[[PageOutline]] == Standard Operating Procedures == This page describes baseline policies that we use in our routine provision of services. Where possible, we try to comply with the [https://policy.sarava.org/policy/ Providers' Commitment for Privacy (PCP)]. Information is current as per the last edit in the [wiki:PublicProcedures?action=history history]. === Provision of virtual machines (VMs) === Wherever possible, we set up our infrastructure in a way that administrators of the Tachanka! collective have no access to the cryptographic keys of hosted virtual machines. Therefore, we have extremely limited knowledge about the data and the activities of our users. In cases where we are making backups, this applies to them as well. * We use a base layer of encryption on host servers. * Virtual machines have individualised block devices that employ a second layer of encryption. Consequently, these each require a separate, individual key. * We strongly encourage users of virtual machines to manage their own LUKS passphrases independently of the Tachanka! collective. * Users are informed about the technical setup of their working environments and, if required, supported in setting up appropriate encryption. Please note, there are some legacy systems or special cases in which the setup does not conform to this policy.