Policy Development Kit
Top Level Infrastructure Policy | Description | Target Audience |
---|---|---|
Top Level Infrastructure Policy | Defines the purpose of a collaborative research environment, the roles and responsibilities of all the participants, and serves to bind all the other policies together.
It also allocates terminology with specific definitions. |
Service Providers |
Operational Security Policies | Description | Target Audience |
---|---|---|
Service Operational Security Policy | Defines the cyber security requirements for operating a service within the collaborative research environment. | Service Providers |
Incident Response Procedure | This procedure applies for any suspected or confirmed security breach with a potential impact on the infrastructure or on other infrastructure participants. | Service Providers |
Membership Management Policies | Description | Target Audience |
---|---|---|
Membership Management | This policy applies to the community manager and other designated community management personnel. It places requirements on communities regarding eligibility, obligations, and the rights of their users. It also governs their relationships with all infrastructures with which they have a usage agreement. | Community Managers
and Service Providers |
Acceptable Use Policy | The Acceptable Use Policy defines the rules and conditions that govern access to and use (including transmission, processing, and storage of data) of the resources and services. | End Users |
Acceptable Authentication Assurance Policy | Documents which identity providers are acceptable for the community and how much certainty is required of the identity. | Service Providers |
Data Protection Policies | Description | Target Audience |
---|---|---|
Policy on Processing Personal Data | Ensures that data collected as a result of the use of the infrastructure is processed fairly and lawfully by infrastructure participants. | Service Providers |
Risk Assessment | What are the risks associated with the processing of the person data associated with the identity and access management. | Service Providers |
Privacy Policy | Identify what data the community is collecting from users, how it is managed and under what legal basis this data is controlled. | End Users |