CLIMB Terms and Conditions

Version 3.1
Date published: 01 November 2025
Valid from: 01 December 2025

1. Introduction

These terms and conditions govern the contractual relationship between users and CLIMB cloud computing infrastructure. By using CLIMB, you agree to be bound by these terms and conditions and the CLIMB Acceptable Use Policy. If you do not agree to these terms and conditions, you may not use CLIMB.

2. Cross-Institutional Responsibilities

By using CLIMB, you are using computational resources under the responsibility of your own employer and systems hosted by our partner institutions (Quadram Institute Bioscience, University of Birmingham, and collaborating institutions). Therefore, you are bound by the acceptable use, security, and data management policies of all institutions involved in this process, with UK institutional policies taking precedence for compliance purposes.

3. User Categories and Access Framework

3.1 Primary Users (UK-based)

Primary Users must be UK-based and include:

• Salaried positions in UK academic institutions (.ac.uk email)
• UK government agencies (.gov.uk email)
• UK healthcare systems (.nhs.uk email)
• Independent researcher and/or team leader status
• Industrial users under approved agreements with CLIMB

 

Primary users may sponsor secondary users from any location, including international collaborators, and maintain full responsibility for their compliance with UK requirements.

3.2 Secondary Users

Secondary users work under the responsibility of a UK-based primary user and may include:

• Students, postdoctoral researchers, research staff and collaborators (UK and international)
• Industrial employees engaged in collaborative projects with UK-based primary users

3.3 Industrial Users

Industrial users access CLIMB through collaboration agreements. Terms and conditions for industrial access are defined in separate collaboration agreements that reference these general terms.

3.4 Access Package Framework

CLIMB provides access through justified packages, aligned with specific use cases:

Research Packages

• Support for funded research projects
• Multi-institutional collaborative research
• PhD and postdoctoral research activities
• International research collaboration

Training Packages

• Bioinformatics skills development
• Capacity building initiatives
• Workshops and tutorials

Surveillance Packages

• Public health surveillance activities
• Pathogen monitoring and analysis
• Emergency response capabilities
• Collaboration with public health agencies

Trial Packages

• Time-limited access for evaluation purposes or proof-of-concept activities
• Transition pathway to sustained access
• New user onboarding and assessment

3.5 Package Justification and Approval Process

Users requesting access packages must: clearly articulate the research, training, or surveillance need; demonstrate alignment with CLIMB’s microbial bioinformatics mission; specify the duration and scope of required access and identify the primary user.

4. Primary User Responsibilities

Primary users must:

• Register for accounts at https://bryn.climb.ac.uk/user/register/
• Nominate and take responsibility for secondary users
• Ensure proper resource management (terminate unused notebooks, manage storage)
• Maintain current contact details for themselves and secondary users
• Renew licenses according to specified schedules
• Remove secondary users who leave their teams
• Inform CLIMB management of changes in eligibility status

5. Service Provision

5.1 Service Portfolio

CLIMB provides three main service categories:

1. Jupyter Notebooks - Interactive computing environments
2. Graphics Processing Units (GPUs) - Accelerated computing resources
3. Storage - File Storage and S3 Object Storage

5.2        Package-Based Allocations

• Research Packages: Team set up with standard allocation: 14 vCPUs (8 CPU for notebooks, 6 for Nextflow, 500GB Team Shared Storage, 1TB S3 Storage).
• Training Packages: Set up of a dedicated team with 500GB Team Shared Storage and 1TB S3 Storage. Minimum package includes 10 notebooks (4 CPU or 8 CPU each).
• Surveillance Packages: Priority access for public health activities. Storage and computing capacity to be agreed on a case-by-case basis.
• Trial Packages: Designed for assessment and transition to full packages. Limited evaluation access: 10 CPUs, 500GB Team Share Storage, 500GB S3 Storage. Duration up to 4 months.

5.3 Paid Service Enhancements

• Additional compute (CPU or GPU) or storage resources beyond package allocations
• Custom configurations and specialised resources

5.4 Service Level Agreements

• Services provided on reasonable endeavours basis
• Paid users: enhanced service levels as specified in agreements
• Planned maintenance will be communicated in advance through official channels (Bryn dashboard)
• Priority support for emergency public health activities

6. Quotations and Billing

6.1 Quotation Validity

• Quotations are valid for 60 calendar days from issue
• Credits for cloud computing resources must be spent within 12 months and no refunds for unused credits after expiry

6.2 Payment Terms

• Payment terms as specified in individual invoices
• Access contingent on payment for paid services

7. Data Management and Security

7.1 Data Retention

• Data retained for license duration plus 3 months grace period
• No notification before deletion after grace period
• User responsible for external backup strategies

7.2 Security Requirements

• Strong password policies where passwords necessary
• Two factor authentication
• No sharing of credentials
• Immediate reporting of security incidents required

7.3 Data Protection

• User responsibility for data backup and security
• No guarantee against data loss
• Compliance with GDPR and relevant data protection legislation required
• Identifiable clinical data storage strictly prohibited

Users considering the collection, storage, or use of personal data must consult with their institutional Data Protection Officer before such activities commence and must follow proper registration procedures as required by their institution and applicable law. Failure to comply with Data Protection Act 2018 and GDPR requirements may result in service suspension and referral to institutional authorities.

8. Publication and Acknowledgement Requirements

All users must acknowledge CLIMB in pre-prints, peer-reviewed publications, conference presentations and posters, technical reports and white papers, grant applications citing CLIMB-supported preliminary data, theses and dissertation.

Standard acknowledgement text: This work was supported by the CLIMB infrastructure, operated by the Quadram Institute Bioscience and the University of Birmingham.

9. Liability and Disclaimers

9.1         Service Availability

CLIMB cannot guarantee continuous system availability. While planned maintenance will be scheduled and communicated in advance, emergency maintenance may occur without notice.

CLIMB assumes no responsibility for user data loss or system failures. External data backup is responsibility of the users.

9.2         Limitation of Liability

CLIMB’ liability is limited to direct costs of service provided.

Users are responsible for ensuring appropriate permissions for data, research and compliance with relevant laws and regulations.

Indemnification by users for third party claims arising from their use of CLIMB.

CLIMB does not accept liability for claims made by third parties arising from user application and use of data, information, or results obtained from CLIMB facilities. Users are solely responsible for the accuracy, legality, and appropriateness of their research outputs and any claims arising therefrom.

10. Support Services

10.1 Technical Support

• Ticket-based support via Bryn interface or support@climb.ac.uk 
• Documentation available at docs.climb.ac.uk

10.2 Support Scope

• Technical issues with platform functionality
• Guidance on appropriate usage and best practices
• Security incident response
• Limited research methodology support

11. Compliance and Enforcement

11.1 Policy Compliance

• Users must comply with CLIMB Acceptable Use Policy
• Institutional policies of all partner organisations apply
• Regular compliance monitoring and auditing
• Cooperation with institutional and legal authorities as required

11.2 Sanctions for Violations

• Minor breaches: Warning with compliance guidance
• Significant breaches: Temporary or permanent account suspension
• Serious violations: Referral to employers and/or law enforcement
• Reckless behaviour: Immediate termination without notice

In addition to sanctions outlined in the Acceptable Use Policy, CLIMB reserves the right to recover all reasonable costs incurred in investigating violations and restoring systems, including but not limited to: staff time for investigation and remediation; hardware replacement or repair; software license remediation; network security incident response; and legal or compliance consultation costs. Users found in violation may be personally liable for these costs.

11.3 No Liability for Sanctions

CLIMB assumes no responsibility for financial or reputational damage caused by sanctions resulting from policy violations.

12. Termination

12.1 User-Initiated Termination

• 30-day notice required for voluntary termination, unless specified differently in the agreement
• Data deletion upon termination
• No refunds for unused paid services

12.2 CLIMB-Initiated Termination

• Immediate termination for serious policy violations
• Termination of account at the end of package with 30-day grace period
• 90-day notice for service discontinuation

13. Intellectual Property

13.1 User Data and Results

• Users retain ownership of their data and research results
• CLIMB claims no intellectual property rights in user data
• Users responsible for respecting third-party intellectual property rights

All software and hardware licenses acquired for use on CLIMB must be registered with the relevant institution and, where appropriate, signed by authorised signatories within the appropriate organisational unit. 

13.2 Platform Technology

• CLIMB platform and associated technologies remain property of partner institutions
• Users granted limited license to use platform for permitted purposes only

14. Amendments and Updates

14.1 Terms Updates

• CLIMB reserves right to update terms with reasonable notice
• Continued use constitutes acceptance of updated terms
• Significant changes communicated through official channels

14.2 Service Changes

• Service specifications may change with advance notice
• Efforts made to minimise disruption to ongoing research
• Users notified of changes affecting their access or quotations

15. Dispute Resolution

15.1 Informal Resolution

• Initial disputes addressed through CLIMB support channels
• Good faith efforts to resolve issues collaboratively
• Escalation to institutional authorities where appropriate

15.2 Formal Procedures

• Serious disputes subject to relevant institutional procedures
• Jurisdiction determined by user's institutional affiliation
• Alternative dispute resolution preferred where possible

16. Questions and Clarifications

For questions about this policy, contact climb@quadram.ac.uk

 

CLIMB Acceptable Use Policy

Version 1.1
Date published: 01 November 2025
Valid from: 01 December 2025

1. Introduction and Scope

1.1 Purpose

This Acceptable Use Policy governs the use of CLIMB (Cloud Infrastructure for Microbial Bioinformatics), a specialised cloud computing platform designed for microbial bioinformatics research. CLIMB operates as a partnership between the Quadram Institute Bioscience (QIB) and the University of Birmingham, providing research computational resources and services to the UK and international microbial bioinformatics community. This policy applies to all users regardless of their institutional affiliation or user category.

1.2 Scope

This policy applies to all users of CLIMB services, including:

• Primary users (UK-based with institutional oversight responsibilities)
• Secondary users (including international collaborators under primary user responsibility)
• External researchers accessing CLIMB through research and service collaborations
• Industrial users under specific research and service collaboration agreements
• All persons accessing CLIMB resources through any access method regardless of their location or institutional affiliation

1.3 Compliance Framework

This policy should be read in conjunction with the CLIMB Terms and Conditions, which govern the contractual relationship, service provision, and operational aspects of CLIMB usage.

Users must comply with:

• This CLIMB Acceptable Use Policy
• CLIMB Terms and Conditions, which govern the contractual relationship, service provision, and operational aspects of CLIMB usage
• UK legislation including Data Protection Act 2018, GDPR, Computer Misuse Act 1990
• International laws applicable to their jurisdiction
• Specific terms of research collaboration agreements

2. Who Can Access CLIMB

2.1 Primary Users

Primary users must be UK-based and include:

• Staff with salaried positions in UK academic institutions (.ac.uk email)
• Staff in UK government agencies (.gov.uk email)
• Staff in UK healthcare systems (.nhs.uk email)
• Staff who have independent researcher status and/or team leadership responsibilities
• Industrial users under approved research collaboration agreements with CLIMB

Primary User responsibility

• Maintain eligibility throughout the access period
• Take full responsibility for all secondary users they sponsor
• Ensure compliance with UK institutional and legal requirements
• Serve as the primary point of contact for their team

2.2 Secondary Users

Secondary users work under the supervision and responsibility of a primary user and may include:

• PhD students and postdoctoral researchers (UK and international)
• Research technicians and bioinformaticians (UK and international)
• International collaborators and visiting researchers
• Industrial employees under collaboration agreements
• Researchers from international institutions engaged in collaborative projects with CLIMB

International Secondary User Framework:

• International secondary users must be sponsored by a UK-based primary user
• Primary user maintains full responsibility for international secondary user compliance
• Access is contingent on ongoing collaboration with the sponsoring primary user
• International users must comply with UK laws and institutional policies while using CLIMB

2.3 Research Collaboration Framework

External organisations may access CLIMB through formal research and service collaboration agreements, industry partnership programmes or approved training and capacity building initiatives.

International partnerships must comply with relevant data sovereignty and export control requirements.

3. Acceptable Uses

3.1 Primary Permitted Activities

CLIMB is provided primarily for:

• Microbial bioinformatics research and analysis
• Pathogen genomics and surveillance
• Public health genomics applications and emergency response activities
• Collaborative research projects between institutions
• Training and educational activities in bioinformatics
• Development and testing of bioinformatics tools and workflows

3.2 Research Collaboration Activities

Users may access CLIMB for:

• Multi-institutional research projects with clear academic objectives
• International research collaborations with appropriate oversight
• Industry-academic partnerships under approved agreements
• Capacity building and training initiatives
• Open science and reproducible research activities

3.3 Conditional Users

The following activities require prior approval from CLIMB management:

• Research activities outside the core microbial bioinformatics scope
• Large-scale computational projects that may impact other users
• Data sharing arrangements involving sensitive or restricted datasets
• Commercial research activities beyond established collaboration frameworks
• Activities involving export-controlled technologies or data

3.4 Academic Freedom

Nothing in this policy is intended to limit academic freedom. Research involving controversial or sensitive materials may be permitted with appropriate approval from institutional Research Governance, Ethics and Integrity Committees in consultation with CLIMB management, provided such research complies with legal requirements and institutional ethics frameworks.

4. Prohibited Uses

4.1 Strictly Prohibited Activities

Users must never:

• Use CLIMB for illegal activities or activities violating institutional policies, UK laws or relevant international laws
• Engage in hacking, unauthorized access, or security breaches
• Host, distribute, or create illicit or illegal media
• Conduct cryptocurrency mining or similar resource-intensive non-research activities
• Share access credentials with unauthorized individuals
• Attempt to compromise system security or stability
• Use the platform for purely commercial purposes without appropriate agreements

Users must not create, store, or transmit materials that may constitute or incite criminal activity related to terrorism, including encouraging terrorism, inviting support for proscribed terrorist organisations, or materials prohibited by the Terrorism Act 2006 or Counter-Terrorism and Security Act 2015.

4.2 Research Integrity Violations

Users must not:

• Engage in research misconduct including data fabrication or falsification
• Violate research ethics approvals or institutional review board requirements
• Infringe intellectual property rights, copyright, or licensing terms
• Misrepresent research findings, data ownership, or institutional affiliations
• Violate data sharing agreements or confidentiality requirements
• Fail to provide appropriate acknowledgement of CLIMB in publications

Users must not introduce any software or materials requiring a licence for which a valid licence is not in place. Users must take reasonable care to prevent illicit copying of licensed software and documentation.

4.3 Harmful or Offensive Content

Users must not create, store, or transmit:

• Content that violates laws regarding harassment, discrimination, or hate speech
• Defamatory, threatening, or offensive materials
• Malicious software, viruses, or security threats
• Unauthorised personal data or confidential information
• Materials that could harm CLIMB's reputation or that of partner institutions

When using CLIMB systems for communications or social media that reference CLIMB, users must: make clear they speak on their own behalf unless specifically authorised by CLIMB management; not damage CLIMB's reputation or that of partner institutions; not harass, bully, or discriminate against others; and not breach confidentiality, data protection, or intellectual property requirements.

Users must not use CLIMB systems to impersonate another individual, organisation, or entity, whether real or fictitious.

4.4 Clinical Data Restrictions

• Storing patient identifiable data is strictly prohibited
• Users must ensure appropriate de-identification of any health-related data
• Clinical research data must be de-identified and must comply with relevant ethics approvals and data protection regulations

5. User Responsibilities

5.1 Security Responsibilities

All users must:

• Use strong, unique passwords and enable two-factor authentication
• Report security incidents or suspected breaches immediately
• Keep access credentials confidential and secure
• Log out of systems when not in active use

5.2 Data Management Responsibilities

Users are responsible for:

• Classifying data appropriately and applying suitable protection measures
• Implementing adequate backup strategies for critical data
• Complying with data protection legislation (GDPR, national laws)
• Respecting data retention policies and license periods
• Obtaining necessary permissions for data sharing and collaboration

5.3 Resource Usage Responsibilities

Users must:

• Use computational resources efficiently and responsibly
• Avoid wasteful or excessive resource consumption that affects other users
• Follow guidance on appropriate resource allocation for different workloads
• Properly manage and clean up unused resources (notebooks, storage)
• Respect priority access arrangements for emergency response activities

5.4 Collaborative Responsibilities

Primary users must:

• Take responsibility for all secondary users they sponsor (including international users)
• Ensure secondary users understand and comply with this policy
• Maintain oversight of international users’ activities
• Remove access for secondary users who leave their teams or complete collaborations
• Keep contact information current for themselves and their team members
• Ensure compliance with UK institutional and legal requirements
• Inform CLIMB management of significant changes in eligibility or status

Users allocated CLIMB identifiers (userIDs, passwords, credentials) must make all reasonable efforts to maintain their confidentiality and integrity. Users must report any suspected breach of security immediately. Use of resources allocated to another user is prohibited unless specifically authorised by CLIMB management.

5.5 Acknowledgement Requirements

All users must acknowledge CLIMB in all publications, presentations and reports using CLIMB resources and notify CLIMB of publications arising from CLIMB-supported research.

6. International Collaboration Guidelines

All international access must be through UK-based primary users, who maintain legal and operational responsibility for international secondary users.

International users must comply with UK data protection requirements and cross-border data transfers must comply with relevant legal frameworks.

7. Monitoring and Compliance

7.1 Usage Monitoring

CLIMB administrators may monitor:

• System performance and resource utilisation patterns
• Compliance with usage policies and security requirements
• Network traffic for security threats and policy violations
• Data transfer activities for unusual or suspicious patterns

7.2 Investigation Authority

CLIMB reserves the right to:

• Investigate suspected policy violations or security incidents
• Access user data and communications for legitimate operational or security purposes
• Cooperate with institutional authorities and law enforcement as required by law
• Suspend access pending investigation of serious violations

Using CLIMB systems to commit violations against external systems (outside CLIMB) also constitutes a policy violation and may result in enforcement action.

8. Consequences of Policy Violations

8.1 Progressive Enforcement

Policy violations may result in:

• Warning: Documentation of violation with guidance for compliance
• Temporary Suspension: Short-term access restriction with conditions for restoration
• Package Termination: Removal of access package
• Account Termination: Permanent removal of access privileges
• Institutional Referral: Reporting to user's home institution for disciplinary action
• Legal Action: Referral to law enforcement for criminal activities

8.2 Factors Considered in Enforcement

• Severity and impact of the violation
• Intent (accidental vs. deliberate)
• User's response and cooperation
• History of previous violations
• Risk to system security or other users

8.3 Appeal Process

Users may appeal enforcement actions through:

• Initial review by CLIMB management team
• Escalation to institutional authorities where appropriate
• Independent review for serious sanctions

9. Policy Governance

9.1 Policy Authority

This policy is maintained by CLIMB management in consultation with:

• Partner institution information security teams
• Research governance and ethics committees
• User community representatives
• Legal and compliance advisors

9.2 Updates and Communication

• Policy updates will be communicated through official CLIMB channels
• Users will be notified of significant changes affecting their access or obligations
• Regular review ensures the policy remains current and effective

9.3 Questions and Clarifications

For questions about this policy, contact climb@quadram.ac.uk