Code & package load

Safe management of user code and package requests is essential to maintaining a safe environment. The below provides guidance on the safe access and management of code and package loads by distinguishing the role of SEAD administrators from the ABS, in actioning these requests from users. SEAD users are not able to load code or packages themselves, this responsibility sits with administrators (both from the pod owner agency and ABS) as per SEAD security protocols.

References to ‘code’ throughout this section include libraries, compiled code, packages and their dependencies. Code from the ABS administered Shared Library (library drive) which holds a large volume of approved code from all primary software languages available (R, Python, STATA, SAS) is accessible to all users of the system.

Table 1 shows the ABS endorsed repositories (CRAN, Conda, Pypi, ideas) SEAD administrators can load requested packages from. These are endorsed based on their approach to security scanning, moderation, version control, vetting and are recognised as low risk to introducing malware to the system. Any code from these or simple self-written produced code can be loaded by SEAD administrators to project folders through Azure Storage Explorer. Ensure where possible there are no executables or malware present.

In order to maintain system security and integrity, SEAD administrators cannot load code from alternative repositories as outlined in Table 1, or directly from a researcher that has not been published or curated. These requests must be approved by the ABS via the sead.support@abs.gov.au address. Ensure the request contains a valid business case and is consistent with the software request template below.

Table 1. Code Management Responsibilities

NOTE: As of August 2023 v37 system release, in addition to the existing Python packages available through the Anaconda distribution and Shared Library. Python package management has been incorporated into the existing R Posit Package Manager, please consult ABS for requested additions or for further information.

To request additional software, please populate the Software Request Template on the SEAD contact us webpage and return it to sead.support@abs.gov.au.

Each request to ABS will be considered on a case by case basis. Despite the closed network cloud based nature of SEAD, this procedure will ensure efficient, safe and repeatable procedures in undertaking these loads in the case of potentially harmful malware/data contained in the code. 

Focusing on the Safe Settings aspect of the Five Safes, the following are seen as appropriate mitigation measures by SEAD administrators against key risks in regard to loading code and code packages:

• Utilising advised package repositories where possible (refer to the above table)
• Appropriate vetting and escalation, and clear roles (ensuring no executables, appropriate dependencies)
• Closed network system (SEADpod), Microsoft, and organisational firewalls
• Compensating Safe People controls

Software is not to be provided/or attempted to be loaded (i.e. Winmerge, Winzip, Excel or other executable file types such .exe files) until a software assessment is undertaken and prioritised amongst existing SEAD development work with the ABS, based on the business justification and benefit to broader user group (timing dependent on available resources). The user/client can be informed an assessment process is required and they will be informed if their software is rolled out.