• Skip To:
Alt + 0 to show this section,Tab to navigate forward,Shift + Tab key to navigate backward,Enter to access link, and Esc to reset
Alumni FAQ

Help and FAQs

Navigation

Back to Home
Navigation
Back to Home
Privacy Policy
Cookie Policy
Frequently Asked Questions
Terms Of Use
Security Operating Procedures

Security Operating Procedures

GALAXY ALUMNI:

User Security Operating Procedures (SyOPs)- serving personnel 

Introduction

1. This document constitutes the Security Operating Procedures (SyOPs) for the Galaxy Alumni service. They are issued by System/Platform Manager in accordance with MOD Departmental Security Regulations and have been approved by the Air Accreditor. All personnel using the training system are to formally confirm that they have read, understood, and will comply with these SyOPs and no departure from or amendment to them is permitted unless the System/Platform Manager gains prior authorisation from the Accreditor.

2. Disciplinary action may be taken against those personnel who breach or ignore these orders as per JSP 440 and AFA 06. Any incident that has, or is likely, to compromise the security of the system is to be reported immediately to the RAFP Protective Security (PS) Section who will in turn inform the Air Warning Advice & Reporting Point (WARP).

Description of the System

3. The purpose of the Galaxy Alumni service is to enable individuals who have left the RAF and those still serving in the RAF to have a networking and informal communications platform to stay in touch and benefit from Alumni services (e.g., job search opportunities).

Level of Protective Marking

4. Galaxy processes and stores data/information that is Personal, it will not transmit, process or store any classified information or data (e.g., OFFICIAL) and by consequence there are no codewords or caveats associated with this data/information.  Personal information/data stored or processed on the system is safeguarded in alignment with MOD data protection policy.

User Responsibilities

5. User security responsibilities are described in these SyOPs. Additional responsibilities for specific roles which are not relevant to general Users are detailed in specific Annexes, see below.

a. Unit System/Platform Manager security responsibilities are described in Annex A;

Personnel Security

Security Clearance Level and Access

6. All authorised users of the system are not required to be security cleared or vetted; however ex-serving Users will have been cleared to a minimum of BPSS (most SC) in the past although now expired and serving personnel will be cleared to a minimum of BPSS (most SC).

7. Unit System/Platform Manager requires as a minimum an SC security clearance.

8. Users who are serving personnel will not be granted access to the system until they have read, understood, and agreed to comply with these SyOPs. Ex-Serving personnel will agree to a Terms of Use (ToU) at Annex C.

Computer Misuse

9. All training system users are to comply with the MOD’s Acceptable Use Policy, JSP 740. In summary Users are not to.

a, Attempt to access areas where they are not authorised to access;

b. Attempt to damage the system to prevent its use;

c. Make unauthorised modifications of the system or the information contained within it.

Passwords

10. All passwords are controlled and managed by EnterpriseAlumni on behalf of the System/Platform Manager. 

11. To ensure a minimum level of security Galaxy Alumni service passwords are technically enforced as follows where possible (any exceptions will be cited in the main RMADS document): 

a. Passwords must be complex, (minimum of 8 alpha numeric characters, or other complexity criteria). 

b. Passwords will expire after 90 days;

c. User entry will display * in place of each typed character of the password;

d. System will prevent printing of passwords;

e. A password protected Screen Saver shall be automatically engaged after 30 minutes of inactivity of the terminal

Storage and Media Management

12. Users will not have any access to the actual service Storage Facilities and/or Media Management opportunities as the service is SaaS.

Acceptable Use and Monitoring

13. Users are not to tamper with the security settings or attempt to access information which they are not authorised to view.  Use of the Galaxy Alumni service is, and will continue to be, subject to monitoring. Users are advised that system logs are checked on a regular basis in order to detect unauthorised or suspicious system and security events.

14. Care is to be taken to ensure that sensitive information (e.g., personal data/information in the context of the service) is not overseen by visitors, cleaners, or other unauthorised personnel.

Incident Management & Reporting Security Breaches

15. All Users have a duty to report security issues. In particular users are to be vigilant for actual or potential security breaches, which could include:

a. Compromise of user passwords;

b. Corruption of information;

c. Non-availability of information or services;

d. Loss or compromise of information or services.

16. All potential or actual breaches of security are to be reported to the RAFP PS Section at the earliest available opportunity. RAFP PS Staff will forward significant security issues to the Air WARP.