Web Site Policy
Definitions of Terms
NA - Narcotics Anonymous.
NAWS - NA World Services. http://na.org
Area - Registered NA Areas within the Australian Region.
ARSC - The Australian Regional Service Committee of NA as represented by the elected RCMs.
Entity - Person, Company or other Organisation
FSO - Fellowship Service Office http://fso.com.au
Groups - Registered NA Groups within the Australian Region.
ITS - Information Technology Subcommittee of the ARSC.
Member - As defined in the 3rd Tradition of NA.
RCM - Regional Committee Member
Region - The Australian Region of NA.
Traditions - The Twelve Traditions of NA.
User - Web site manager or content publisher.
Web Site - http://na.org.au
Web Servant(s) - User or Administrator of the Web Site, usually members of the ITS.
General Principles
The Traditions will always be the final word in all matters pertaining to this web site
The Web Site is an instrument of an official service body of NA and as such is completely bound by the Traditions.
This Web Site is the property of the Groups
In all matters pertaining to the operation of this Web Site, the final decision rests with the Groups. The ARSC may appoint trusted servants to run and design the Web Site, but the Groups may override any decision pertinent to the Web Site.
That being said, it is impossible to run a web site without allowing the maintainers of the Web Site a great deal of latitude and autonomy. It is expected that the Groups will carefully choose these servants, and allow them this freedom. It is also expected that these trusted servants will always keep in mind that they are caretakers of a public trust.
All content used on the Web Site must be either free of any copyright, or the ARSC must have perpetual rights to it
This means that all images, code (HTML/JavaScript/PHP/Perl, etc.,) and content (text, etc.) must either belong to the ARSC, or the ARSC should have complete and perpetual rights to display or use this material.
Absolutely nothing is to be posted unless it is known to pass the above test. In addition, the Web Site cannot be used for any purpose other than to directly serve the Groups. All work done by trusted servants on this Web Site, or by outside enterprises (contractors, designers, etc.,) is considered the property of the Groups.
Any code and/or content that is not explicitly the property of the ARSC must be properly licensed, or permission to use or display it must be explicitly received and verified. Copies of all such permissions must be kept by the ARSC.
The provenance of all materials used in this site must be clearly established. The ITS must ensure that all content has been received from an appropriate source.
The owners and authors of the Web Site are considered to be the ARSC
No individual or entity can take credit for this site. All content and contributions, paid or voluntary are considered to be wholly owned by the ARSC.
To be absolutely specific: There may be no links to this site from any external entity claiming authorship.
The ARSC cannot control links from other sites, which may include rehabilitation centers, Web standards bodies, search engines, etc., however, the ARSC must insist that no claim of authorship, ownership or endorsement be made upon this Web Site by any external party.
The site Privacy Policy must be treated as an Australian Regional Policy
The Privacy Policy of this Web Site should be subjected to review by the Groups and ratified by the ARSC.
The Privacy Policy cannot be changed by the ITS.
Specific Policies
No individual can take credit for the Web Site
The Web Site is a tool to serve the Groups. In order to reduce the risk of Tradition violation or loss of primary focus, it is our strict policy that no individual, whether a Member, or contractor, may claim authorship of this site. Members may discuss the roles that individuals have in the construction and maintenance of the Web Site, but those discussions should stay within NA and certainly not be broadcast publicly.
To make it perfectly clear: No Entity other than the ARSC may claim ownership of the Web Site, and no content should ever be published on the Web Site, that establishes any external claim of authorship, ownership or endorsement.
Any major change to the Web Site must be ratified by the Groups through the ARSC
Small changes, such as maintenance, bug fixing, adding news and the meetings list updates are considered the normal duties of the Web Servants.
Major changes include, but are not limited to:
- The Web Site hosting agreement.
- The overall “look and feel” of the Web Site.
- The printable meeting lists format.
Major changes to the Web Site shall be made at the behest of the Groups through the ARSC
The ITS and Web Servants cannot make major changes to the Web Site without approval, unless they are directed to do so by the Groups .
Remember that this is the property of the Groups of the Australian Region. The Webmaster has considerable power to make changes or to refuse to make changes, but they must always abide by the wishes of the Groups of the Australian Region (as represented via their trusted servants in the existing service structure of the Regional Service Committee.)
The Groups of the Australian Region (as represented via their trusted servants in the existing service structure of the Regional Service Committee) will determine the mechanism for making decisions about this site. That mechanism is beyond this policy. However, this policy does state that the persons running the site MUST respect and abide by that mechanism, regardless of their personal opinions and/or beliefs.
Passwords and Access
The Web Site requires several passwords. These passwords need to be stored safely and changed regularly.
These passwords are the principal means of accessing the Web Site and are critical assets. These passwords should only be given to persons with a justifiable need to know. In addition, anyone given these passwords may not to pass them on to any other party, except by explicit consent of the ARSC.
Roles
The following roles are covered by this policy:
Domain Administrator
This is the registered name and password that controls ownership of the na.org.au domain itself.
Of all the passwords this is the most vital and should be kept most closely guarded and its details known by no less than two highly trusted Members and only as many other people as is abolutely necessary.
This password should be all of that is needed to make changes to all the domain names controlled by the ARSC.
Site Hosting Administrator
Control panel access to the Web Site, including email account management, FTP access, file management, software installation, SSH access, statistic reporting and domain redirections etc.
Database Administrator
Controls the MySQL database which stores the Web Site configuration, content and other information.
Web Site Administrator
Full access to all content related functions of the Web Site, including control of all users and other administrators.
Content Managers or Publishers
The Web Site Administrator has the ability to grant back end access to other Users. These persons may be content Managers or Publishers. Each of these people has the right to change their own password and not have that password known by the Web Site Administrator, but the Master Administrator retains the power to reset these passwords.
The Web Site Administrator is responsible for keeping close track of the individual Users, and ensuring that they are assigned correctly.
The Master Administrator shall only reveal a new password for an individual administrator to duly appointed representatives of the ARSC or Area service Members.
Security and Protection
For the passwords under the direct control of the Australian Region an escrow system must be established.
Escrow
All the passwords must be stored in an encrypted archive. This archive should be of a format readily decrypted with freely available tools.
The encrypted password archive should be stored on some persistent media along with instructions for decryption and the contact details of the person with the password. Do not store the password with the archive.
The archive password should be printed, and then all electronic copies should be deleted.
The archive itself should be given to one officer of the FSO and an officer of ARSC, and the password should be given to another officer the ARSC. Each should be sealed in an envelope that will indicate tampering.
The ARSC is responsible for determining the persons to whom the archive is given and should determine procedures for auditing the escrow.
Password Lifetimes
The passwords may be changed at the discretion of the ITS but should be changed at least yearly.
Whenever passwords are changed, the escrow copy must also be updated, the FSO must be notified that the passwords have been changed, and the new escrow must be presented to the current nominated persons.
Strength of passwords
Passwords should be a minimum of six (6) characters in length, may not be in any language’s dictionary, and should not be repeated, unless required to be by the software used.
External Links
All links to pages not on the same domain as this site, i.e. not part of the Web Site, should be opened in a new page.
Links to pages within this site should be resolved by replacing the current page with the new page.
Great care should be taken when linking to other sites. In most cases, Web Servants should not create links to external sites, but there are some cases in which it is best we do so, for example, in order to refer visitors to the NAWS site, the Adobe Reader site, or some standards sites. Any external link may easily be construed as an endorsement and Web Servants must be extremely careful to keep the Traditions in mind at all times.
Badging
Th Web Site should not display any “badges,” which are icons displayed in order to indicate compliance with standards, or use of certain software. Badges are endorsements, pure and simple. We cannot endorse any outside enterprise, even nonprofit standards bodies. In any case, a badge should not be required in order to comply with a standard. We can be W3C-compliant without displaying the W3C badge.
We should also not license any software or content that requires a badge or outside link. If we cannot negotiate a deal that allows us to use the content without the endorsement, then we cannot use the content. This is not negotiable. The only exception is that, in some cases, we may have to publish a plain text URL or bibliographical reference to an external source to provide credit of authorship, as long as we are given clear and unambiguous permission to use the content.