Policy Development Kit

Top Level Infrastructure Policy Description Target Audience
Top Level Infrastructure Policy Defines the purpose of a collaborative research environment, the roles and responsibilities of all the participants, and serves to bind all the other policies together.

It also allocates terminology with specific definitions.

Service Providers
Operational Security Policies Description Target Audience
Service Operational Security Policy Defines the cyber security requirements for operating a service within the collaborative research environment. Service Providers
Incident Response Procedure This procedure applies for any suspected or confirmed security breach with a potential impact on the infrastructure or on other infrastructure participants. Service Providers
Membership Management Policies Description Target Audience
Membership Management This policy applies to the community manager and other designated community management personnel. It places requirements on communities regarding eligibility, obligations, and the rights of their users. It also governs their relationships with all infrastructures with which they have a usage agreement.  Community Managers 


Service Providers

Acceptable Use Policy The Acceptable Use Policy defines the rules and conditions that govern access to and use (including transmission, processing, and storage of data) of the resources and services. End Users
Acceptable Authentication Assurance Policy Documents which identity providers are acceptable for the community and how much certainty is required of the identity. Service Providers
Data Protection Policies Description Target Audience
Policy on Processing Personal Data Ensures that data collected as a result of the use of the infrastructure is processed fairly and lawfully by infrastructure participants. Service Providers
Risk Assessment What are the risks associated with the processing of the person data associated with the identity and access management. Service Providers
Privacy Policy Identify what data the community is collecting from users, how it is managed and under what legal basis this data is controlled.  End Users