3.02.012_Use of City IT Systems PolicyCITY OF ROHNERT PARK
CITY MANAGER ADMINISTRATIVE POLICY
SUBJECT/TITLE: POLICY NO: APPROVAL DATE:
USE OF CITY INFORMATION TECHNOLOGY (IT)
SYSTEMS AND RESOURCES
3.02.012 09/01/2023
Page 1 of 5
1. PURPOSE The purpose of this policy is to define the appropriate uses of the City of Rohnert Park's ("City's") Information Technology (IT) systems and resources. These include, but are not limited to computers, software, networking resources, any online information services, the internet, electronic mail systems (email), voicemail, facsimile, telephones, mobile phones, and other mobile devices along with all applications and data files within such systems. This document, as well as all other policies, rules, and regulations will direct city employees in the use of the City's IT systems and resources.
2. SCOPE This policy applies to all individuals using City of Rohnert Park IT systems and resources, including, but not limited to, employees, City Councilmembers, City Board and Commission members, contractors, volunteers, and interns. The City of Rohnert Park provides information technology systems and resources for City business related purposes. All systems and resources as described under “Purpose” above are the property of the City. At its discretion, the City may enter, search, and review these systems used by any individual utilizing the system without prior notice or consent.
Only hardware or software approved by the IT Operations Manager or designee may
be purchased, installed, and/or used on City equipment, data network, and systems. City Employees and authorized parties may access, use, or share proprietary information only to the extent it is necessary to fulfill their assigned job duties with limited exceptions noted below. Prohibited uses of City IT systems and resources include, but are not limited to: 1. Illegal activities as defined by local, state, or federal law, including but not limited to, copyright law; 2. Unauthorized copying of material including, but not limited to, digitization and distribution of photographs, documents, books, copyrighted documents, music, and software; 3. Activities for personal financial gain; 4. Intentionally disrupting network traffic or crashing the network and connected systems (e.g., sabotage or intentionally planting a computer virus); 5. Unauthorized access to others’ files or vandalizing the data of another user; 6. Sending emails using the City’s email communication system or the City’s archive system to an employee’s personal email account, unless required for city purposes
CITY OF ROHNERT PARK
CITY MANAGER ADMINISTRATIVE POLICY
SUBJECT/TITLE: POLICY NO: APPROVAL DATE:
USE OF CITY INFORMATION TECHNOLOGY (IT)
SYSTEMS AND RESOURCES
3.02.012 09/01/2023
Page 2 of 5
and expressly pre-authorized by an employee’s supervisor, as such emails are solely the property of the City; 7. Forging email messages; 8. Computer games. Limited personal use of IT system and resources is allowed, provided that no use of the City's electronic media shall: a) Impair the City's business or the individual’s performance; b) Commit any illegal act; c) Violate the City's anti-harassment policy; d) Result in private gain or advantage for the individual (such as conducting business related to economic interests outside of City employment/business); or e) Express political opinions or conduct union business except when an individual is acting in an official capacity to represent an employee unit. Employees may use City computer resources after normal business hours for educational purposes with the prior written approval of the City Manager or designee.
Access to Information Technology (IT) Systems and Resources Supervisors and managers have the authority to inspect any IT systems and resources of their subordinates in the course of their supervisory responsibilities. The IT department shall extract stored messages, files, or other material when requested to do so by authorized supervisory personnel.
File Storage Most electronic files are stored on the City’s network drives and backed up regularly. Some files contain personal or other information with separate specialized storage. Employees should use the type of storage specified by their department’s policies or direction of their supervisor.
E-mail Retention Emails retained in the course and scope of City business are public records subject to disclosure pursuant to the Public Records Act (PRA). Unless exemptions apply, emails, any attachments and replies are subject to disclosure, and neither the sender nor any recipients should have any expectation of privacy regarding the contents of such communications.
CITY OF ROHNERT PARK
CITY MANAGER ADMINISTRATIVE POLICY
SUBJECT/TITLE: POLICY NO: APPROVAL DATE:
USE OF CITY INFORMATION TECHNOLOGY (IT)
SYSTEMS AND RESOURCES
3.02.012 09/01/2023
Page 3 of 5
The City stores emails in two ways. The first is on the email communication system used regularly by employees. The second is on an outside archive system. Emails are retained in the City’s archive system in accordance with the Council-approved City’s Retention Schedule found by clicking here and are automatically removed from the email communication system at such time. Emails eligible for destruction may be permanently deleted from the archive once the proper destruction authorization is obtained from the City Manager, City Attorney, and City Clerk. Email communications that need to be kept longer than two years should be stored appropriately outside the City’s email communication system.
Computer viruses, malware and spam 1. All computers issued by the City of Rohnert Park must use the antivirus software installed and configured by the IT department. All individuals utilizing the system are prohibited from disabling or tampering with the installed antivirus software unless authorized by the IT department. 2. Any device that connects to the City must have a current antivirus installed and running at all times. The antivirus software must be configured to automatically clean and remove an infected file or to quarantine the infected file if the automatic cleaning is not possible. The antivirus software must be configured to automatically update itself on a regular basis. Scans for viruses on the device must occur without user intervention on a regular basis. On the systems where this is not possible, individuals utilizing the system are responsible to contact the IT helpdesk regularly to initiate the scan and update the software to protect against the latest threats. 3. All incoming emails to the City are scanned for viruses, malware and spam. Emails that poses a risk to the City are blocked to the extent feasible. However, no security software is 100% effective, so individuals utilizing the system must exercise appropriate caution when opening emails or attachments. 4. All individuals utilizing the system are advised to never open or download any files or macros nor click a link attached to an email from unknown, suspicious or untrustworthy sources or even from a known source but received in an unexpected manner. Delete such attachments immediately and notify the IT department. 5. External websites that are known sources of computer viruses and malware are blocked. However, no security software is 100% effective, so all individuals utilizing the system must exercise appropriate caution when accessing external websites. 6. When any individual utilizing the system suspects that their IT systems or resources are infected with a virus or other malicious software, they must report it immediately to the IT Helpdesk.
CITY OF ROHNERT PARK
CITY MANAGER ADMINISTRATIVE POLICY
SUBJECT/TITLE: POLICY NO: APPROVAL DATE:
USE OF CITY INFORMATION TECHNOLOGY (IT)
SYSTEMS AND RESOURCES
3.02.012 09/01/2023
Page 4 of 5
7. When a computer system is determined to be infected with the virus or other malicious software, that system must be blocked and removed from the City network until an IT technician has verified that the system is virus-free. 8. All individuals utilizing the system are required to participate in City Cyber Security training administered by the IT Department.
Dissemination of Policy All individuals utilizing the system, including but not limited to, employees, City Councilmembers, City Board and Commission members, contractors, volunteers, and interns, shall be provided a copy of this policy.
1. COMPLIANCE The IT Department will verify compliance to this policy through various methods, including but not limited to business tool reports, internal and external audits.
2. RELATED STANDARDS, POLICIES AND PROCESSES 1. Non-Discrimination and Anti-Harassment Policy 2. Record Retention Policy
REVISION HISTORY:
Approved 10/16/2020
Revised 09/01/2023
Supersedes Policy No. It-Ext-010
CITY OF ROHNERT PARK
CITY MANAGER ADMINISTRATIVE POLICY
SUBJECT/TITLE: POLICY NO: APPROVAL DATE:
USE OF CITY INFORMATION TECHNOLOGY (IT)
SYSTEMS AND RESOURCES
3.02.012 09/01/2023
Page 5 of 5
I acknowledge I have received a copy of the City of Rohnert Park Use of City Information Technology Systems (IT) and Resources Policy. I acknowledge that I have read, understand, and agree to comply with this policy. ______________________ ________________________ ___________________ Employees Name Employee Signature Date Signed