Acceptable Use Policy

Introduction

This Acceptable Use Policy sets out the responsibilities and required behaviour of users of the Bristol Centre for Supercomputing (BriCS) information systems, networks and computers.

Scope

All individuals who have been granted federated access to use BriCS’s facilities are subject to this policy.

Policy

User Identification and Authentication

Each user will be assigned a unique identifier (userID) for their individual use. This userID may not be used by anyone other than the individual user to whom it has been issued.

Each user will connect via a secure federated identity provided by an approved institution (e.g. a University identity provider - IdP federated via an approved federation, e.g. MyAccessID). Each user is responsible for following the Acceptable Use Policy of their IdP, e.g. ensuring that they must not divulge their password to anyone else, for any reason. They must ensure that the password they use with their IdP must not be used as the password for any other services, or any external services (for example social media sites). Each user are expected to remember their password and to change it if there is any suspicion that it may have been compromised.

Users will additionally be asked to set up Multi-Factor Authentication (MFA) as part of registering with BriCS. This is used in addition to a federated login, and may take the form of an authentication app on a mobile phone or another device, such as a USB security key, or a one-time code sent to a phone.

Information given to BriCS for MFA will be stored securely and only used for authentication purposes. It will be stored by BriCS will not be provided to any third-party without the user’s written consent, unless BriCS is required to do so by law.

Personal Use of Facilities

BriCS information and communication facilities are provided for academic and research purposes related to project awards to use its services. Personal use is not permitted.

BriCS facilities should not be used for the storage of data unrelated to research associated with project awards. In particular, BriCS facilities should not be used to store copies of personal photographs, music collections or personal emails.

The use of BriCS facilities to mine, harvest or farm cryptocurrency for non-research purposes is specifically prohibited. Any research driven activity must be approved by the Director of BriCS.

As a University of Bristol entity, all use of BriCS information and communication facilities are subject to University of Bristol policies, including the Investigation of Computer Use Policy (ISP-18).

Unacceptable Use

In addition to what has already been written above, the following are also considered to be unacceptable uses of BriCS facilities. These restrictions are consistent with the JANET acceptable use policy (by which BriCS is bound), University of Bristol acceptable use policy and the law.

• Any illegal activity or activity which breaches any University of Bristol policy (see the Compliance Policy - ISP-03).
• Any attempt to undermine the security of the University of Bristol’s and/or BriCS's facilities.
• Providing access to facilities or information to those who are not entitled to access.
• Any irresponsible or reckless handling of University of Bristol and/or BriCS data (see the Information Handling Policy - ISP-07).
• Any activity proscribed by the Computer Misuse Act 1990.
• Any use which brings the University of Bristol and/or BriCS into disrepute.
• Any use of BriCS facilities to bully, harass, intimidate or otherwise cause alarm or distress to others.
• Sending unsolicited and unauthorised bulk email (spam).
• Creating, storing or transmitting any material that infringes copyright.
• Creating, accessing, storing or transmitting defamatory material, obscene material, indecent material, extreme pornographic material, and prohibited images of children. In the unlikely event that there is a genuine academic need to access such material, the University of Bristol must be made aware of this in advance and prior permission to access must be obtained in writing from the Chief Digital and Information Officer.
• Creating, accessing, storing, relaying or transmitting any material with such intent to radicalise themselves or others (having regard to the University of Bristol’s Prevent Duty under s.26 Counter Terrorism and Security Act 2015 to have due regard to the need to prevent people from being drawn into terrorism). Researchers who intend to access, store or distribute such material legitimately in the course of their work must seek written permission in advance from the appropriate Research Ethics Committee, who may liaise with the University of Bristol's Secretary’s Office. Once ethical approval has been granted, University of Bristol Information Security, the Director of BriCS and the University of Bristol's Secretary’s Office should be notified of this approval. If a user of BriCS facilities believes they may have encountered a breach of this provision, they should immediately contact the Director of BriCS and the University of Bristol's Secretary's Office.
• Using software that is only licensed for limited purposes for any other purpose or otherwise breaching software licensing agreements.
• Failing to comply with a request from an authorised person to desist from any activity which has been deemed detrimental to the operation of BriCS's and/or the University of Bristol’s facilities.
• Failing to comply with a request from an authorised person for you to change the MFA token associated with your BriCS account.
• Attempting to re-identify individuals from pseudonymised or anonymised data except when conducting a legitimate and approved business function.

Users are strongly encouraged to report any breach or suspected breach of the BriCS’s Information Security Policies to the Director of BriCS.

Penalties for Misuse

Minor breaches of policy will be dealt with by BriCS. Principle Investigators on projects and/or the agency who awarded the project allocation may be informed of the fact that a breach of policy has taken place. More serious breaches of policy (or repeated minor breaches) will be dealt with under BriCS's disciplinary procedures, and if necessary, escalated to the disciplinary procedures outlined in the project award allocation. Suspension of access to BriCS services is to be expected in such cases during investigation, with termination of access a possible outcome.

Where appropriate, in consultation with the University of Bristol's Secretary’s Office, breaches of the law will be reported to the police. Where the breach has occurred in a jurisdiction outside the UK, the breach may be reported to the relevant authorities within that jurisdiction.

Further Guidance

• Investigation of Computer Use Policy ISP-18

• Information Handling Policy ISP-07

• Outsourcing and Third Party Compliance Policy ISP-04

• Compliance Policy ISP-03

• JANET Acceptable Use Policy

• JANET Security Policy