Acceptable Use Policy

Policies around using Github and other software at DHSC. This policy applies in addition to DHSC data protection and information management policies.

Who this policy applies to

This policy applies to all users of this Github organisation.

General principles

Github may be used to store:

• Source code;
• Reports and documentation;
• Small, non-sensitive data sets (where connecting to the original, published source is not practical).

Github usage

All users will:

• Follow all relevant information governance procedures, and report any security incidents, in line with the relevant DHSC policies;
• Create secure passwords, protect their login credentials appropriately, and not share their account or login credentials with any other person;
• Require two-factor authentication to log into their user account;
• Store all DHSC work in this Github organisation;
• Not store any work in public repositories without obtaining prior written permission from their line manager;
• Be allowed to use personal laptops to clone or interact with work stored on this GitHub organisation, if the repository contains no policy-sensitive code or data;
• Follow guidance on making source code open and reusable;
• Not use the Github organisation to undertake any illegal activity or any activity that could harm DHSC's reputation or compromise the security of data or IT systems.

Repository admins will:

• Provide access to private repositories on a need-to-know basis only;
• Ensure that repository users have the correct (minimum required) read/write permissions;
• Ensure that repository users only have access to the minimum data required for them to perform their job;
• Regularly review access permissions for repository users, including when users join or leave DHSC.

Data storage

All users will:

• Not store any large data sets (> 5,000 records) in GitHub, unless there is a temporary, operational reason for doing so;
• Not store any data, source code or documentation containing sensitive information;
• Not store any data, source code, or documentation containing personal information;
• Not store any data, source code, or documentation that was designated for DHSC network systems only;
• Not store any credentials or secrets;
• Not store any data or project materials that is classified as SECRET or TOP SECRET;
• Not store any data without permission from the project owner (and/or data owner);
• Ensure that all transfers of data are conducted safely and securely.
• Remove output from notebooks: https://github.com/kynan/nbstripout

Public repositories

You may only store work in a public repository if you have:

• verified that the work contains no sensitive information or secrets;
• obtained prior written permission from your line manager;
• followed guidance on making source code open and reusable.

Organisation management

Membership of this Github organisation is managed by the DHSC Data Science Hub (in OCA). DHSC Data Science Hub leadership team will receive Admin rights to this organisation. They will aim to provide the correct (minumum required) read/write access level to each new member. By default, this is 'Member' access.