...
| Policy Need | Source | Template Basis | Comment | Name | What should we produce? |
|---|---|---|---|---|---|
| Incident Response Procedure | Sirtfi | EGI Incident Response, should link to Sirtfi, AARC work | Incident Response Procedure | Template | |
| Policy on authentication, authorisation, access control, physical and network security, security vulnerability handling and security incident handling for all Constituents | Snctfi | EGI Operational Security Policy | Top level policy that covers physical and network security, vulnerability handling and refers to additional policies on Acceptable Assurance, Incident Response Procedure, Membership management | Top Level Policy | Template |
| AUP for end users | Snctfi | AARC Unified AUP | EGI seems to have 2 AUPS, Infrastructure and User Community | Infrastructure AUP | Template |
Policies and procedures regulating the behaviour of the management of the Collection of users | Snctfi | EGI Membership Management | Membership Management | Template | |
| Collections of users aims and purposes | Snctfi | Where does this go? | |||
Data Protection Policy, e.g. DP CoCov2 | Snctfi | CoCo | Data Protection Code of Conduct | Framework description | |
Privacy Policy | CoCo | AARC Template | Privacy Policy | Template | |
| Policy on eligibility to use the infrastructure (i.e. services) | Elixir | Similar to EGI Service Operations, there is some overlap with the Top Level Policy | Service Eligibility | Template | |
| Risk Assessment | ?? | ?? | ?? | ?? | ?? |
Example Policy Sets
...