|
|
9. JANET Policies and Legal Requirements
|
ON THIS PAGE |
>> |
JANET(UK) manages JANET in accordance with policies set by JISC. The JANET Eligibility Policy defines explicitly who can connect to JANET. All FE and HE organisations and Research Councils are entitled to a Primary Connection to JANET. This type of connection provides access to the full range of network services and support at levels specified in an SLA between JISC and JANET(UK). JISC can also allow other bodies to have a Primary Connection if they are primarily engaged in education or research, or will only use the connection for collaborative research. Further information about connecting to JANET as a primary site may be found in Section 2 of this manual. These are available to organisations responsible for the operation of a network, to connect that network to JANET subject to JANET(UK) and JISC's agreement. The network will normally be supporting the broader education and/or research community or be delivering educational services to communities that are not directly connected to JANET, such as schools. Interconnect Connections are not subject to the JANET SLA. Only an IP service is normally available - other JANET services are only provided by arrangement. Further information about Interconnect Connections can be obtained from the JANET Service Desk. All organisations connected to JANET are subject to the JANET AUP. This permits JANET to be used for any purpose that is legal, that is socially acceptable to the community JANET serves, and that does not cause degradation of the performance of the network beyond that which might reasonably be expected. All use of the network does, of course, have an impact on performance; the intent is to prevent reckless or inconsiderate activities by members of one organisation causing inconvenience to others. A key concept of the AUP is that activities, other than those that are detailed below, are permissible when they are in accordance with the aims and policies of the organisation concerned. An organisation may therefore make its own policy regarding recreational use of JANET by its staff and students, or regarding the use of JANET by departments engaged on external contracts, or by staff engaged upon authorised private consultancy work. Most categories of unacceptable activity are designed to take account of relevant legislation. JANET may not be used for any of the following:
Where advertising material is embedded within, or is otherwise part of a service to which the user has chosen to subscribe, it is deemed to be permissible. Similarly, JANET(UK) would be prepared to sanction the use of JANET to transmit obscene or offensive material where this was necessary in pursuance of a properly supervised research project. In these circumstances the organisation must obtain permission from JANET(UK) prior to commencing the project, accept responsibility for the legal restrictions that exist and ensure that they are adhered to. Note that the organisation may be legally liable for serious breaches of these restrictions. Where an organisation is shown to have breached the AUP, JISC may decide to either temporarily suspend the JANET service or withdraw the service for an indefinite period. A copy of the AUP is sent to each organisation when an initial enquiry is made about the connection process. Additional copies may be obtained from the JANET Service Desk, or the JANET web site at: Producing a Local Acceptable Use Policy All JANET-connected organisations should formulate a local AUP and ask staff and students to sign a declaration to confirm that they will abide by its rules. Students under the age of 18 should have their forms countersigned by their parent or legal guardian. Suggested Headings for Formulating an AUP
UCISA publishes model regulations for use of organisational IT facilities and systems at: There is some limited advertising on the network at present. The formal policy on advertising is set by JISC in the AUP, and JANET(UK) is responsible for applying that policy. The JANET Factsheet Advertising describes how this policy is interpreted. Copies of the JANET Security Policy are available at: or from the JANET Service Desk. JANET is an open network that can be accessed worldwide via the Internet. As such it is subject to security threats from both external and internal sources. Security problems on the Internet or at specific JANET sites can easily spread their impact around the network. Many organisations now rely on the network and connected systems to do their teaching, research and administration. It is therefore increasingly important to protect against security incidents, for example:
Each organisation and user connected to JANET is required to comply with the JANET Security Policy. Organisations with a Primary Connection and others who connect third parties to the network have particular responsibility for the security of both their connection to JANET and that of any Sponsored or Proxy Connections made via their site. They must also ensure that information about security problems can be communicated both within the organisations they provide connections for, and between those organisations and JANET(UK). All organisations with a JANET connection have a duty to:
All users are required to abide by both JANET-wide policies and those local to their organisation and location, and must cooperate with their organisation and the network operator. In particular, they must follow good security practice and not act in a way that puts the network or connected systems at risk. The JANET Security Policy recognises that different approaches to security will suit different organisations, and leaves it up to each organisation to choose an appropriate way to meet its obligations under the Policy. It is essential that organisations with a Primary Connection have at least one nominated security contact available to provide and receive information on behalf of their organisation. It is accepted that the level of cover will vary depending on the size of the organisation concerned. However, all organisations must accept that, in an emergency, it may become necessary to temporarily disconnect the site if the security contact cannot be reached by JANET CSIRT. Further information about the JANET Security Policy and advice on setting up a suitable security system for an organisation may be obtained from JANET CSIRT. Section 7 also covers security issues in more detail. The operation and use of networks is subject to various legal requirements. Current information about requirements that are particularly relevant to network and system managers can be found at: More general information is available from the JISC Legal Information Service, including a brief guide to IT Law for FE and HE Senior Management. Network and system managers should be familiar with at least the relevant provisions of the following Acts: Computer Misuse Act 1990 http://www.hmso.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm Data Protection Act 1998 http://www.hmso.gov.uk/acts/acts1998/19980029.htm Regulation of Investigatory Powers Act 2000 http://www.hmso.gov.uk/acts/acts2000/20000023.htm Malicious Communications Act 1988 http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880027_en_1.htm The Law Relating to Third Party Access to Data The London InterNet eXchange (LINX®) has published a Best Current Practice document on privacy, which contains useful guidelines on dealing with statutory notices. Further information about logfiles and third party access to data, including the new RIPA powers, may be found in the JANET Guidance Note on Logfiles. See also the Data Protection Act 1998 and the Regulation of Investigatory Powers Act 2000.
|
<< |
MANUAL CONTENTS
|
|
|
© The JNT Association - Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0SG. Tel: 01235 822200 Fax: 01235 822399
"));
