HomeMy WebLinkAbout20090316 - VI-03MEMORANDUM
TO: Honorable Mayor and City Councilmember's
FROM: Dave Osberg, City Administrator
DATE: March 12, 2009
SUBJECT: IT Policy Amendment
RECOMMENDED CITY COUNCIL ACTION
It is recommended by the members of the Public Safety Committee that the full City
Council take action approving the following amendment to the IT Policy for the City of
Hastings:
19. Policy Violation. Violation of the provisions of this policy may result in disciplinary
action which may include suspension of some or all computer usage privileges, and other
forms of progressive discipline as outlined in the City Employee Handbook, up to and
including dismissal. No emplo e~ may use any of their own private equipment such as
personal laps, PDA's, cell phones in any manner while working as a City of Hastings
employee that would violate the sections of this Information Technolog~y or any
other policy of the City of Hastings. Conducting_personal business while workin re ular
scheduled hours is a violation of Chapter 7, Section C. of the City's Personnel Policy and
violations will be subject to possible discipline.
BACKGROUND
On Tuesday February 17, 2009 Public Safety Committee members Danna Elling Schultz,
Joe Balsanek and Tony Nelson conducted a meeting to review the attached IT Policy.
There was agreement from the Committee members that a modest change in the policy
was needed to assure any employees who might periodically use their own personal
equipment such as laptops or cell phones, conduct themselves in a manner that is
consistent with and in compliance with the IT policy. Thus, the members of the Public
Safety Committee are in agreement that the policy should be amended as above.
City of Hastings
Employee Handbook
Appendix III
Information Technology Policy
1. Purposo-The City of Hastings supports and encourages the use of technology to increase efficiency,
reduce redundancy, and provide more effective service to the public. Because by nature information
technology, including computer systems, the Internet, a-mail, etc. is constantly changing, this policy is
not intended to cover every possible situation regarding information technology, but to express the
City of Hastings' general expectations regarding the use of City equipment and technology.
2. Applicability-This policy covers all City employees as well as any person(s) acting on behalf of the
City in a temporary capacity (on-call, temporary, seasonal employees, consultants, volunteers,
independent contractors, etc.), and will be referred to as "Users" throughout this policy.
City Ownership-The City's computer systems, including the hardware, software, peripheral
equipment, and all data stored on the systems, including but not limited to incoming and outgoing e-
mails, faxes, and other data are and remain at all times the property of the City of Hastings, not
individuals or individual departments, whether the systems are owned, rented, leased, or borrowed by
the City of Hastings for City use. The City retains the right to access, read, copy, alter, or destroy any
of this property at its discretion. The City also reserves the right to monitor the use of any City
equipment at any time. The only exception to this is in the case of personally purchased PDA's.
4. Hardware, Software and/or Peripheral Equipment-All hardware, software, and any peripheral
equipment shall be purchased through, installed, moved, configured or reconfigured only by the IT
Department. The IT Department will be responsible for installing all cabling, both in walls and
between jacks and devices. Users are prohibited from purchasing and installing equipment,
downloading or installing any software, including personal software.
5. Portable Systems-Some Users maybe assigned portable systems, such as laptop computers. Users
are expected to provide reasonable protection against theft, loss, environmental damage, and other
damage. Users are required to comply with all City records management and computer policies when
using City equipment, regardless of their location. Any loss or damage to City equipment should be
reported immediately to their supervisor and the IT Department.
Some Users may use mobile devices. In order to ensure compliance with current operating systems,
Users must receive prior approval from the department head and IT before any mobile device
associated software is installed on a workstation.
6. Configuration-Users may not change their system's setup files or take other steps to defeat virus
protection devices or systems. Users who believe their setup files are not configured correctly should
contact IT staff for assistance. Individual employees are responsible for verifying that disks used or
received from outside computers are scanned for viruses prior to their use in City computers.
Appendix III:
Information Technology Poli
City of Hastings Employee Handbook
Paee 2 of 4
7. Security
a. Passwords-All computers will have password protection and data may be encrypted to
protect data and information from unauthorized users. The City reserves the right to override
passwords and codes at any time. Use of a password does not make data, files, or information
private. Appropriate measures should be taken to secure passwords. The user is ultimately
responsible for data on their computer and messages sent via their account. By using City
equipment, all users consent to any monitoring that may occur by authorized City of Hastings
employees or designees.
b. The City uses strong passwords with the following specifications:
i. Minimum of at least eight, non-repeating, non-sequential letters, numbers, and
symbols;
ii. Will automatically be changed every 180 days;
iii. Must not have been previously used in the last four password rotations
c. Users may not attempt to breach computer or network security measures in any way.
d. Users should not leave computers logged in and unattended where they may be viewed or
accessed by any unauthorized persons. Users will be automatically logged off the system after
8 hours of inactivity.
e. No internal or external a-mail or other electronic communications may be sent which attempts
to hide the identity of the sender, or represent the sender as someone else or being from
another organization.
f Users may not connect to the City's network without prior authorization from the IT. This
includes mobile devices.
g. The City of Hastings IT and Administration departments will determine on a case-by-case
basis whether and under what circumstances outside vendors will have remote access to the
City's system for troubleshooting, maintenance, etc.
8. Copyrights-The City and its employees are required to abide by the federal copyright laws and to
abide by all such licensing agreements. Employees may only use software on local area networks or
on multiple machines according to the license agreements, including any trial and shareware
applications.
9. Intellectual Property-The City retains ownership over all intellectual property developed as a result
of a Users work for the City of Hastings. Intellectual property includes, but is not limited to works,
ideas, discoveries, and inventions.
10. Public Data-Any information that is created, sent, received or stored in the electronic media system,
including messages, is to be considered public information in compliance with Minnesota Data
Practices Act. While some data may accommodate the use of passwords for security, confidentiality
cannot be guaranteed. Messages may be reviewed by someone other than the intended recipient.
Employees should not have any expectation of privacy with regards to the computer that they use and
the associated equipment.
11. Storage of Data-All public, non-public, and private data that the City is required to retain in
compliance with the Minnesota Data Practices Act must be saved on network servers. Data stored on
a workstation's hard drive (the "C" drive) is not backed up and the process of re-configuring
Appendix III: City of Hastings Employee Handbook
Information Technology Policy Page 3 of 4
workstations may at any time result in the loss of data stored on the workstation's hard drive. Users
may keep personal, non-business data only on their workstation (usually the "C" drive) and not on the
City servers. Personal files may be kept only if they do not interfere with job performance or with the
operation of the workstation, and only if they do not jeopardize the workstation drive capacity.
Personal data is the responsibility of the user. The IT Department does not back up a workstation's
hard drive, and the process of re-configuring workstations may at any time result in the loss of data
stored on the workstation's hard drive.
a. Electronic messages are subject to the Minnesota Data Practices Act. The content of the
message determines whether an a-mail is public or private/non-public data. It is the
responsibility of the employee sending a-mails to determine whether the content is public or
private/non-public data.
b. When an a-mail has been determined to contain public or non-public/private information
which must be retained, the a-mail and any attachments must be retained in order to document
the transaction. Therefore, all public a-mails must be saved on the City's network, scanned
into the document management system, or printed out and filed as a hard copy.
12. Permitted Use-The computer network and all associated equipment is the property of the City of
Hastings and is to be used for legitimate business purposes. Users are provided access to the computer
network to assist them in the performance of their jobs. All users have a responsibility to use the
City's computer resources in a professional, lawful, and ethical manner and any use must be able to
withstand public scrutiny without embarrassment to the City.
13. Prohibited Use
a. The City's computer network and equipment may not be used:
i. To disseminate, view or store commercial or personal advertisements, solicitations,
chain letters, promotions, destructive code (viruses, etc.)
ii. For outside business or commercial activities for personal gain, personal sale of
goods and/or services or inquiries for such items,
iii. For political activity,
iv. For illegal and/or questionable queries or transmissions,
v. For transmission or viewing of sexually explicit or harassing or threatening
communication or materials,
vi. For instant messaging, accessing web mail (AOL, Hotmail, other personal accounts)
or
vii. Any other use deemed questionable, inappropriate, or for an unauthorized purpose by
the City.
b. Users are prohibited from:
i. Reconfiguring, deleting or otherwise tampering with City files, be they data or
operating files and regardless of where they are located is strictly prohibited.
ii. Downloading or forwarding personal mail to City e-mail system. Users are
prohibited from signing up for non-business related listservs, groups, etc.
iii. Downloading from the Internet without prior approval from the IT.
iv. "Streaming" live information (such as music, movies, stock tickers, news feeds) from
the Internet, unless a clear business reason exists.
v. Engaging in online chat groups,
r
Appendix III: City of Hastings Employee Handbook
Information Technology Policy Page 4 of 4
vi. Uploading or download large files or saving large quantities ofnon-business-related
data,
vii. Spend excessive time on the Internet for non-business-related uses.
14. Internet & E-Mail Access-Not all employees will be granted access to the Internet and/or e-mail.
Users are responsible for complying with the provisions of this policy and using the Internet in a
responsible, legal, productive and ethical manner.
15. Personal Use-Users are expected to use good judgment in their responsible and reasonable use of
the City' s technology. The City may monitor and/or record Internet and e-mails, and reserves the right
to do so at any time.
16. Separation from Employment/Leave of Absence-In all cases following separation from
employment and in some cases during an extended leave of absence, Users will not continue to have
access to the City's system. Users are responsible for canceling listserv memberships and notifying
applicable sources of the pending separation.
17. Reporting Inappropriate Use-Users should notify their immediate supervisor, the IT Director, the
City Administrator or Assistant City Administrator upon learning of any inappropriate use as defined
in this policy.
18. Disclaimer-The City is not responsible for any inappropriate material viewed or downloaded by
Users. Users are responsible for complying with the provisions of this policy.
19. Policy Violation-Violation of any of the provisions of this policy may result in disciplinary action
which may include suspension of some or all computer usage privileges, and other forms of
progressive discipline as outlined in the City Employee Handbook, up to and including dismissal.