General ICT policies of the Scuola Normale Superiore

Users

Use of the computer services of the SNS is reserved exclusively for those with a formalised relationship with the SNS (such as enrolled students, teaching and technical-administrative personnel of the SNS, temporary research assistants, or other personnel operating under an agreement or a nomination on the part of an authority of the SNS).
Research project managers may the temporary inclusion among SNS users of voluntary external collaborators provided they are formally included among the participants in the project and for a period not exceeding the duration of the research project. This type of user is admitted to services provided to the SNS by third parties only when permitted by the relative contract.
SNS users are assigned permits for access to the services, differentiated by category of user, as defined in the table “Assegnazione servizi per categorie di utenti” (“Assigning of services by category of user”) attached to the policy herein and periodically updated with a director's decree on the basis of necessity and of the availability of the services.
At the end of the relationship with the SNS, access to the services is deactivated, with some exceptions necessary for the closure of the relationship, defined in the table “Assegnazione servizi per categorie di utenti” (“Assigning of services by category of user”).
 
Personal accounts
SNS users are provided with a personal account, which, except in same-name cases, is normally of the type name.surname@sns.it .
Users must not allow others to use their personal account; they are required to keep their password safe and confidential, and to change it periodically in accordance with the security criteria suggested when choosing their initial password.
Where possible, alternatively to the personal account, access to the services may be gained using the SPID (Sistema Pubblico di Identità Digitale) (the Public Digital Identity System).

E-mail

The e-mail service is provided to users for the entire duration of their relationship with the SNS, and for a subsequent limited period on termination of the same, depending on the specifications of the table “Assegnazione servizi per categorie di utenti” (“Assigning of services by category of user”). At the end of the said period, the mailbox and its contents will be deleted.
Where possible, personnel who have ceased working for the SNS may request a procedure for facilitating the forwarding of their messages to a new e-mail address.
No e-mail account is assigned to anyone with the same name for at least 5 years after its deletion.
Former undergraduate and PhD students who have duly completed their study course and been awarded the ensuing degree certificate are assigned a mailbox on the domain alumni.sns.it, save for same-name cases.
Mailboxes not used for over a year are in any case deleted.
Individual cloud storage space
Within the limits of the ongoing contract with the cloud service providers, users may be assigned an individual access workspace in accordance with the specifications of the table “Assegnazione servizi per categorie di utenti” (“Assigning of services by category of user”). The service is maintained for the entire duration of the relationship with the SNS, on termination of which the service is deactivated and any residual content deleted.
Networks

SNS network

The Scuola Normale subscribes to the national research management network, (gestore rete nazionale per la ricerca), GARR
SNS users are granted the use of the Scuola Normale Superiore network in accordance with the specifications of the table “Assigning of services by category of user”.
Guests and occasional visitors needing Wi-Fi access during their stay at the SNS have at their disposal a dedicated Wi-Fi network which allows them essential browsing without jeopardising the safety of the SNS network.

Eduroam, IDEM and VPN

As a member of the Education Roaming (eduroam) network, the Scuola Normale guarantees access to the eduroam network to its internal users, as well as to users of all research institutions afferent to it; the said institutions guarantee access at their own premises to SNS users.
The SNS subscribes to IDEM (IDEntity Management per l'accesso federato) (IDEntity Management for federated access), the Federazione Italiana delle Università e degli Enti di Ricerca per l’Autenticazione e l’Autorizzazione (the Italian Federation of Universities and Research institutions for Authentication and Authorisation), designed to create and support a framework for shared management of access to on-line resources. 
For online access to the services of the SNS, those included in the categories of authorised users have at their disposal VPN (Virtual Private Network), accessible using the SNS account credentials.
Services

Migration to cloud platforms

The ICT services are subject to a gradual process of migration to Cloud platforms in accordance with the Piano Triennale per l’informatica nella Pubblica Amministration (the Three-Year Plan for information technology in Public Administration).

Storage

In accordance with the table “Assigning of services by category of user”, the SNS provides its users with a storage system for shared documents, as well as backup of data and systems related to SNS critical apps.

Cloud services for research structures

The computer infrastructures of the laboratories, centres and research groups of the SNS, with the sole exception of servers and storage for scientific calculation, must be certified on external Cloud platforms.
Research structures may be assigned a Cloud storage space within the limits of the provisions of the contract with the providers.
Added storage space may be acquired using research funds.
With the exception, on the part of the structures in charge of the ICT services, of the consultation necessary for the planning and activation of new services on Cloud platforms, research structures that activate computer services or apps are responsible for their installation, management and maintenance. In compliance with the privacy and security standards required by prevailing legislation.
The planning and funding of activities must take into account the maintenance of the said security standards for the entire period of operation of the service or app, possibly also after the conclusion of the research projects for which they were developed.
Apps not correctly managed and/or obsolete that could compromise the security of the SNS infrastructure must be deactivated immediately. In this case, the computer security manager notifies those involved of the necessity to interrupt the service and verifies the securing process or the deactivation of the app.

Web Servers

The structure in charge of ICT services manages a hosting and housing system for the provision of web sites or dedicated service apps to institutional sites and to services of general interest or dedicated to administrative management.
The Centro HPC (High Performance Computing Centre) provides a hosting service for virtual machines and web sites designed for the sharing and development of research.
A systems administrator must be appointed for each server, web site or app, who is required to act in full compliance with legislation and good practice, and to follow the indications provided by the operators regarding architectures, systems, and app and bookshelf updates.

GARR Certificates

The Scuola Normale has at its disposal an internal Registration Authority (RA) for the issuing of X.509 server and personal certificates issued by Certification Authorities selected by GARR.

Printing system

The SNS is equipped with a multifunction printer system managed by the appointed offices. The use of local printers is not advisable, since these are not provided with a support service.

Mailing lists

The SNS has active mailing lists, to be used exclusively for activities coherent with the institutional purposes of the SNS.
The mailing lists can be classified according to the following types:
-       institutional lists of the SNS: these are managed centrally and are updated by an automatic procedure that associates users of the Scuola Normale to the relative categories;
-       service lists, managed by the individual administrative structures of the SNS and designed to create thematic communication channels on specific user services;
-       external personnel lists, available solely to members and to authorised personnel, for communications exclusively linked to administrative processes or service communications;
-       lists freely created and managed by groups of SNS users. These must be set up in such a way as to enable visibility of those belonging to the list and, when utilised to send messages, they must render clearly identifiable the person responsible for the transmission of each message.
Security
For security reasons, obsolete and non-updatable devices or apps are not permitted within the SNS network. It is the responsibility of the proprietors or assignees of compromised devices or apps to reinstall them or, if they cannot be reinstalled, to disable them.
It is not permitted to carry out network scanning or scanning of devices internal or external to the SNS. 
The structures responsible for ICT services and for ensuring computer security may limit, suspend or block access to the services or subsets thereof in the wake of changes to legislative requirements, security or technical problems, or for the safeguarding of the interests of the SNS.
Disaster Recovery
The critical services (networks, authentication systems, e-mail, telephone system, and apps essential to the functioning of the central administration) have at their disposal the Business Continuity / Disaster Recovery service.

Hardware e Software

Hardware

It is not permitted to connect non-authorised network devices or to connect servers or other external equipment to the data centres of the SNS.
All devices connected to the SNS network must respond to minimum requisites in terms of security, such as the updating of the operating and security systems. In addition, they must not contain software that is not correctly licensed.

Software

Software and apps of common use (such as operating systems and office automation programmes) are acquired centrally for SNS users.
Devices acquired with research funds are installed by the user, with the support of the Helpdesk service. Software and apps specific for research are acquired directly from research funds at the request of those involved.
Software is installed centrally on all the workstations managed by the structure responsible for the ICT services.
New software for the management of administrative-management processes must first be assessed by the structure responsible for the ICT services, in order to define the specific techniques and to verify the requisites of interoperability with the existing systems.
Any software or apps that are damaging and/or potentially hazardous for the SNS infrastructure and/or not correctly licensed must be removed.

Assistance

The hardware and software assistance services must be envisaged preferably at the acquisition stage; in any case, they are the task of the structures or individuals that arranged for their acquisition.

Lending of PCs and devices for smart working

Depending on the availability of equipment, the users of the SNS computer services can access the laptop lending service for the purposes of study or research, for periods of no longer than 15 days.
In addition, the SNS provides its technical and administrative personnel with the technological tools necessary to enable online working, bearing the costs of provision, installation, maintenance and repair, and guaranteeing constant updating of the security mechanisms.
In all cases, assignees of devices must undertake the following:
-       to guarantee their safekeeping with the utmost care and not to allow their use by others;
-       to utilise the said tools for the sole purpose for which they were lent (work, study or research tasks);
-       not to install on the said devices software that is not licensed or authorised; 
-       to connect in a protected and secure way to the SNS computer network via the use of VPN;
-       to return the device at the termination of the assigned period.
HelpDesk
The SNS HelpDesk service offers assistance with network access, the most commonly used software, connections to the most common peripheral devices, and in general with the computer services of the SNS. Users' requests are managed through a ticketing system and the service can be dispensed, where possible, by the use of online control tools.

Scientific computing
Through the Centro HPC (High Performance Computing Centre), the SNS provides technological support and tools to groups, research centres and laboratories whose activities require the use of calculation apps, simulations, Data analysis, Machine Learning and Artificial Intelligence. 

Terms and conditions of use
The computer services of the SNS, and in particular the e-mail, Cloud storage and network services, may be used by users only for institutional purposes and in compliance with the following conditions:
full compliance with the prevailing legislation regarding privacy, the protection of copyright and the use of computer and telematic systems;
respect for the principles and values of the SNS Ethical Code;
compliance with the prevailing policies defined by GARR and by the SNS;
avoidance of interference with the use of the services by other users;
avoidance of activities designed to access the accounts of other users in a fraudulent manner or to access services without the requisite authorisation.
Users:
-       take on full responsibility for contents sent by e-mail or uploaded onto the storage assigned to them and possibly shared with others;
-       agree not to upload or disseminate, in any format whatsoever, contents that are defamatory, obscene, discriminating, confidential or in any way illegal, or malware (software that can damage computers, programs, files or data);
-       assume full penal and civil responsibility, as well as any penalty deriving from the improper use of the above mentioned services;
-       by the same token, relieve the SNS of any claim or legal action made against the SNS itself, by any subject whatsoever, as a consequence of any improper use.
The Internet services of the SNS are provided to users via the network managed by the Consortium GARR, which envisages regulations of use of the network as illustrated in the Acceptable Use Policy.
The use of the Internet resources of the SNS presupposes that the user has understood and accepted the said regulations in their entirety.
 

 
NOTES
(1) For any categories not present in the table, the attributions of the most similar categories are considered. For the categories marked with (*) please refer to the detailed list.
(2) Save for inactivity of the e-mail box for more than 1 year. For students, the date of graduation is considered as the date of termination of employment.
(3) Save for software essential for the teaching activity not usually provided by the institution of appurtenance.
(4) Those who do not receive fees or reimbursements are counted as temporary guests.
(5)Temporary Guest Account.