HomeMy WebLinkAboutRES2023-072 Adopting Personnel Policy 2023-05 Computer Policy Sponsored by: Regis
CITY OF SEWARD,ALASKA
RESOLUTION 2023-072
A Resolution Of The City Council Of The City Of Seward, Alaska, Adopting
Personnel Policy #2023-05: Computer Use Policy
WHEREAS, Seward City Code 3.05.015 A.2. states the city council shall adopt all
personnel policies; and
WHEREAS,the city manager request the city council to adopt Personnel Policy #2023-
05; and
WHEREAS, Personnel Policy#2023-05 provides parameters concerning city computer
use; and
WHEREAS,the policy is applicable to all employees.
NOW,THEREFORE,BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF
SEWARD,ALASKA that:
Section 1. The Seward City Council adopts Personnel Policy#2023-05 in its entirety.
Section 2. This resolution shall take effect immediately upon adoption.
PASSED AND APPROVED by the City Council of the City of Seward, Alaska,this 26th day of
June, 2023.
THE CITY OF SEWARD, ALASKA
cs du. pi
Sue McClure,
AYES: Osenga, Finch, Barnwell,DeMoss, Calhoon, Wells, McClure
NOES: None
ABSENT: None
ABSTAIN: None
ATTEST: SE ���'
Kris Peck G =vo rFoN.+
City Clerk - ' AL ' •
• ' SE
(City Seal) —+--
,0,'•.'NE1,1c3,"`���
City Council Agenda Statement
Meeting Date: June 26, 2023
To: City Council
Through: Norm Regis, Acting City Manager
From: Tammy Nickell, Human Resources Manager
Subject: Resolution 2023-072: Adopting Personnel Policy #2023-05: Computer Use
Policy
Background and justification:
Seward City Code 3.05.015 A. 2. States the city council shall adopt all personnel policies. The city
manager requests the city council to adopt Personnel Policy #2023-05.
Personnel Policy #2023-05 provides the parameters concerning city computer use. The policy is
applicable to all employees.
Comprehensive and Strategic Plan Consistency Information
This legislation is consistent with (citation listed):
Comprehensive Plan:
Strategic Plan:
Other:
Certification of Funds
Total amount of funds listed in this legislation: $ 0
This legislation (✓):
Creates revenue in the amount of: $
Creates expenditure in amount of: $
Creates a savings in the amount of: $
x Has no fiscal impact
Funds are (✓):
Budgeted Line item(s):
Not budgeted
x I Not applicable
Fund Balance Information
Affected Fund (✓):
General SMIC Electric Wastewater
Boat Harbor Parking Water Healthcare
Motor Pool Other
Note: amounts are unaudited
95
Available Fund Balance $ NIA
Finance Director Signature:
Attorney Review
Yes Attorney Signature: a
Not applicable Comments:
Administration Recommendation
x Approve Res.
Other:
96
City of Seward
Computer Use Policy
Approved by City Council Resolution 2023-072
June 26, 2023
Policy #2023-05
Applicable to All Employees
1. INTRODUCTION
1.1 Purpose
Outline acceptable use and clarify the protection of City of Seward information assets
and technology resources. Unacceptable use exposes the City of Seward to unwarranted
risk (e.g., virus attacks, compromised network systems, services and legal issues
associated with data tampering, data theft and privacy). Due to the dynamic nature of
Computer Technology, policies, objectives and procedures stated in this manual will be
reviewed periodically, changed and/or added as necessary.
1.2 Scope
This policy is applicable to all City of Seward departments, divisions, boards,
commissions or other related entities which will be referred to as Department(s)
1.3 Definitions and Acronyms
LAN- Local Area Network.
IT — Information Technology Department
WEB- Internet.
2. Computer System(s), Service (s) Usage
2.1 Use of services
The City of Seward provides computers, printers, Local Area Networks (LAN) email, and
web services to all eligible personnel within the City.
All computers and transactions within the City are properties of the City of Seward. The
usage of these systems is permitted to conduct business for the City of Seward and for
administrating organizational workflows.
These services are not to be used by individuals for personal communication and/or
financial gain, or to conduct private business activities.
2.2 Eligible Users
The users who are eligible to use City Networking services are:
• All eligible employees of the City of Seward.
Policy #2023-05
June 26, 2023
Page 1 of 7
98
■ Any external person (s) who ore permitted by the City of Seward to use the above
services as per departmental, administrative or contract needs.
2.3 Requirements for Use
■ Fully read this manual and understand these policies and procedures
■ Agree and sign the Computer & Policies Procedures Form.
■ Obtain necessary user accounts with access and authorization organization from the
Information Technology Department.
2.4 Acceptable use policies
2.4.1 Access for Authorized Purposes
Acceptable use applies to all personnel (e.g., employees, partners, contractors,
consultants, temporaries, other City of Seward workers and workers affiliated with third
parties or anyone having access to City of Seward information that is not directly
accessible to the general public from a non- City of Seward network (e.g., Internet)} and
the use of all information processing equipment, including but not limited to computer
equipment, software, operating system, storage media, and network accounts providing
e-mail, web browsing, file transfer protocol (FTP), Smartphones.
Personnel must use City of Seward networks and associated systems for authorized
business purposes only. Personnel must not access information, programs, or systems
when such access is not required for an authorized business purpose. This includes
system administrators who must have system access rights due to their job
responsibilities. Information Technology Department personnel will monitor equipment,
systems, and network traffic at any time, for the purpose of security and network
maintenance.
2.4.2 Personal Computing Equipment Prohibited Use
Personnel must not use personal computing equipment (e.g., laptops, PC, workstations,
servers, external hard drive, USB devices, Smartphone or other networking equipment)
within the City of Seward wide area network (WAN) or local area networks (LANs) for
City of Seward or personal business.
2.4.3 Use of Issued Credentials
Personnel must use only their assigned user I Ds, network addresses, and network
connections to access City of Seward networks and associated systems. Sharing of
credentials to access City of Seward systems is prohibited.
2.5 Unacceptable Use policies
Under no circumstances are personnel of the City of Seward authorized to engage in any
activity that is illegal or in violation of local, State, federal or international law.
E-mail and Communications Prohibited Acti►►ities:
■ Any illegal activity.
Policy #2023-05
June 25, 2023
Page 2of7
99
■ Intentionally sending unsolicited e-mail messages, including the sending of 'Junk
mail" or other advertising material to individuals who did not specifically request
such material.
■ Any form of harassment via email, instant messaging, telephone, paging, or other
electronic means, whether through language, frequency, or size of messages.
■ Unauthorized use, or forging, of email header information.
■ Solicitation of email for any other email address, other than that of the poster's
account, with the intent to harass or to collect replies.
• Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any
type.
■ Use of unsolicited email originating from within CITY OF SEWARD networks or other
nternet/Intranet/Extranet service providers on behalf of, or to advertise, any service
hosted by CITY OF SEWARD or connected via the 5tate's network.
■ Posting the same or similar non-business-related messages to Usenet news groups
or web forums.
■ Use for access to or distribution of indecent or obscene material, including child
pornography.
■ Use for commercial activities, including advertising, unless specific to charter,
mission, or duties of the government agency.
■ Use for fundraising, political campaign or partisan activities, or public relations
activities not specifically related to CITY OF SEWARD government activities.
■ Use of CITY OF SEWARD information technology resources for personal gain.
System and Network Prohibited Activities:
■ Violations of the rights of any person or company protected by copyright "(D", or
trademark "TM" or registered "9", or trade secret, patent or other intellectual
property, or similar laws or regulations, including, but not limited to, the installation
or distribution of "pirated" or other software products that are not appropriately
licensed for use by the CITY OF SEWARD.
■ Unauthorized copying of Copyright Material "K)" including, but not limited to,
digitization and distribution of photographs from magazines, books or other
copyright sources, copyright music, and the installation of any copyright software for
which the CITY OF SEWARD or the end user does not have an active license is
strictly prohibited.
■ Revealing account information to others or allowing use of a personal account by
others. This includes family and other household members when work is being done
at home.
■ Using CITY OF SEWARD computing assets to actively engage in procuring or
transmitting material that is in violation of sexual harassment or hostile workplace
laws.
■ Making fraudulent offers of products, items, or services originating from any CITY OF
SEWARD account.
Policy #2023-05
June 25, 2023
Page 3of7
100
■ Intentionally causing security breaches or disruptions of network communication.
Security breaches include, but are not limited to, accessing data of which the
employee is not an intended recipient or logging into a server or account that the
employee is not expressly authorized to access. For purposes of this section,
"disruption" includes, but is not limited to, network sniffing, ping floods, packet
spoofing, denial of service, and forging route information for malicious purposes.
■ Network vulnerability testing, security scanning, virus or Trojan horse testing or
executing any form of network monitoring, which will intercept data not intended for
the user's host.
■ Any activity, application or service that disables, tampers with, circumvents security
solutions, services, controls, user authentication, security of any host, network or
account, or interfering with or denying service to any authorized user or service is
prohibited and strictly enforced.
■ Uses of peer-to-peer (P2P) file transfer solutions (e.g., Gnutella, BitTorrent, etc.)
without an approved business case justification and written approval from the
Information Technology Department.
■ Use of any external proxy systems or other similar technologies.
Organization- City of Seward
3.'1 Roles
To implement the computer policies for the City of Seward, the organization is divided into 3
groups
Users: Personnel who utilize a computer system, laptop, or any other computerized device
within the City of Seward.
Managers: Manage departmental personnel and computer use. Managers are also users of
computer systems/services and are required to follow these policies and procedures.
Information Technology Department: The Information Technology Department supports the
overall organization and all computer systems/servers under the direction of the City Manager
and Assistant City Manager. The Information Technology Department is also a user and is
required to follow all policies and procedures.
3.2 Computer related Responsibilities and Authority Users:
Users: Users use the computer systems and services allocated to them. They Report to their
manager or senior management.
They are also responsible for:
■ Following the latest version of computer policies and procedures of the organization.
■ Having knowledge about how to operate the computer systems and services
allocated to them.
■ Using the systems and services allocated them properly.
■ beeping the computer systems and working environment in clean condition.
Policy #2023-05
June 26, 2023
Page 4 ❑f 7
101
■ Helping in keeping the network traffic at a minimum.
■ Reporting any computer problems to MIS.
■ Requesting access to any computer system or services needed for doing
organizational business through their manager.
Managers
Managers are responsible for:
■ Following the latest version of computer policies and procedures of the organization
■ Having knowledge about how to operate the computer systems and services
allocated to them
■ Using the systems and services allocated them property
■ Monitoring users. Reports any activity which violates the computer policies
■ Reporting computer problems to the Information Technology Department.
Managers are empowered to:
■ Approve users' request for existing access to computer systems and services
■ Provide justification
Information Technology Department:
Receives requests from Department Heads for Software requests. Delegates MIS to obtain
hardware and software from recommended vendors. Installs and operates computer systems
and services e-mail, Internet, and Networking related functions.
Carries out hardware maintenance and inspection, resolves computer problems reported by
users, reports to Assistant City Manager and/or City Manager and Responsible for:
■ Maintaining an inventory of all computer assets.
■ Approving all computer related purchase requisitions.
■ Evaluating and selecting vendors for new assets and equipment
■ Receiving, testing, and installing hardware/software.
■ Maintaining and operating Servers and Administrative functions.
■ Prepare and renew software licenses for renewal.
■ Managing backup for departmental data in specified directory and server
locations.
■ Maintaining backup media.
■ Maintaining disaster and data recovery tools.
■ Solving problems reported by users.
■ Processing user requests and allocates computer resources
Empowered to:
■ Assist in selecting vendors, hardware, and equipment.
■ Accept and check all hardware and software from vendors.
■ Allocate computer resources.
Policy #2023-05
June 25, 2023
Page 5of7
102
4. COMPUTER SYSTEMS
4.1 Access to Systems and Network- Policies & Procedures
To gain access to City Computers and/or City networks, the following procedures for access to
these systems and networks shall be followed
■ User shall send a request through their managers to IT with their manager's
approval. IT will allocate resources sub.ect to availability. If these resources are
not available, IT will notify the departmental head. IT will allocate a unique
network id for every user with necessary authorization to the required
information or services as requested.
■ The newly requested network id details will be sent back to the concerned
Manager. Users should guard their passwords. Passwords should be periodically
changed and must be changed when compromised.
Guidelines/procedure for setting Password:
■ The password should be minimum of 8 characters (Consider the use of a
passphrase)
■ Password will be required to be changed at an interval set by IT.
■ Passwords should contain both characters and numeric.
■ Passwords should not be shared with other users.
■ Don't write your password and/or keep it where it can be found.
■ Don't store your passwords with others.
■ Lost or forgotten passwords should be reported to IT Immediately.
4.2 1 nstalling New Software
Any system allocated to the new user will come with default common software installed. It will
include common office software like word processor, spreadsheet program, presentation
program and viewer to view acrobat documents. It also comes with necessary printer drivers
installed and configured to the designated printer within the department.
The default common software will to be discussed with departmental head and modified
accordingly.
To comply with software license agreements and threat of viruses, users should not load any
software, including shareware and freeware, on to their computer systems. If a user wants any
additional software to do his/her daily business functions, he or she shall send a software
request to IT through their Manager with their manager's approval. IT will install the software
on the user's system based on license availability.
Any shareware freeware and/or new software necessary to meet the business needs are to be
tested and assessed by IT before using them.
Policy #2023-05
June 25, 2023
Page 5 of 7
103
4.3 Purchase of New Hardware and Software
Purchasing of new hardware requires technical evaluation to be done by qualified people. To
standardize the hardware and software purchased, IT is solely responsible for purchases of new
hardware and software.
4.4 Data Backup and Security
IT will work with departments to create and maintain a schedule of backups of network storage
as well as all servers in the datacenter. These backups will be rotated to maintain an offline
copy of the data as well as copied to the cloud for recovery if the physical datacenter becomes
unavailable. IT is not responsible for backing up data stored on local computers. Users are
urged to save data to their network drives.
Failure to comply with this policy and directive durin the course of your City
duties could lead to disciplinary action or termination.
Policy #2023-05
June 26, 2023
Page 7 of 7
104