[Draft – not yet approved by the Computer Committee.]
[After approval this will be announced to the Membership as a Computer Committee fiat.]
Much of the information needed to access these resources is not secret (e.g., contact information for the provider, account names, etc.) and shall be published on the Current Services page of the Computer Committee section of NESFA's web site so that it can easily be found by any member. The people currently responsible for each resource shall also be listed there.
For each resource, the persons authorized to know the password or other access control information are those designated as responsible for managing and maintaining that resource plus the members of the Computer and Web Committees and any other individuals who are expected to deal with emergency situations.
To enable dealing with emergency situations when none of the responsible people are available, the secret information for each resource shall be written down, sealed in an envelope identifying it as emergency access-control information and marked with the name of the resource to which it applies and the date on which it was sealed; this envelope shall be placed in the Computer Committee safe. That safe can be opened by any member of the E-Board or of the Computer or Web Committees; if necessary the combination can be obtained from those people by telephone.
Whenever such an envelope is opened, the person opening it should as soon as possible both notify one of the people responsible for that resource and post to the geeks mailing list the fact that it has been opened and a brief report on what problem occured and what was done to solve it. The secret information should be resealed and returned to the safe so it remains available in case of a further emergency.
Passwords (or other access-control secrets) for most resources should be changed periodically and whenever they have been revealed to a person not ordinarily authorized to know them or are thought to have been compromised. When this is done a new emergency-access envelope is prepared and placed in the safe and the old one is destroyed. The new information must be communicated in a timely and secure manner to the persons authorized to know it.
Last updated 26 July 2006 by Dave Anderson