Hi Jon,
Its surprising, but there are very few external policy constraints placed on the Tier-1 with regard to keeping the data safe and secure. Certainly neither the WLCG or GRIDPP MoUs have much to say in this matter. As you point out EGI just refers to site policy and our site policy has become very high level.
STFC does have a scientific data policy,
http://www.stfc.ac.uk/Resources/pdf/STFC_Scientific_Data_Policy.pdf
but that is focused much more on the grant holders/scientists rather than the black box service providers such as RAL. As far as I can see we feature very deep inside the section where you guys are meant to have a data management plan. In any case the policy is very new and existing projects have yet to fully adapt/implement it I suspect.
Although we/WLCG seem to have no written policy we do clearly have a set of cultural assumptions that loosing
the data is a "bad thing". Experience shows people get grumpy when it happens, however despite wishful thinking to the contrary, given the software/hardware stack we run some risk of data loss is inevitable. I can provide some detailed operational data in this area as we keep a series of metrics and logs measuring data loss.
You described how your request was driven by a possible change in the way T2K plan to store and keep safe their data particularly the use and expectations placed on the Tier-1. I think two things would be useful:
1) You should let Dave Britton know what you are planning and what level of service you expect from RAL.
I think its something the PMB should discuss. There is a precedent for this in that we act almost as a Tier-0
for mice and at very small scale do things we don't normally do (eg provide multiple copies of key data).
2) It would probably be helpful if I draft some statement of policy, practice and operational experience as to how the Tier-1 manages data. What it provides and what it expects. I suspect in due course (given the drive by STFC in the policy area) I'd need to do that anyway. I probably cannot do that at the earliest until the end of next week, more likely the week after. It doesn't need to be particularly long and it might be healthy to make clear what our commitments and capabilities are in this area.
If you guys want to discuss we can talk next week (am back in the office from Wednesday) or you can turn up at the Tier-1 liaison meeting on evo if you wish a more open format than a phone call. Maybe the storage group might wish to take it in which case I can come along to that.
Sorry that's all I've got - I seems a remarkable gap but the fact is it doesn't seem to be written down AFAIK.
I've had an interesting afternoon exploring this matter within the department - pickings are quiet thin.
Regards
Andrew
> -----Original Message-----
> From: Jonathan Perkin [mailto:[log in to unmask]]
> Sent: 10 February 2012 13:20
> To: [log in to unmask]; Sansum, Andrew (STFC,RAL,ESC)
> Subject: Re: Site security policies?
>
> Hi,
>
> I think what we're after ideally is some sort of statement that
> encompasses both "guarantees about sites keeping data confidential" and
> "keeping it at all". Of course, if these are addressed by separate
> policies then separate statements would be fine!
>
> Cheers
>
> Jon
>
>
|