We’ve been testing ojs for some time and now thinking about running a journal in anger; our central IT service has asked for some information on confidentiality of account information and policy on removing user accounts. In addition they are not happy that passwords are sent in plain text… I have sent the reply below, is this accurate and would anyone be able to point me at any similar policy examples?
Account information is confidential and will only be accessible by the system administrator and Journal manager which is likely to be limited to a small number of colleagues in the Library.
The policy on user accounts will need to be formalised but we will delete accounts if requested to do so
We have full control over system generated email so I am able to remove the plain text pword from the registration email for example