HPCx homepage
Services User support Projects Research About us Sitemap Search  
Hardware Software Storage Machine status The Grid Service Policies
home > services > policies > security

Information Security Policy



In its handling of personal information, HPCx will maintain the firm standards of security, integrity and privacy which are to be expected of a public service whose relationships with its users and staff are governed by an ethic of collegiality and respect.

Personal information is held by the service on trust. It is our responsibility to ensure that that it is confidential, safe and correct.

This policy covers all information held by the service, whether on the computers or elsewhere. All members of the staff of HPCx are required to observe it.

Our handling of personal information is governed by our Notification under the Data Protection Acts; and by the HPCx Personal Data and Privacy Policy.

It is the responsibility of managers to ensure that the provisions of this Policy are made known to the staff they supervise, and that each staff member understands precisely what he or she must do in order to carry it out.

Personal information held on computers

Access to the HPCx database shall be denied to anyone who is not either a user of the service or a member of its staff. The systems and the information handling software shall be configured to ensure this.

Nor shall personal information from the HPCx database be transmitted to other people, except as specified in the Personal Data and Privacy Policy. Reports to external organisations on the activities of the service shall not refer to individual users by name.

Information on the HPCx database may be accessed by users or HPCx staff only through the webpages provided. These will ensure that only the information appropriate for each user of the database can be seen. Members of staff whose duties include the maintenance of the database and its software are exempt from this requirement; they are required to keep confidential the personal data they encounter.

The computers housing the database and its associated software shall be kept in secure conditions - either in the CCLRC computer room at Daresbury, whose security provisions are defined in the Contract between HPCx and EPSRC; or in the secure portion of the James Clerk Maxwell Builing in Edinburgh.

The database shall be backed up to the LTO tape store each working day. Two copies shall be made, one of which shall be transferred off site.

Other information held on computers

The treatment of data, including users' data, held on the HPCx systems, is laid down by the Contract between UoE HPCX Ltd and EPSRC.

Policies for the backup of data held on disk are described in the Data Backup Policies.

All files held on the HPCx systems will be protected from interference by other users by means of a careful use of the standard UNIX file protection systems. Users will be assigned to groups corresponding to their research project groups and subgroups, and these will normally be inaccessible to other users. Users will also be able to protect their personal files from other users by prohibiting access.

Access to the systems shall be barred to anyone who is not properly registered. A person may only be registered if they are approved by the Principal Investigator of a research project. Principal Investigators will be designated to HPCx by EPSRC. Registration of users, communication of passwords, access control, etc, shall follow the best industry practice.

The Terms and Conditions of Access, accepted by all users as a condition of access, require users not to corrupt or delete one another's data, and to respect one another's privacy, and it specifies the actions to be taken should they not observe this.

Personal information held elsewhere

It is the responsibility of all members of HPCx staff to ensure that personal information about our users and staff is protected and their privacy maintained. This applies as much to information held on paper, or elsewhere, as to information held on computer. No such information shall be shown to any person not specified in the Personal Data and Privacy Policy as a person to whom personal data may be transmitted.

Personal data which is not currently in use shall at all times be securely locked away.

It shall be regarded as part of the professional ethic of our staff that information about our users which we come by in our work is not to be passed to any third party. Managers are required to ensure that their staff live up to this standard.

Contingency planning and business continuity

This topic is covered in the HPCx Contingency and Reversion Plan.

November, 2002

http://www.hpcx.ac.uk/services/policies/security.html contact email - www@hpcx.ac.uk © UoE HPCX Ltd