Safe Share Acceptable Use Policy

Download as PDFDownload as PDF

Safe Share Acceptable Use Policy

Version 3 – May 2017

Background

  1. Safe Share is the name given to the encrypted overlay network, including hardware, software, configuration and policies required by Jisc to provide a higher assured network. This virtual network allows secure data transfer between authorised End sites within a specific service slice.
  2. This Acceptable Use Policy applies in the first instance to any organisation authorised to use Safe Share (a “Customer Client”). It applies also to use of Safe Share by Customer Client’s own Users and all those to whom it otherwise provides with access to Safe Share (collectively, its ''Users”). In conjunction with the Janet Security Policy, it is an integral part of the Terms and Conditions for the Provision of the Safe Share Service (the “Safe share Terms and Conditions”).
  3. The Safe Share Acceptable Use Policy does not determine the eligibility of any particular organisation or individual to have a connection to and use Safe Share. Eligibility is determined by the Eligibility Policy and the service slice owning body. The Acceptable Use Policy merely defines acceptable and unacceptable use of Safe Share by those who have been provided with access to Safe Share under the terms of the Safe Share Eligibility Policy.
  4. Copies of the Safe Share Terms and Conditions, and of the Eligibility and Security Policies may be found on the Jisc website.

Acceptable Use

  1. A Customer Client and its Users may use Safe Share for the purpose of secure access to or exchange of data with other End attached to networks which are reachable via Safe Share. All use of Safe Share is subject to the Safe Share Terms and Conditions.
  2. Subject to clauses 8 to 16 below, Safe Share may be used by a Customer Client and its Users for any lawful activity in furtherance of the missions of the Customer Client. Use by the Customer Client and its Users may be in pursuance of activities for commercial gain as well as for not for profit activities. (See Note 1.)
  3. It is the responsibility of the Customer Client to ensure that its Users use Safe Share in accordance with this Acceptable Use Policy, and with current legislation. (See Note 2.)

Unacceptable Use

  1. Safe Share may not be used by a Customer Client or its Users for any activity that may reasonably be regarded as unlawful or potentially so. This includes, but is not limited to, any of the following activities. (See Note 3.)
  2. Creation or transmission, or causing the transmission, of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material. (See Note 4.)
  3. Creation or transmission of material with the intent to cause annoyance, inconvenience or needless anxiety.
  4.  Creation or transmission of material with the intent to defraud.
  5. Creation or transmission of defamatory material.
  6. Creation or transmission of material such that this infringes the copyright of another person.
  7. Creation or transmission of unsolicited bulk or marketing material to users of networked facilities or services, save where that material is embedded within, or is otherwise part of, a service to which the user or their End site has chosen to subscribe.
  8. Deliberate unauthorised access to networked facilities or services. (See Note 5.)
  9. Deliberate or reckless activities having, with reasonable likelihood, any of the following characteristics:
    1. wasting staff effort or Safe Share resources, including time on end systems on another End site’s network, and the effort of staff involved in the support of those systems;

16.2 corrupting or destroying other users’ data;

16.3 violating the privacy of other users;

16.4 disrupting the work of other users;

16.5 denying service to other users (for example, by overloading of access links or switching equipment, of Safe Share services, or of services or end systems on another End site’s network);

16.6 continuing to use an item of software or hardware after the Safe Share Service Manager or their authorised representative has requested that use cease because it is causing disruption to the correct functioning of Safe Share;

16.7 other misuse of Safe Share, such as the introduction of “viruses” or other harmful software via Safe Share to resources on Safe Share, or on another End site’s network.

Access to Other Networks via Safe Share

  1. Where Safe Share is being used to access another network, any deliberate or persistent breach of the acceptable use policy of that network will be regarded as unacceptable use of Safe Share. Any activity as described in clause 16 above, and where applied either to a user of that network, or to an end system attached to it, will also be regarded as unacceptable use of Safe Share.
  2. Any deliberate or persistent breach of industry good practice (as represented by the current standards of the London Internet Exchange) that is likely to damage the reputation of Safe Share will also be regarded prima facie as unacceptable use of Safe Share.

Compliance

  1. It is the responsibility of the Customer Client to take reasonable steps to ensure its Users’ compliance with the conditions set out in this Policy document, and to ensure that unacceptable use of Safe Share is dealt with promptly and effectively should it occur. The discharge of this responsibility includes informing all Users of the End site with access to Safe Share of their obligations in this respect. (See Note 6.)
  2. Where necessary, service may be withdrawn from the Customer Client, in accordance with the Safe Share Terms and Conditions. Where violation of these conditions is unlawful, or results in loss or damage to Safe Share resources or the resources of third parties accessible via Safe Share, the matter may be referred for legal action.

Explanatory Notes

Note 1: The Acceptable Use Policy does not make any particular statement as to the acceptability of using Safe Share for activities resulting in commercial gain to the Customer Client, other than this is acceptable where lawful. However, it should be noted that there are legal constraints applying to a publicly funded Customer Client in such activities. Where the End site is operating as an economic undertaking the issue of State Aid will need to be considered. There is also an issue of the status of both Safe Share and the Customer Client’s network as private networks.

Note 2: It is preferable for misuse to be prevented by a combination of responsible attitudes to the use of Safe Share resources on the part of its users and appropriate disciplinary measures taken by their Customer Clients.

Note 3: The list of unacceptable activities in this section is not exhaustive. The purpose is to bring as clearly as possible to the reader’s attention those activities most commonly associated with the abuse and potentially unlawful use of a network.

Note 4: It may be permissible for such material to be received, created or transmitted where this is for properly supervised and lawful purposes. This may include, for example, approved teaching or research, or the reception or transmission of such material by authorised personnel in the course of an investigation into a suspected or alleged abuse of the institution’s facilities. The discretion to approve such use, and the responsibility for any such approval, rests with the Customer Client. Universities UK has provided guidance on handling sensitive research materials.

Note 5: Where a Customer Client wishes to commission or itself perform a test for vulnerabilities in its IT systems (for example, via “penetration testing”) this, as an action authorised by the End site, will not be a breach of clause 15. However, the Customer Client should inform the Safe Share Service Manager, in advance of the test, of the source, nature and timing of the test. This is to avoid wasting the time and resources of Janet network CSIRT in investigating the perceived attack on the Customer Client, or automatically blocking it.

Note 6: In order to discharge this responsibility, it is recommended that each Customer Client establishes its own statement of acceptable use within the context of the services provided to its Users. This should be cast in a form that is compatible with the provisions of this Acceptable Use Policy. Such a statement may refer to, or include material from this document. If material is included, this must be done in such a way as to ensure that there is no misrepresentation of the intent of the Safe Share Acceptable Use Policy. The Jisc Help Desk can advise on this aspect if required.