Versions Compared

Old Version 82

changes.mady.by.user David Groep

Saved on

compared with

New Version 83

changes.mady.by.user David Groep

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleDefine the purpose of your collaboration - this will be used for your AUP

Why? As you connect services and infrastructures to your collaboration via the AAI, these will have their 'acceptable' (and unacceptable) use defined. They provide services based on what what you, as a collaboration, are planning to do, pay for, or because of shared goals and ambitions. Your users should be acting as part of your community, so also they need clarify as to what the collaboration is for. To prevent each and every infrastructure and service provider asking the users to comply with their acceptable use - and having to remember on your behalf what the collaboration's goal in life in - the common WISE Baseline AUP can do that in one go. But for that the purpose of use needs to be clear. Only you (as in: the collaboration) can provide that clarity

Recommendation: be clear and concise in how to word your purpose. A one-line sentence is needed to be inserted verbatim into the WISE Baseline AUP that you should show to users enrolling in your collaboration (or that your AAI service provider will show on your behalf when new users join). This is not the place to write a grant proposal ...

Applicable guidance: WISE AUP, AARC-I044 (AUP implementation guide), AARC-G083 (notice management), Governance - primary assets, Governance - risk assessment

...

Expand
titleThink about your crown jewels, risks, any regulations and legal things, privacy - and what to do if things go wrong ...



  1. We strongly suggest  
    1. Identifying your primary assets
    2. Completing a risk assessment
    3. Adopting the REFEDS Data Protection Code of Conduct if it is suitable for your research collaboration
    4. Defining your rules of participation and the escalation procedure in case of non-compliance
    5. Any additional legal and regulatory compliance necessary
  2. Define, or agree to adopt as is, the following 6 documents and seek endorsement from the governance body
    Expand
    titleview the 6 documents
    Membership management 
    Privacy Policy 
    AAOPS 
    Security Operational Baseline 
    Incident response procedure 
    Membership Management
  3. Review the AEGIS endorsed policy guidelines required for AARC compliance and ensure their technical implementation
    1. Identify your assurance requirements following https://aarc-community.org/guidelines/aarc-g031/ 
    2. Identify suitable token lifetimes https://aarc-community.org/guidelines/aarc-g081/
  4. Ensure that the policies are presented to and accepted by the relevant audiences
  5. Publish your documents and responsible parties at a suitable location

...