(A) Intentions. The intentions for publishing an acceptable use policy are not to impose restrictions contrary to city’s established culture of openness, trust, and integrity. It is, however, to establish the city’s commitment to protecting its employees, partners, and itself from illegal or damaging actions by individuals, either knowingly or unknowingly.
(1) Internet/intranet-related systems, including, but not necessarily limited to, computer equipment, software, operating systems, storage media, network accounts, electronic mail, WWW browsing, FTP, cellular phones, pagers, radios, and any other electronic processing equipment are the property of the city. These systems are to be used for business purposes in serving the interests of the city and its constituents in the course of normal operations.
(2) Effective security is a team effort involving the participation and support of every city employee and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct his or her activities accordingly.
(B) Acceptable use and ownership. City information technology should only be used for conducting productive city business. Employees may access the city’s network system remotely from a home computer, smart phone, or other compatible devices, provided he or she is authorized by the Information Technology Department, and comply with all applicable security procedures. Information accessed via home computers and other compatible devices are subject to federal and state laws and regulations, this policy, and other company rules.
(1) While the city network administration desires to provide a reasonable level of privacy, users should be aware that the data he or she creates on the corporate systems remains the property of city. Because of the need to protect the city network, management cannot guarantee the confidentiality of personal information stored on any network device belonging to city.
(2) Authorized individuals within the city may monitor equipment, systems, and network traffic at any time for security, assistance, and network maintenance purposes.
(3) The city reserves the light to audit networks and systems on a periodic basis to ensure compliance with this policy.
(4) The city’s computer network is the property of the city and is to be used for legitimate business purposes. Users are provided access to the computer network to assist him or her in the performance of his or her jobs. Additionally, certain users may also be provided with access to the internet through the computer network. All users have a responsibility to use the city’s computer resources and the internet in a professional, lawful, and ethical manner. Abuse of the computer network or the internet may result in disciplinary action, including possible termination, and civil and/or criminal liability.
(5) To ensure security, avoid the spread of viruses and malware, and to maintain the city’s internet usage policies or acceptable use policies, employees may only access the internet through a computer attached to the city’s network and approved internet firewall or other security device(s). Bypassing the city’s computer network security by accessing the internet directly by personal connections, such as, but not limited to, cellular networks, Wifi, wireless routers, modems, proxy avoidance techniques, or by any other means is strictly prohibited.
(6) Files obtained from sources outside the city, including disks, flash drives, files downloaded from the internet, newsgroups, bulletin boards, or other online services; files attached to email; and files provided by customers or vendors, may contain dangerous computer viruses that may damage the city’s computer network. Users should never download files from the internet, accept email attachments from outsiders, or use disks from non-city sources without first scanning the material with the Information Technology Department-approved virus checking software. Employees who suspect that a virus has been introduced into the city’s network should notify the Information Technology Department immediately.
(C) Security and proprietary information.
(1) Expectation of privacy. Employees are given computers and internet access to assist them in the performance of their jobs. Employees should have no expectation of privacy in anything he or she creates, stores, posts, sends, or receives using the city’s technology equipment. The computer network is the property of the city and may be used only for city purposes.
(2) Waiver of privacy rights. Users expressly waive any right of privacy in anything he or she creates, stores, posts, sends, or receives using the city’s computer equipment or internet access. Users consent to allow IT personnel access to and review of all materials he or she has created, stored, sent, or received through any city network or internet connection.
(3) Monitoring of computer and internet usage. The city has the right to monitor, log, and archive any and all aspects of its computer system, including, but not necessarily limited to, monitoring internet sites visited by users, monitoring chat and newsgroups, monitoring file downloads, and all communications sent and received by users via email, IM, and chat and social networking, and cellular phone calls and text messages.
(4) Blocking sites with inappropriate content. The city has the right to utilize hardware and software that makes it possible to identify and block access to internet sites containing sexually explicit or other material deemed inappropriate in the workplace.
(5) Blocking sites with non-productive content. The city has the right to utilize hardware and software that makes it possible to identify and block access to internet sites containing non-work-related content such as, but not necessarily limited to, drug abuse; hacking; illegal or unethical use or content; discrimination; violence; proxy avoidance; plagiarism; child abuse; alternative beliefs; adult materials; advocacy organizations; gambling; extremist groups; nudity and risque; pornography; tasteless; weapons; sexual content; sex education; alcohol; tobacco; lingerie and swimsuits; sports; hunting; war games; online gaming; freeware and software downloads; file sharing and offsite storage; streaming media; peer-to-peer file sharing; internet radio or TV; internet telephony; online shopping; malicious websites; phishing; spam; advertising; brokerage and trading; web-based personal email; entertainment; arts and culture; education; health and wellness; job search; medicine; news and media; social networking; political organizations; reference; religion; travel; personal vehicles; dynamic content; folklore; web chat; instant messaging or IM; newsgroups and message boards; digital postcards; education; real estate; restaurant or dining; personal websites or blogs; content servers; domain parking; personal privacy; finance and banking; search engines and portals; government and legal organizations; web hosting; secure sites; or web-based applications.
(D) Acceptable use.
(1) Individuals are required to keep network and email passwords secure and should not share accounts or passwords. Authorized users are responsible for the security of his or her passwords and accounts.
(2) All information systems (laptops, phones, workstations, and servers) may be secured with a password-protected screensaver with the automatic activation feature set at 15 minutes or less, by manual log-off or locking system (control-alt-delete) when system is unattended.
(3) All systems used and connected to the city network, whether owned by the employee, city, or consultant, shall be armed with approved virus-scanning software and current virus definitions. This includes situations where a virtual private network connection is established and a user gains access to city network resources.
(4) Employees should use caution when opening email attachments received from unknown senders, which may contain viruses, email bombs, or Trojan horse code. If uncertain, delete email or contact the City System Administrator.
(5) Occasional, limited appropriate personal use of the computer is permitted if such use does not:
(a) Interfere with the user’s or another employee’s job performance;
(b) Have an undue effect on the computer’s or city network’s performance; and
(c) Violate any other policies, provisions, guidelines, or standards of this agreement or any other of the city.
(E) Unacceptable use. The following activities are prohibited. If required, employees may be exempted from these restrictions during the course of his or her job responsibilities, following written approval from his or her department supervisor or the IT Director.
(1) Illegal activities. Under no circumstances is an employee of city authorized to engage in any activity that is illegal under local, state, or federal law, while utilizing a city-owned resource. The lists below are by no means all inclusive, but attempt to provide a framework for activities that fall into the category of unacceptable use.
(2) System and network activities.
(a) Violations of the rights of any person or company protected by copyright, patent, or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by the city.
(b) Use of unauthorized copying of copyrighted material, including, but not limited to, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which city or the end user does not have an active license, is strictly prohibited.
(c) Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, and the like).
(d) Malicious acts to delete or remove valuable city government information.
(e) Installing software on city computing devices operated within the city network. Software requests must first be approved by the requester’s manager, and then be made to the Information Technology Department in writing or via email.
(f) Revealing one’s account password to others or allowing use of one’s account by others.
(g) Using a city computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws.
(h) Making fraudulent offers of products, items, or services originating from any city account.
(i) Causing a security breach or a disruption of network communication. Breaches include, but are not limited to, accessing data of which the employee is not an intended recipient. “Disruption” includes, but is not necessarily limited to, network sniffing, port scanning, packet spoofing, denial of service attacks, and other malicious activities.
(j) Circumventing user authentication or security of any host, network, or account.
(k) Providing information about or lists of employees to parties outside of city staff.
(l) Using the city’s computer network to disseminate, view, or store commercial or personal advertisements, solicitations, promotions, destructive code (e.g., viruses, Trojan horse programs, and the like), or any other unauthorized materials.
(m) Illegally copying material protected under copyright law or making that material available to others for copying. Employees are responsible for complying with copyright law and applicable licenses that may apply to software, files, graphics, documents, messages, and other material he or she wishes to download or copy. Employees may not agree to a license or download any material for which a registration fee is charged without first obtaining the express written permission of his or her supervisor.
(n) Attempting to access or accessing another user’s account, private files, or email, or misrepresenting oneself as another individual in electronic communication.
(o) At all times, users are responsible for the professional, ethical, and lawful use of the computer system. Personal use of any device is a privilege that may be revoked at any time.
(p) To install software, upgrade hardware, attach unauthorized hardware or media, or change configurations on computers, networks, or systems.
(q) To attempt to power down or up any server or network device.
(r) To stream audio, video, or real-time applications (such as stock ticker, weather monitoring, internet radio, or streaming video).
(s) To give any subcontractor, consultant, or other non-employee access to the city’s information technology without express consent.
(t) To knowingly introduce worms, viruses, or other malicious programs into the network or server.
(u) To engage in personal business activity.
(v) To attempt to test, modify, circumvent, or defeat security or auditing systems of the city or any other organization without prior authorization.
(3) Email and communications activities.
(a) Sending unsolicited email messages, including “junk mail”, spam, or chain letters, as well as advertising material to individuals who did not request such material.
(b) Any form of harassment via email, telephone, or paging, whether through language, frequency, or size of messages.
(c) Solicitation of email for any other email address, other than that of the poster’s account, with the intent to harass or to collect replies.
(d) Personal use of email account, including:
1. Registering for personal sites or services whereby the account receives messages that are not utilized for city use; and
2. Communication with other entities outside of the city that is unrelated to city business.
(4) Blogging.
(a) Unless it is in the course of business duties, posting to newsgroups or blogging from a city email address should contain a disclaimer, stating that the opinions expressed are strictly those of the employee and not necessarily those of the city.
(b) Blogging by employees, whether using the city IT systems or personal computer, is also subject to the terms and restrictions set forth in this policy. Posting should be done in a professional and responsible manner that is not detrimental to city’s best interests, and does not interfere with an employee’s regular work duties.
(c) Employees are prohibited from revealing any confidential or proprietary information, trade secrets, or any other material as covered by the city confidentiality policy.
(d) Employees are prohibited from making any discriminatory, disparaging, defamatory, or harassing comments when blogging or engaging in any conduct prohibited by the city.
(e) Employees may also not attribute personal statements, opinions, or beliefs to the city when engaged in blogging. If an employee is expressing his or her beliefs and/or opinions in blogs, the employee may not, expressly or implicitly, represent himself or herself as an employee or representative of the city. Employees assume any and all risks associated with blogging.
(f) Apart from following all laws pertaining to the handling and disclosure of copyrighted or export-controlled materials, city trademarks, logos, and any other intellectual property may also not be used in connection with any blogging activity.
(5) Frivolous use. Computer resources are limited. Network bandwidth and storage capacity have finite limits, and all users connected to the network have a responsibility to conserve these resources. As such, users must not deliberately perform acts that waste computer resources or unfairly monopolize resources to the exclusion of others. Any files/documents found to be in violation may be removed by the information technology staff without notification at any time. These acts include, but are not necessarily limited to:
(a) Sending mass mailings or chain letters;
(b) Spending excessive amounts of time on the internet, playing games, engaging in online chat groups, or other social media;
(c) Uploading or downloading large files;
(d) Accessing streaming audio and/or video files or otherwise creating unnecessary loads on network traffic associated with non-business-related uses of the internet; and
(e) Storing personal pictures, music, or videos on the city’s servers.
(F) Portable electronics.
(1) Cellular phones. Cellular phones are the property of the city and are loaned to employees to conduct city business. The equipment, minutes, applications, and air time are all purchased by the city and therefore must not be abused for personal use. The following list outlines unacceptable cellular phone usage:
(a) Personal calls made or received on a city-issued cell phone must be kept to a minimum;
(b) Exchanging excessive personal text messages or instant messages during work hours;
(c) Installing applications or other software on the device without express approval from the Information Technology Department;
(d) Utilizing video, music, pictures, and internet for any activities not related to city business;
(e) Transferring personal calls and number to the city-issued phone; and
(f) Any expense, such as purchasing apps, music, messaging, or excess personal use, that results in additional expenses in city billing statements will be expected to be paid by the employee.
(2) Laptops. Laptops and portable devices owned by the city may be issued by the Information Technology Department. Since they are mobile and may connect to various other networks, it is the user’s responsibility to securely utilize the device and verify the virus definitions are up-to-date. The use of laptops improves convenience so that the user may perform city-related business outside of his or her designated office area. All internet browsing and use must be in accordance with acceptable use policy. Only the employee may use the equipment and shall not allow contractors, friends, relatives, or others to use the device without the consent of the employee’s supervisor.
(3) Tablets. Devices such as tablets, iPads, and the like must be used in accordance with the acceptable use policy.
(G) Enforcement. Any employee found to have violated this policy may be subject to disciplinary action, which may include termination of employment.