbidden‟ activities.

2.1.6 Monitoring/investigations of individuals  use of the Research Council‟s communications systems may also happen in the following circumstances:

  • To detect or prevent crime including detecting unauthorised use of systems, protecting against viruses and hackers and fraud investigation
  • To assist in maintaining the security, performance, integrity and availability of the ICT systems, services and facilities.
  • To provide evidence e.g. of a commercial transaction, to establish regulatory compliance, audit, debt recovery or dispute resolution.

2.1.7 Where monitoring is used, only Research Council staff trained in data protection compliance will investigate the recorded data. Confidentiality will be ensured for all investigations involving personal data, except to the extent that wider disclosure is required to follow up breaches, to comply with court orders or to facilitate criminal investigation. Logged data will not normally be retained for more than one year unless required by regulatory compliance.

2.1.8 In addition, members of the local IT Service Desk, Information Security representatives, Security Teams and Network Security Groups will conduct random audits on the security of the Research Council‟s ICT systems. These audits include examination of a small, randomly selected set of user devices and server systems. The audit checks that these systems have correctly licensed software, do not contain inappropriate material and have not been used to access or view inappropriate material that may violate this Policy.

2.1.9 Where monitoring reveals instances of suspected misuse of the ICT systems (e.g. where pornography or other inappropriate material is found, or where other unacceptable/forbidden use is found), these will be investigated.

2.2 Personal files, documents and e-mails JASMIN CEMS local policy amendment

To help safeguard their privacy JASMIN users should not store any materials of a personal or confidential nature on JASMIN systems.

3. Private/Personal use of JASMIN systems, services and facilities JASMIN  local policy amendment

JASMIN systems, services and facilities are provided for research purpose only no personal or commercial activity is permitted.

4. Social Media

4.1 The use of social media on JASMIN is restricted to the support of research activities.

5. Related Policies and Procedures

5.1 Where an external network connection is provided as part of the Joint Academic Network (JANET), the JANET Acceptable Use Policy applies.

5.2 Users must familiarise themselves with the Research Council's data protection policies, relevant organisational, institute, local, site or project Information Security Policy, standards, best practice and guidance.

 

This website and others run by CEDA use cookies. By continuing to use this website you are agreeing to our use of cookies.