HomeMy WebLinkAboutTechnology Policy
C
Technology Policy
Updated November 2016
City of Prior Lake Technology Policy
Page 2
Introduction
Section 1: Purpose
1.1 The purpose of this policy is to set standards to protect the City of Prior Lake’s
(“City”) information technology systems and equipment (“IT Systems”) from
business interruption, unauthorized access, and inappropriate usage and to
maintain appropriate security.
1.2 IT Systems include but are not limited to City computers, e-mail, printers, software,
laptops/notebooks/iPad and smart phones.
1.3 IT Systems are property of the City. The City reserves the right to inspect, without
notice, all data, emails, files, settings or any other aspect of the IT Systems,
including personal information, as determined by the City Manager.
1.4 In addition to this policy, the Information Technology Coordinator (“IT
Coordinator”) may distribute additional information which shall automatically be
considered part of this policy.
1.5 This policy is an appendix of the City’s Personnel Policy. As such, administering
and updating this policy is the responsibility of the City Manager.
Section 2: Responsibility
2.1 All users of IT Systems (“Users”) are responsible for knowing and following the
guidance and directives in this policy and related communications.
2.2 Supervisors are responsible for ensuring the appropriate use of IT Systems and to
take disciplinary action as outlined in the City’s Personnel Policy when
appropriate.
2.3 All Users are expected to protect and properly maintain IT Systems from harm,
damage, unauthorized access or theft by adhering to this policy.
2.4 Users are expected to uphold the highest ethical standards as set forth in the
Personnel Policy while using IT Systems.
2.5 All Users have a responsibility to protect electronic data and follow proper data
practices protocols as directed by the Minnesota Government Data Practices
Act (“MGDPA”). Users are expected to manage data in IT Systems in
accordance with the MGDPA, including saving, filing and disposing of data per
MGDPA requirements and the City’s retention schedule.
City of Prior Lake Technology Policy
Page 3
Section 3: Privacy
As a government agency, the City is subject to public disclosure laws. All files and
documents, including personal messages and Internet logs located on City IT Systems,
are owned by the City and may be subject to open records requests under the law.
Users of IT Systems should have no expectation of privacy.
Information Technology Usage
Section 4: Personal Use
4.1 The City recognizes that some personal use of IT Systems will occur. Reasonable
personal use is allowed but should never preempt or interfere with work.
4.2 Personal use of IT Systems shall adhere to provisions in this policy, including the
following:
IT Systems shall not be used for personal business interests, for-profit ventures,
political activities, or other uses deemed to be inconsistent with City activities.
Users shall not connect personal peripheral tools or equipment (such as
printers, digital cameras, disks, USB drives, or flash cards) to IT Systems, without
prior approval from the IT Coordinator.
Personal files should not be stored on IT Systems.
No personal media files, including but not limited to mp3 files, wav files, movie
files, iTunes, or any other file created by copying a music CD, DVD, or files
from the Internet, is allowed. The IT Coordinator will delete these types of files
if found on IT Systems.
Only City employees and authorized agents may use IT Systems.
Personal use of IT Systems should occur only after regular business hours, over
lunch or while on break.
4.3 Violations of this section and/or excessive use of IT Systems for personal reasons
are grounds for discipline.
Section 5: Acquisition and Licensing
5.1 The City will generally provide the IT Systems required for an employee or
authorized agent to perform his/her job duties. Requests for new or updated IT
Systems should be made to your supervisor, who will forward the request to the IT
Coordinator. The IT Coordinator must approve all requests prior to acquisition to
ensure consistency with the design and architecture of the IT Systems.
5.2 Only City employees and authorized agents may use IT Systems. Use of IT Systems
by family members, friends, or others is prohibited.
City of Prior Lake Technology Policy
Page 4
5.3 To ensure licensing compliancy, all software must be approved and purchased
by the IT Coordinator and licensed to the City.
5.4 Any information developed or introduced to an IT System by a User is property of
the City.
5.5 Users are required to abide by software and documentation copyright laws and
licensing agreements. At no time should any User make copies of City-owned
software. To prove legal ownership of software, the City must have the original
media and manuals stored on City property. The IT Coordinator may periodically
check for software that may be in violation of this policy.
Section 6: Installation, Downloads and Configuration
6.1 Only software applications required for official City business are allowed and
supported on the IT Systems. Users shall not download or install any software on
the IT Systems. Exceptions may be made for staff with unique duties, but this
requires advanced approval by the department head and the IT Coordinator.
6.2 The IT Coordinator may, without notice, remove any unauthorized programs or
software, equipment, downloads, or other resources.
6.3 No User is allowed to modify hardware or software configurations. No User is
allowed to change the computer setup or configuration files. Customizing a
computer should be limited to items that only affect appearance such as
wallpaper, screen savers, icons, toolbars, colors, etc.
6.4 City-owned software may not be loaded onto personal equipment unless there
is prior approval by the department head and the IT Coordinator.
Section 7: Personal Devices
City employees or authorized agents may choose to use their own equipment to read
or compose email or other City data. Employees and authorized agents understand
that by connecting their personal equipment to the IT Systems, their personal devices
could be searched during an e-discovery or other court-ordered scenario and agree to
grant access to their personal devices should such a situation arise.
Section 8: Email and Electronic Calendars
8.1 The City provides an email address for work-related use. Some personal use of
the City email system is allowed, provided it does not interfere with an employee
or authorized agent’s work and is consistent with all City policies.
8.2 All data and emails (including those that are personal in nature) may be
considered public data for both e-discovery and information requests and may
not be protected by privacy laws.
City of Prior Lake Technology Policy
Page 5
8.3 Email may be traced and/or monitored as directed by authorized staff and
without notice to the User.
8.4 Users must adhere to these email guidelines:
Never transmit an email that you would not want your supervisor, other
employees, residents, city officials, or the media to read or publish.
Use caution or avoid corresponding by email on confidential
communications (e.g., letters of reprimand, correspondence with attorneys,
medical information).
Do not open email attachments or links from an unknown sender. Delete junk
or “spam” email without opening it if possible. Do not respond to unknown
senders.
Do not use harassing or offensive language or images or any other remarks,
including insensitive language or derogatory, offensive, or insulting comments
or jokes.
8.5 E-mail is intended as a medium of communication, not for information storage;
therefore, e-mail should not be used for the long-term storage or permanent
storage of official City records or information. Email that constitutes an official
record of City business must be kept in accordance with all records retention
requirements and should be copied to the network for storage.
8.6 All City email will be automatically purged after 180 days. City email is not
backed up. City staff is responsible for the appropriate archiving of emails that
are government data under the MGDPA.
8.7 The City retains the right to use management software to eliminate the delivery
of junk e-mail, including e-mails that contain profanity, sexual content or adult
content.
8.8 A shared calendar environment is provided as part of the City’s email software
program. All employees are required to keep their electronic calendar up to
date.
Section 9: Data Retention
9.1 Under the provisions of the Minnesota Data Practices Act, all data stored on IT
Systems is considered to be owned by the City and for the most part is public
data subject to the provisions of the Act. All electronic data should be stored
and retained in accordance with the City’s records retention schedule. Users are
responsible for deleting outdated files that are no longer needed to comply with
the City’s retention schedule.
9.2 All electronic files must be stored on network drives in order for the information to
be backed up on a regular basis. The City will not back up documents stored on
City of Prior Lake Technology Policy
Page 6
local computer hard drives and has no responsibility for recovery of documents
on local computer hard drives should they fail. Files may be temporarily stored on
a laptop hard drive when traveling/offsite; however, the files should be copied to
network as soon as possible.
9.3 Electronic files, including emails and business-related materials created on
personal equipment for City business, shall be transferred to and stored on the
City’s network. City-related files shall not be stored on personal equipment, unless
otherwise specified in this policy.
9.4 Electronic files or emails that may be classified as protected or private
information should be stored in a location on the City’s network that is properly
secured. Any files considered private or confidential should not be stored
anywhere other than the City’s network.
9.5 The IT Coordinator backs up all data (excluding email) stored on the network to
a local device which is replicated at night to an offsite location. Data is backed
up three times a day, which is retained for 21 days, daily which is retained for four
weeks, and weekly which is retained for six months. The offsite retention removes
backups after one year. Police squad video and interview room video is backed
up to external USB drives once a week and is retained for two weeks.
Workstations and other devices are not backed up.
9.6 Any data stored on a computer local drive is the responsibility of the User. The IT
Coordinator will not recover or copy this data in the event of a hard drive failure,
change in personnel or when hardware is replaced.
Section 10: Internet
10.1 All Users are authorized to access the Internet. Internet filters are in place using a
firewall hardware device which is designed to keep individuals from accessing
inappropriate materials.
10.2 Reasonable personal use of the Internet is permitted, but unnecessary network
traffic should be minimized. Personal Internet use should never interfere with City
business or work assignments. Users may not at any time access inappropriate
sites, except when necessary for a job assignment and approved in advance by
the person’s supervisor (generally restricted to police investigative work). Some
examples of inappropriate sites include but are not limited to adult
entertainment, sexually explicit material, or material advocating intolerance of
other people, races, or religions. If you are unsure whether a site may include
inappropriate information, you should not visit it.
10.3 If a User’s use of the Internet compromises the integrity of the City’s network, the
IT Coordinator may restrict that User’s access to the Internet.
City of Prior Lake Technology Policy
Page 7
10.4 The City may monitor or restrict a User’s use of the Internet without prior notice.
Use of the Internet through IT Systems is a privilege which may be revoked at any
time.
Section 11: Intranet
The City’s Intranet website, Splash, is an internal website for use exclusively by
employees and authorized agents. The site is accessible through web browsers using a
City computer. Employees and authorized agents are the primary audience for
information on Splash, and it serves as a resource on policies, forms, benefits, calendars
and other important information. Content is monitored by the Executive Assistant.
Added content, other than calendar information, must be pre-approved by the IT
Coordinator and Executive Assistant. Departments may use Splash to share and edit
documents and for other collaborative purposes.
Section 12: Prohibited Use
Use of IT Systems is strictly prohibited at all times:
For illegal or unethical activities
For personal profit or commercial activities
For any other public office or employment which is incompatible with City
employment responsibilities
For wagering, betting, or selling chances
For harassing, intimidating or bullying others
For email blasts to all staff or other constituencies for non-work related purposes
For political or religious activities.
Information Technology Security
Section 13: General Security
13.1 Users are expected to provide reasonable security to their computer workstations
and related IT equipment. This includes ensuring that passwords are not written
down in accessible places, removable media is kept in a secure area, and
confidential data is not displayed in such a manner that unauthorized persons
may view it.
13.2 Users are responsible for the proper use and care of IT Systems. IT Systems must be
secured while off City premises. Do not leave IT Systems in an unlocked vehicle or
unattended at any offsite facility. IT Systems should not be exposed to extreme
temperature or humidity.
City of Prior Lake Technology Policy
Page 8
Section14: Logins and Passwords
14.1 All Users must use and maintain unique IT issued login IDs for computer and
network-related access. Login IDs are not to be shared with others and
passwords must remain confidential.
14.2 Appropriate access shall be assigned by the IT Coordinator to each user ID. All
Users must use passwords. If a User forgets his/her password or suspects that the
password security has been compromised, he/she should contact the IT
Coordinator to be issued a new one.
14.3 Users are responsible for maintaining passwords and must adhere to these
guidelines:
Passwords must be at least seven characters long and include at least three
of the following: lowercase character; uppercase character; and a number
or non-alpha-numeric character (e.g., *, &, %, etc.). (Example: J0yfu11y!).
If it is necessary to access another employee’s computer when he/she is
absent, contact your supervisor. The IT Coordinator will not provide access to
employee accounts without approval of the department head.
Passwords should not be stored in any location on or near the computer.
Users must change passwords every 180 days when prompted, or on another
schedule as determined by the IT Coordinator.
14.4 Users should log off computer workstations when absent for an extended time.
Users may “lock” their workstation for shorter absences. At the end of the day,
the workstation shall be shut down and the monitor powered off unless otherwise
directed by the IT Coordinator.
Section 15: Network Access
15.1 Unauthorized wireless access into the IT Systems is strictly prohibited. Users may
not attempt to scan, connect to or install any wireless computing device on City
equipment or property. Wireless access must be authorized and configured by
the IT Coordinator.
15.2 Personal equipment used in the City’s buildings should only use the wireless
connection to the Internet. Under no circumstances should any personal
equipment be connected to the IT Systems via a network cable.
15.3 Personal equipment may not be connected to the City’s network without prior
approval of the IT Coordinator.
15.4 Through coordination with the Administration Department’s exiting employee
process, the IT Coordinator is informed of an employee’s last day and all network
and building access are disabled by close of business that day.
City of Prior Lake Technology Policy
Page 9
Section 16: Remote Access to the Network
16.1 Remote access is defined as the ability to connect to a computer or network
from a distance, such as from home, hotel, coffee shop, conference, etc. Note
that checking email is not the same as accessing the City server remotely. All
remote users are subject to the rules set forth in this policy.
16.2 Remote access to the IT Systems requires a request from a supervisor and
approval from the IT Coordinator. Remote access may be granted if the request
is business-related. Remote access privileges may be revoked at any time.
16.3 No one but the authorized User may have access to the remote connection.
16.4 Recreational use of remote connections is not allowed.
16.5 Private or confidential data should not be transmitted over an unsecured wireless
connection. Wireless connections include those over cellular networks and
wireless access points, regardless of the technology used to connect.
16.6 Storing of business related information on a personal computer creates an
extension of the City’s network. Anything stored on that computer may be
subject to public data requests.
Section 17: Virus Protection
All IT Systems must be protected from viruses using up-to-date antivirus software. Users
may not alter the system’s configuration or take other steps to defeat virus protection
devices or systems. All files on removable media must be scanned for viruses prior to
installation onto or access from IT Systems. Any files suspected or known to contain
viruses must be immediately reported to the IT Coordinator.
Information Technology Emergency
Section 18: Emergency Response Plan
18.1 The IT Coordinator is primarily responsible for the incident response in the event of
an emergency. The IT Coordinator will assess the situation and make a
recommendation to the City Manager on the appropriate response to the
situation. The City Manager shall take appropriate action, including the hiring of
external consultants, and determine if City Council action is required.
18.2 Each City department head is responsible for developing a business continuity
plan that includes the following:
Identification of sensitive data and systems that are most at risk
City of Prior Lake Technology Policy
Page 10
Critical services that must continue in the event of a network outage
Strategies and procedures that allow critical services to function
Key customers and stakeholders that need to be informed of outage
Non-computer tasks for staff
Prioritization of systems and specific workstations for resolution
Each department shall work to the best of its ability to provide continuation of
service to the public.
18.3 The City Manager will determine the communications strategy for the public and
elected officials. Staff should refrain from talking specifically about any incident
to the public until the situation has been resolved.
18.4 After departments have exhausted all work opportunities and upon approval by
the City Manager, employees may use vacation leave during a computer-
related work stoppage.