16.00.250 TECHNOLOGY RESOURCE USAGE (CALEA 11.4.4)
NOTICE: There is no right to privacy in an employee’s use of City technology resources.
This policy applies to members of the Bellevue Police Officers Guild and the Bellevue Police Managers Association only. Other bargaining units within the Police Department elected to abide by City of Bellevue IT policy at Technology Usage Policy.
The City owns all data stored on its network and systems (including e-mail, and Internet usage logs) and reserves the right to inspect and monitor any and all such communications at any time to ensure compliance to this policy, with or without notice to the employee. The City may conduct random and requested audits of employee accounts to investigate suspicious activities that could be harmful to the organization, to assist Departments in evaluating performance issues and concerns, and to identify productivity or related issues that need additional educational focus within the City. Internet and e-mail communications may be subject to public disclosure and the rules of discovery in the event of a lawsuit. The City’s Internet connection and usage is subject to monitoring at any time with or without notice to the employee.
The following policy defines appropriate use of the City of Bellevue network, computers, all related peripherals, software, electronic communications, and Internet access, regardless of the means used to access the system.
Employees violating this policy may be subject to disciplinary action up to and including termination in accordance with their collective bargaining agreement.
1 Internet/Intranet Usage
1.1 This technology usage agreement outlines appropriate use of the Internet/Intranet. Usage should be focused on business-related tasks. Personal use is allowed but there is no right to privacy in an employee’s use of the Internet/Intranet. Personal use should be limited to personal break time.
1.2 Use of the Internet, as with use of all technology resources, should conform to all City policies and work rules. Filtering software will be actively used by the City to preclude access to inappropriate web sites unless specific exemptions are granted as a requirement of work duties (e.g., police have the ability to access sites on criminal activity, weapons etc…). Attempts to alter or bypass filtering mechanisms are prohibited.
1.3 Except for police related purposes, intentionally visiting or otherwise accessing the following sites is prohibited:
a. “adult” or sexually-oriented web sites,
b. sites advocating hate crimes, or violence
c. Internet chat rooms and interactive website communication (voice and audio streaming and instant messaging
d. personal dating sites
1.4 . Activities on Internet chat rooms, blogs and interactive website communication sites are electronically associated with City network addresses and accounts that can be easily traced back to the City of Bellevue. Comments made during the course of business use shall be reflective of Bellevue Police Department policy.
2 E-Mail Usage
2.1 E-mail content is subject to public disclosure, therefore, email content should be written with this in mind.
2.2 Employees are should try to check their e-mail each workday and comply with IT capacity limits. Messages should be stored to an alternative location (F drive or back-up disk or appropriate case or personnel file). Ordinary business correspondence has a two-year retention period. If e-mail relates to a specific case or personnel issue the e-mail should be placed in the appropriate case or personnel file for retention. Personal e-mail should not be retained in the City system.
2.3 Use of the “Everyone_COB” distribution list is restricted to the City Manager’s Office, Department Directors and their specific designees. Under no circumstances should an employee intentionally “Reply to All” to an Everyone_COB message.
2.4 The City provides staff access to and support of the Exchange/Outlook messaging (e-mail) system. Access or usage of any other messaging systems is not allowed unless it is web based. Subject to the personal use limitations explained above, staff may access web-based personal email but should not open or download personal documents or attachments from these sites. Staff may not install client based software for internet service on city equipment. Examples: AOL, Instant Messaging
2.5 Users should be attentive to emails that have unusual or questionable subject lines to mitigate spam, phishing and script born viruses that come into the network through email attachments or by clicking on links that lead to hostile web sites. If you suspect phishing or script born viruses in email attachments immediately contact the support desk.
2.6 Except for police related purposes, the use of e-mail to intentionally send or solicit the receipt of inappropriate content such as sexually oriented materials, hate mail, content that a reasonable person would view as obscene, harassing or threatening and having no lawful purpose is prohibited.
2.8 The incidental personal use of e-mail from a City account to express opinions or views other than those reflective of City policy must contain the following disclaimer: “the contents of this electronic mail message do not necessarily reflect the official views of the elected officials or citizens of the City of Bellevue.”
3 User Accounts
3.1 ITD must authorize all access to central computer systems. Each user is responsible for establishing and maintaining a password that meets City requirements. http://cobnet/it/Security/SecurityPWInfo.htm The unauthorized use of another person’s account or attempt to capture other users’ passwords is prohibited. The unauthorized use of your account should be immediately reported to your supervisor and ITD.
4 Network Access and Usage
The Information Technology Department (ITD) must approve connecting devices to the City’s network. This includes PCs, network hubs and switches, printers, handhelds, scanners, remote connections, and wireless or wired devices.
4.1 Use of wired or wireless modems on the City’s network requires written approval from ITD. Approved devices with wired modems must be disconnected from the network prior to using the modem.
4.2 Personal software or devices may not be loaded or attached to any City-owned equipment without written authorization by a designated department manager and by ITD. The use of personal routers and wireless access points on the city network is not allowed.
4.3 Knowingly exploiting or attempting to exploit into any vulnerability in any application or network security is prohibited. Sharing of internal information to others that facilitates their exploitation of a vulnerability in any application or network security is also prohibited. It is also prohibited to knowingly propagate any kind of spy ware, DOS, or virus onto the City network or computers. If you encounter or observe vulnerability in any application or network security, report it to email@example.com immediately.
4.4 Obey the privacy and rules governing the use of any information accessible through the network, even if that information is not securely protected.
4.5 Knowingly disabling, altering, over-riding, turning off any mechanism put in place for the protection of the network and workstation environments is strictly forbidden.
4.6 Transmission, distribution, or storage of any information or materials in violation of federal, state or municipal law is prohibited. Software that is copyrighted or licensed may not be shared or illegally distributed. Copyright violations are federal offenses that may result in civil and criminal penalties to employees and the City of Bellevue.
4.7 Because of bandwidth limitations inherent in any network system, use of the City network to download non-business related information is prohibited. Examples include streaming video of baseball games, streaming audio of radio programs, MP3 files, and on-line games.
4.8 Access to the City’s network via VPN requires approval from ITD. VPN accounts will be audited on a monthly basis, and accounts inactive for 30 days will be deactivated unless an exception is granted by ITD. Reactivation of intermittently used VPN accounts for vendor support purposes will be accommodated upon request.
4.9 Remote access to the City’s applications via Citrix requires approval from the departmental ITGC representative and the application owner.
5 Definitions: (Courtesy of WebOpida.com)
5.1 Blog - Short for Web log, a Blog is a Web page that serves as a publicly accessible personal journal for an individual. Typically updated daily, blogs often reflect the personality of the author. Blogging is when one posts to a Blog.
5.2 DOS Attack– Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DOS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DOS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like viruses, new DOS attacks are constantly being dreamed up by hackers.
5.3 Electronic Communications - The transmission of data from one computer to another, or from one device to another. A communications device, therefore, is any machine that assists data transmission. For example, modems, cables, and ports are all communications devices. Communications software refers to programs that make it possible to transmit data.
5.4 Modems – A modem is a device or program that enables a computer to transmit data over, for example, telephone or cable lines. Computer information is stored digitally, whereas information transmitted over telephone lines is transmitted in the form of analog waves. A modem converts between these two forms. Modems can be wired or wireless.
5.5 Peripherals – A computer device, such as a CD-ROM drive or printer, that is not part of the essential computer, i.e., the memory and microprocessor. Peripheral devices can be external -- such as a mouse, keyboard, printer, monitor, external Zip drive or scanner -- or internal, such as a CD-ROM drive, CD-R drive or internal modem. Internal peripheral devices are often referred to as integrated peripherals.
5.6 Personal Devices - PDA (Personal Digital Assistant), smart phone. A handheld device that combines computing, telephone/fax, Internet and networking features. A typical PDA can function as a cellular phone, fax sender, Web browser and personal organizer. Unlike portable computers, most PDAs began as pen-based, using a stylus rather than a keyboard for input. This means that they also incorporated handwriting recognition features. Some PDAs can also react to voice input by using voice recognition technologies. PDAs of today are available in either a stylus or keyboard version.
5.7 Phishing - The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
5.8 Software - Computer instructions or data. Anything that can be stored electronically is software. The storage devices and display devices are hardware. The terms software and hardware are used as both nouns and adjectives. For example, you can say: "The problem lies in the software," meaning that there is a problem with the program or data, not with the computer itself. You can also say: "It's a software problem."
The distinction between software and hardware is sometimes confusing because they are so integrally linked. Clearly, when you purchase a program, you are buying software. But to buy the software, you need to buy the disk (hardware) on which the software is recorded.
Software is often divided into two categories:
systems software : Includes the operating system and all the utilities that enable the computer to function.
applications software : Includes programs that do real work for users. For example, word processors, spreadsheets, and database management systems fall under the category of applications software.
5.9 Spy ware - Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with Spyware. Once installed, the Spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of Spyware is to download certain peer-to-peer file swapping products that are available today.
5.10 VPN – Short for virtual private network, a network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. VPN is used by outside computers to connect to the City of Bellevue network.