Versions Compared

Old Version 10

changes.mady.by.user Hannah Short

Saved on

compared with

New Version 11

changes.mady.by.user Hannah Short

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Stable DP CoCo Version
  2. Aligned AUP AARC Deliverable

Use Cases

  • EPOS
  • Life Sciences

Which policies do we need?

Policy NeedSourceTemplate BasisAudienceCommentNameWhat should we produce?
Incident Response ProcedureSirtfiEGI Incident Response, should link to Sirtfi, AARC workProxy, ServicesWhat about policies?Incident Response ProcedureTemplate

Policy on

authentication,
authorisation,
access control,
physical and network security,
security vulnerability handling and
security incident handling for all Constituents

SnctfiEGI Operational Security PolicyProxy, Services

Top level policy that covers physical and network security, vulnerability handling and refers to additional policies on Acceptable Assurance, Incident Response Procedure, Membership management

We either make very modular or try to make this quite long


Top Level PolicyTemplate
AUP for end usersSnctfiAARC Unified WISE Baseline AUPUsersEGI seems to have 2 AUPS, Infrastructure and User CommunityInfrastructure AUPTemplate
Collections of users' aims and purposesSnctfi

This is the User Community AUP. There is an example somewhere. Would be better if these could be combined.

Policies and procedures regulating the behaviour of the management of the Collection of users 

SnctfiEGI Membership Management
In XSEDE it's much more simpleMembership ManagementTemplateCollections of users aims and purposesSnctfiWhere does this go?

Data Protection Policy, e.g. DP CoCov2

SnctfiCoCo
Could be included in top levelData Protection Code of ConductFramework description

Privacy Policy 

CoCoAARC CoCo Template

Privacy PolicyTemplate
Policy on eligibility to use join the infrastructure (i.e. services)Elixir

NOT Similar to EGI Service Operations, there is some overlap with the Top Level Policy.

Try and include in overall policy

Service EligibilityTemplate
Risk Assessment (DPIA)Data Privacy Statement??????
NOT A POLICY but could inform policy decisions????


Example Policy Sets

CTSC PoliciesRelevant for AARC?
Acceptable Use Policy TemplateYes
Access Control Policy TemplateYes
Asset Management Policy Template
Asset-Specific Access and Privilege Specification Template
Disaster Recovery Policy TemplateNo
Incident Response Policy and Procedures TemplateYes
Information Asset Inventory TemplateNo
Information Classification Policy TemplateNo
Information Security Training and Awareness Policy TemplateNo
Master Information Security Policy & Procedures TemplateYes
Password Policy TemplateNo
Physical Security Policy TemplateYes

...