Acceptable Use and Security Policy


#1

CLIMB is a service provided for academic research, funded by the MRC. It is a large computer system, and there is the potential for users to abuse the service, or to do things that are unwise from a security or privacy point of view. This policy defines the acceptable use policy and the security policy for CLIMB.

If you disagree with these policies, you cannot use CLIMB. If you use CLIMB, you are assumed to agree with these policies.

Breaching these policies will result in a warning in the first instance, followed by a ban from the service in the case that there are continued breaches. Particularly serious breaches will result in a permanent ban from the service, complete with a full accounting of the reasons for that ban. This account will be sent to your PI and head of department to avoid any confusion as to why you cannot use the service anymore.

CLIMB takes no responsibility for any damage (financial or reputational) caused by a failure to abide by the policies outlined below.

Lines of responsibility

In order to create clear lines of responsibility for research staff using the system - because of the potential for abuse - we operate a system whereby PI’s register for accounts and nominate users from their groups to be given access to VMs on the system. These PI’s are explicitly taking responsibility for the behavior of their users. In the case where a user is in breach of the T&C’s, we will contact that user, and where relevant, will copy in their PI.

Account/Data Security

Keep your passwords safe. The system gives you access to a considerable amount of computational resource that those interested in undertaking nefarious activities would probably also like access to. It is in your interest to keep your password secret and to change your password if you believe it to be compromised at any point. Sharing your password with others is a direct breach of the usage policy for CLIMB.

Backup your data. CLIMB is not a repository for dumping your old data for long term storage. We have a system that is designed for resilience and to survive any number of conceivable issues that could result in data loss. However, we do not backup your data. There is a possibility that your data could be lost. If this will be an issue for you, make sure your data is backed up elsewhere.

Use

CLIMB is a system that is designed and funded to support medical microbiological research. If your research is not focused on examining questions that relate to microbial organisms then you should not make use of CLIMB. In special cases (and where capacity is available) CLIMB can, at the discretion of the management team, provide support to other medical-related projects that have a need for large amounts of compute/storage. However, this is only in very special cases.

It should also go without saying that there are a number of activities that fall outside the microbial bioinformatics research area that are clearly unacceptable on CLIMB. This includes (but is not limited to) hacking, hosting of illicit or illegal media and bitcoin mining. In the case where any of these take place, we reserve the right to either contact the police or the users employing institution to commence legal/disciplinary proceedings.

Bottom line: if you sign up to the system, and you don’t use it for microbiological research, (and try to hide it from the project) then we reserve the right to ban you and delete your data. If you sign up and use the system for really stupid and/or illegal activities, then expect us to follow this up with the relevant authorities

Data on CLIMB

CLIMB is provided as a service for analysing large quantities of microbial data. We mostly don’t mind what sort of data you feed in, but we have one major exception - patient identifiable data. Storing patient identifiable data on the system is unacceptable. We cannot provide a guarantee that our security is sufficiently rigorous to store patient data. If you disregard this information and store patient identifiable data on the system, you are in breach of the terms of use of the system and any adverse consequences are wholly your responsibility.

Security Policy

By using CLIMB you are spinning up a VM on a system running on one of the host Universities. By doing this you are bound by the host Universities security policy, as well as your own Universities security and data policy. Just because you are using CLIMB doesn’t mean you get out of your responsibilities to your home institution.


CLIMB data security policy
#2