Acceptable Use Policy

v1.4
December 9, 2025

When you first create your ACCESS ID, and every 12 months thereafter, you will be asked to accept and re-acknowledge your responsibilities regarding use of ACCESS systems and services, as well as use of ACCESS-allocated resources at ACCESS Resource Provider sites.

ACCESS and all affiliated Resource Providers have legal obligations to protect shared services and resources. You share this responsibility by observing and upholding the rules of acceptable use that are outlined in this document.

Violations of this ACCESS AUP or Resource Provider policies may result in loss of access to both ACCESS services and Resource Provider resources. Activities in violation of any laws will be reported to the proper authorities for investigation and prosecution.

Your online assent to this Acceptable Use Policy (AUP) is your acknowledgment that you have read, understand and accept your responsibilities when using ACCESS services and any ACCESS Resource Provider resources. If you have questions, please contact the ACCESS Help Desk at https://support.access-ci.org/open-a-ticket.

By using ACCESS-managed services and/or Resource Provider resources associated with an ACCESS allocation (hereafter, “ACCESS services and allocated resources”), you agree to comply with the following conditions of use:

1. You will provide and maintain current, valid and verifiable information regarding your identity, organizational affiliation, and contact information associated with your ACCESS ID and ACCESS User Profile. Your primary e-mail address must be your current organizational e-mail address.
2. You will protect all accounts (i.e., IDs, account names, usernames) and credentials (e.g., passwords, private keys, tokens and [DUO or other] authenticator codes) that you use to authenticate to ACCESS and ACCESS Resource Provider resources. This includes:
   
   • Using a strong, unique password for your ACCESS ID (e.g., see https://www.cisa.gov/news-events/news/choosing-and-protecting-passwords)
   • Only entering your ACCESS credentials into access-ci.org sites and ACCESS Resource Provider systems that accept ACCESS credentials for login.
   • Keeping your accounts and credentials private.
3. You will not share your ACCESS accounts nor credentials with anyone else.
4. You will have only one ACCESS ID. If multiple identities are discovered for the same individual, those accounts and profiles will be merged or voided at ACCESS’s discretion.
5. You will not use ACCESS services nor allocated resources for financial gain nor any unlawful purpose, nor attempt to breach or circumvent any ACCESS or Resource Provider administrative controls or security controls. You will comply with all applicable laws and relevant regulations, such as export control law and HIPAA.
6. You will immediately report any known or suspected security breach or misuse of ACCESS access credentials to ACCESS Operations Cybersecurity at https://operations.access-ci.org/report-security-incident.
7. You are responsible for backing up your data. Use of ACCESS services and allocated resources is at your own risk. There are no guarantees that resources and services will be available, that they will suit every purpose, nor that data will never be lost nor corrupted. 
8. You accept necessary data sharing by ACCESS: Logged information, including information provided by you for registration purposes, is used for administrative, operational, accounting, monitoring and security purposes. This information may be disclosed, via secured mechanisms, only for the same purposes and only as necessary to other organizations cooperating with ACCESS, as defined in the ACCESS Privacy Policy (https://access-ci.org/privacy-policy).
9. You agree to abide by the ACCESS Code of Conduct in your interactions with users and staff. See ACCESS Code of Conduct (https://access-ci.org/code-of-conduct/).
10. In manuscripts submitted for publication and any other citable works, you will acknowledge all ACCESS services and use of specific ACCESS Resource Provider resource(s) contributing to research results. See https://access-ci.org/about/acknowledging-access/.
11. You agree to abide by the terms and conditions of 3rd party applications that you make use of through ACCESS and Resource Providers. It is your responsibility to read and understand those terms and conditions. For example, ACCESS uses Globus services for data transfer and other purposes. When you use Globus, you accept the Globus Terms of Service (https://www.globus.org/legal/terms).
12. You will comply with other applicable ACCESS policies and those of ACCESS Resource Providers.

The following acceptable use responsibilities apply more specifically to Resource Provider resources and services, including those allocated through ACCESS processes and any ancillary services to which use is authorized as part of an ACCESS-allocated project:

1. You will protect all Resource Provider login accounts and credentials (e.g., private keys, tokens, passwords, etc.) that are issued for your use by each ACCESS Resource Provider.
2. You will not allow any other person, nor automated processes not initiated by you, to use any of your personal ACCESS Resource Provider accounts and credentials.
3. If you are authorized to use or administer special purpose accounts (e.g., Science Gateway accounts), then you will secure and not share your access to these special purpose accounts.
4. You will only use ACCESS Resource Provider resources to perform work consistent with the stated allocation request goals and conditions of use as defined by your approved ACCESS project, this ACCESS Acceptable Use Policy, and the ACCESS Resource Provider’s policies.
5. Access-granting organizations, your ACCESS allocation’s Principal Investigator (PI), and ACCESS Resource Providers are entitled to regulate, suspend or terminate your access, and you agree to comply with their instructions.
6. Allocations on Resource Provider resources are awarded for open research intended for publication together with support for educational and training activities. You will respect all applicable intellectual property rights and adhere to confidentiality agreements.
7. You are responsible for working with your local government, home organization and ACCESS Resource Providers to determine what regulations may apply to you regarding your activities and data use such as export control law or HIPAA.

The following acceptable use policies apply specifically to Principal Investigators (PIs), who apply for ACCESS project allocations and are responsible for managing approved ACCESS project allocations, and the conduct of people they add to their approved ACCESS projects.

1. PIs are responsible for properly vetting all people that they add as authorized members of their project allocations, and by doing so the PI attests that the ACCESS ID of each authorized member corresponds correctly to the intended person. PIs will also ensure that individuals who use Resource Provider resources on the PI’s ACCESS allocation adhere to this Acceptable Use Policy.
2. PIs are responsible for removing users from their allocated projects as soon as these users are no longer authorized to use project allocations.
3. PIs are responsible for ensuring that all authorized users of their project allocations are free from any research security prohibitions defined by the National Science Foundation or other federal agencies. See https://www.nsf.gov/research-security.
4. Consistent with NSF policy (see https://www.nsf.gov/news/notice-to-the-research-community-on-ai), allocation request proposals and supporting documentation are prohibited from being uploaded to non-approved generative AI tools.