image_print

Last Updated on 6 March 2023 by policychair

Created by NA Policy, last modified on Mar 14, 2021

Policy on the NA Australia website

 

General principles

  • the website is an instrument of an official service body of Narcotics Anonymous. As such, it is completely bound by the Twelve Traditions of NA. The Twelve Traditions of Narcotics Anonymous will always be the final word in all matters pertaining to the NA Australia website
  • the website is the property of the Groups of the Australian region of NA. In all matters pertaining to the operation of this website, the final decision is made by Groups through their RCMs. They may appoint trusted servants to run and design the site, but the groups have the right to supercede any decisions made by these servants. That being said, it is impossible to run a website without allowing the IT Subcommittee autonomy. It is expected that Groups will carefully choose these servants, and allow them the freedom to serve, keeping in mind they are caretakers of a public trust
  • all materials used in the website must be completely free and clear of any claims outside of the Australian region of NA. This includes all images, code (HTML, JavaScript, PHP, etc) and content (text, images, etc) must either belong to the Australian region of NA, or the region will have complete and perpetual rights to display and/or use the material
  • absolutely nothing is to posted unless it passes the above test, of being completely free and clear of any claims.
  • the purpose of the website is to directly serve the Groups of the Australian region of NA. it cannot be used for any other purpose
  • all work done by trusted servants, or by outside contractors or enterprises, is considered the property of the Groups of the Australian region of NA
  • provenance of all materials used in this site must be established. This means we can’t just use something because “so and so says so”. We must ensure the image or other material has been received from an appropriate source. Any code or content that is not explicitly the property of the region must be properly licensed, or permission to display must be explicitly received, verified, and documented
  • the authors of the site are considered to be the Australian region of Narcotics Anonymous. No individual or entity can take credit for the site. All work is considered a donation, or paid work is considered wholly owned by the NA Australia region. There can be no links on this site from any other entity than NA Australia
  • we cannot and should not attempt to control links to our site from other sites. These may include links on sites of rehabilitation centres, web standards bodies, search engines, etc. However, we must insist that no claims be made upon this website of authorship, endorsement, or ownership, as per the Twelve Traditions of NA
  • the site’s privacy policy must be treated as Australian. The privacy policy of this website must be considered a regional policy and should be subjected to review and ratification by Groups of the Australian region, via RCMs. It cannot be changed by the Subcommittee alone, as it affects all visitors.

 

Major changes to the NA Australia website need to be ratified or approved by the Groups of the Australian region, through their RCMs in the group conscience of the Australian Regional Service Committee (ARSC). This means major changes will be tabled as a motion in new business for the next upcoming ARSC Meeting.

The Webmaster is obliged to heed the direction of the Groups of NA Australia.

Major changes include

  • changing the hosting environment
  • changing the overall look and feel of the site
  • changing the format of the printable meeting lists

Minor changes, such as maintenance, bug fixing, basic site changes, and administering the calendar and meetings lists are considered the standard day-to-day duties of the IT Subcommittee.

Passwords and access

Web server and FTP (File Transfer Protocol) access

This is the principal manner by which the web server is accessed. Files are sent to the server for display through the FTP, and multiple webmasters can share files this way as well.

Web server SSH/Telnet

This is command line access to the web server. Using this access, the webmaster/s can manipulate server settings, change access permissions to files, and control repetitive timed events, such as nightly indexing for the web pages.

Domain name administration

This is a control panel for access to the registered domain names for the site. These password details are all that are necessary to make changes to all of the domain names controlled by the Australian region.

Mail server administrator

The internet service provider (ISP) will allow us to establish 25 POP email accounts, and an unlimited number of forwarders and aliases (will redirect to other accounts). These are all controlled by a postmaster account. The password for this account should not be changed without approval of Groups of the ARSC.

Master administrator

This is the administrator that has full access to all functions of the website, including control of all users and other administrators.

Administrators – assigned by the Master administrator

These are members of the IT Subcommittee, and they may change their own password and not have that password known by the Master administrator, but the Master administrator may change it at any time, at their discretion.

The Master administrator shall only reveal a new password for an individual administrator to duly appointed representatives of the ARSC or service entity to whom that admin is assigned.

Password Escrow and term

For the passwords under the direct control of the Australian region, an escrow (third party holding system) must be established

Password storage and encryption – all passwords must be stored in a password-encrypted archive. This archive should be of a format readily decrypted with freely available tools. There are several methods available, and this is up to the discretion of the IT Subcommittee.

The encrypted password archive should be stored on some persistent media, e.g. a CD. It should be stored with instructions for decrypting but without the archive password.

The archive password should be printed on a sheet of paper, and then all electronic copies should be deleted.

The archive itself should be given to an officer of the Fellowship Service Office (FSO) and an officer of the ARSC, and the password should be given to another member of the ARSC. Each should be sealed in an envelope that would indicate tampering.

The ARSC is responsible for determining the persons receiving the escrow, and should determine procedures for auditing these.

Changing passwords – passwords should be changed, at minimum, once per year, and the escrow updated accordingly. They may be changed at the discretion of the IT Subcommittee or the ARSC.

Whenever passwords are changed, the escrow must be updated and the FSO notified. The new escrow must be presented to the members responsible for its elements and their storage.

Password composition – passwords should be a minimum of six (6) characters in length, and should not contain repeating patterns of characters, unless it is required they be the same as another, for example FTP and SSH passwords must often be the same.

All links to pages not on the same domain, that is, not on the Australian site, should open in a new page. Links to pages within this site should open by replacing the current page with the new page.

Great care needs to be taken linking with other sites. We may refer users to the NA World Services (NAWS) site, the Adobe Reader site, or some standards sites, directly relevant to using the NA Australian website. An external link may be misconstrued as an endorsement, so consideration of the Twelve Traditions is necessary.

Badging

The website should not display any badges. Badges are icons displayed to indicate compliance with standards, or use of certain software. They are, however, endorsements. We cannot endorse any outside enterprise. A badge should not be required, to comply with a standard. For example, we can be W3C-compliant (World Wide Web Consortium – ensures accessibility of web content) without displaying a W3C badge.

We should not licence any software that requires the use of a badge or outside link. If this is non-negotiable then we cannot use the software.

The only exception to this is that, in some cases, we may need a non-live URL (not functioning as a link) or bibliographical reference to an external source to credit authorship, as long as we are given clear and unambiguous permission to use that content.

Inclusion of meetings on the meeting lists

There are six points describing an NA Group, at the beginning of the “Group” chapter in A Guide to Local Services in Narcotics Anonymous. This is on page 59. This addresses the question “What is an NA Meeting?”

The publication called Institutional Group Guide addresses the question “What is an NA Group?” on page 1. This is also addressed on pages 26-27 of A Guide to Local Services in Narcotics Anonymous, The Group Booklet page 2.

A Guide to Local Services in Narcotics Anonymous, The Group Booklet page 4 addresses specialised NA Groups.

A Guide to Local Services in Narcotics Anonymous pages 28-29, The Group Booklet page 5 addresses Who can be a member?”