NSERC-CMIC Footprints IP and Data Security Guidelines

v2014.10.16

The following Intellectual Property and Data Security guidelines will be followed by all Footprints Researchers and Sponsors:

General

1. Whomever generates Intellectual Property, owns the Intellectual Property.
2. All Sponsor provided data will be considered confidential between the Sponsor and the person it is given to unless designated otherwise by the Sponsor.
3. All Collaborator provided data (e.g. TGI4, MRNQ, SGS, BCGS) will be considered confidential between the Collaborator and the person it is given to unless designated otherwise by the collaborator.
4. All Project generated data will be considered confidential within the Project until published (see Publication Guidelines).

Alfresco Document Management System (ADMS) https://CMIC-Footprints.ca [Members Site]

1. This site is accessible only by approved Project members, for administrative documents, reports, meeting minutes and presentations.
2. Project members have access to most parts of ADMS. There are separate restricted sub-folders for the Board of Directors, Scientific Advisory Board, Research Technical Committee and Secretariat.

Secure File Transfer Protocol (SFTP) Site sftp://CMIC-Footprints.ca

1. This site is used for data and project working documents.
2. Project members have variable degrees of access, based on the following security levels for each Site (Au, U, Cu):

   /Project	This level is accessible by all Project members (Sponsors and Researchers), and is used for public domain documents and Project generated documents approved for release to Sponsors.
   /Site	This level is only accessible by Site Researchers and is used for Site working documents not yet approved for release to Sponsors. Permission from the Site Leader is required before any documents can be moved from /Site to /Project.
   /Dropbox	Accessible only by the Site Leader, but can be contributed to by all Project members, for secure storage or transferring data between locations.
   /Restricted	Contains sub-folders with customized security configurations. These can be used for Sponsor provided confidential data or any other requested setup. Permission from the Site Sponsor(s) is required before any documents can be moved from /Restricted to /Site or /Project.

Acceptable Use Policy

The following policies apply to the use of all Electronic services provided by NSERC-CMIC Footprints, including the public and member's only (Alfresco) websites, the Secure FTP Site, software licenses and any other software related products or services.

1. Electronic services and sponsored software licenses are to be used for purposes relating to the project only.
2. The project strictly forbids any improper use of the electronic services and sponsored software licenses, including but not limited to:
   1. Attempting to circumvent any security measures or taking actions that put the services at risk.
   2. Sharing passwords, Security keys, or using another person's account.
   3. Performing any illegal activity using the electronic services.
   4. Leaving computers or devices connected to the Electronic services unsecured or unattended.
3. It is the responsibility of every project member to report any suspected unauthorized access or security issue to the Project Secretariat.

Confidentiality Agreement

1. I agree to use the electronic services and sponsored software licenses in ways that ensure the privacy and confidentiality of all intellectual property and meet the requirements of the security guidelines.
2. Permission will be requested from the appropriate parties before uploading data to the Electronic services.
3. I will obtain proper authorization before moving data to a different security level.
4. I will ensure that any Project related data not stored on the Electronic services is kept secured from unauthorized access.