|> home > services > policies > security|
Information Security Policy
In its handling of personal information, HPCx will maintain the firm standards of security, integrity and privacy which are to be expected of a public service whose relationships with its users and staff are governed by an ethic of collegiality and respect.
Personal information is held by the service on trust. It is our responsibility to ensure that that it is confidential, safe and correct.
This policy covers all information held by the service, whether on the computers or elsewhere. All members of the staff of HPCx are required to observe it.
It is the responsibility of managers to ensure that the provisions of this Policy are made known to the staff they supervise, and that each staff member understands precisely what he or she must do in order to carry it out.
Access to the HPCx database shall be denied to anyone who is not either a user of the service or a member of its staff. The systems and the information handling software shall be configured to ensure this.
Information on the HPCx database may be accessed by users or HPCx staff only through the webpages provided. These will ensure that only the information appropriate for each user of the database can be seen. Members of staff whose duties include the maintenance of the database and its software are exempt from this requirement; they are required to keep confidential the personal data they encounter.
The computers housing the database and its associated software shall be kept in secure conditions - either in the CCLRC computer room at Daresbury, whose security provisions are defined in the Contract between HPCx and EPSRC; or in the secure portion of the James Clerk Maxwell Builing in Edinburgh.
The database shall be backed up to the LTO tape store each working day. Two copies shall be made, one of which shall be transferred off site.
The treatment of data, including users' data, held on the HPCx systems, is laid down by the Contract between UoE HPCX Ltd and EPSRC.
Policies for the backup of data held on disk are described in the Data Backup Policies.
All files held on the HPCx systems will be protected from interference by other users by means of a careful use of the standard UNIX file protection systems. Users will be assigned to groups corresponding to their research project groups and subgroups, and these will normally be inaccessible to other users. Users will also be able to protect their personal files from other users by prohibiting access.
Access to the systems shall be barred to anyone who is not properly registered. A person may only be registered if they are approved by the Principal Investigator of a research project. Principal Investigators will be designated to HPCx by EPSRC. Registration of users, communication of passwords, access control, etc, shall follow the best industry practice.
The Terms and Conditions of Access, accepted by all users as a condition of access, require users not to corrupt or delete one another's data, and to respect one another's privacy, and it specifies the actions to be taken should they not observe this.
Personal data which is not currently in use shall at all times be securely locked away.
It shall be regarded as part of the professional ethic of our staff that information about our users which we come by in our work is not to be passed to any third party. Managers are required to ensure that their staff live up to this standard.
This topic is covered in the HPCx Contingency and Reversion Plan.
|http://www.hpcx.ac.uk/services/policies/security.html||contact email - firstname.lastname@example.org||© UoE HPCX Ltd|