ADOPTED - JUNE 26, 2001

Agenda Item No. 8

Introduced by the Administrative Services/Personnel Committee of the:

INGHAM COUNTY BOARD OF COMMISSIONERS

RESOLUTION APPROVING A POLICY REGARDING THE USE OF COUNTY RESOURCES, INCLUDING INFORMATION TECHNOLOGY RESOURCES

RESOLUTION #01-200

WHEREAS, Ingham County employees have been provided resources in order to carry out their job duties; and

WHEREAS, the County Attorney and Human Resources Director have recommend that a policy be adopted addressing the appropriate use of these resources by County personnel and to define and reserve the rights of Ingham County as the employer; and

WHEREAS, the MIS Advisory Committee, in conjunction with Management Information Services Department, have developed the attached policy addressing the use of county resources for employees, including information technology resources; and

WHEREAS, the County Attorney and Human Resources Director have reviewed the policy and provided recommendations to the Advisory Committee and the Management Information Services Department; and

WHEREAS, copies of this proposed policy have been distributed to Elected Officials, Department Heads, and Unions for their review.

THEREFORE BE IT RESOLVED, that the Ingham County Board of Commissioners hereby adopt the attached Policy Regarding the Use of County Resources, Including Information Technology Resources.

BE IT FURTHER RESOLVED, the policy will be implemented upon the adoption of this resolution and will be distributed to Department Heads and Elected Officials and to all users of County computers and resources covered under this policy.

ADMINISTRATIVE SERVICES/PERSONNEL: Yeas: Stid, Celentino, Minter, De Leon, Swope Nays: None Absent: None Approved 6/19/01

INGHAM COUNTY

Policy Regarding the Use of County Resources, Including Information Technology Resources

This policy sets forth Ingham County's policies with regard to the use of county resources generally, and

information technology ("IT") resources specifically. County resources generally refer to county equipment and supplies (desks, vehicles, office supplies, copiers, etc) provided by the county to assist employees in carrying out their work. IT resources refer specifically to items such as personal computers, software, the county network, phones, the county provided Internet connection, the county web page and Intranet; e-mail, electronic voice and video communication, facsimile, the Internet and future technologies). The policy addresses, among other things, county access to, review or disclosure of electronic files, electronic mail and electronic voice and video communications through or stored on any part of the county's IT resources. These policies do not constitute a contract. The County reserves the right to change them at any time.

General Policy

County resources generally, and IT resources specifically, may be provided to employees exclusively to assist in the efficient and effective day to day operations of offices, departments and agencies. Their intended use includes the facilitation of the employees work; collaboration and exchange of information within and between County departments, agencies, other employees, other branches of government and the public. Their use also includes providing the public with enhanced access to services and information.

County department heads, elected officials, and the Chief Judge, with technical assistance from the MIS Department if necessary, have the capability to access, review, copy, modify and delete any information transmitted or stored in IT resources, including voice and e-mail messages. The appropriate County department head, elected official, or the Chief Judge reserve the right to access, review, copy, modify or delete all such information for any purpose and to disclose it to any party if legally compelled to do so, pursuant to the Freedom of Information Act, or if the County otherwise deems it appropriate. Those voice or other IT resources files containing personal information of an employee as a result of an employee's making incidental use of the IT resources system for personal purposes, including the transmission of personal voice and e-mail messages, will be treated no differently than other files, i.e., the County department heads, elected officials, and the Chief Judge reserve the right to access, review, copy, modify, delete or disclose them for any purpose required by law, or which the County department heads, elected officials, and the Chief Judge deem appropriate in its discretion. Accordingly, employees should not use the IT resources system to send, receive or store any personal information that they wish to keep private. Employees should treat the IT resources system like a shared file system -- the files or messages sent, received or stored anywhere in the respective systems will be available for review by the appropriate County department head, elected official, or the Chief Judge and, may be disclosed to third parties.

Software developed using county equipment or on County time is the property of the county. Access to County resources shall be through a password as made available by the Management Information Systems Department ("MIS Department").

Expectations of appropriate use are set and enforced by the county-wide elected official, Chief Judge,department head, or as set forth by statute.

II.

Prohibited Uses of County Resources

County resources generally, and IT resources specifically, may be provided to employees exclusively to assist in the efficient and effective day to day operations of offices, departments, and agencies. Notwithstanding the foregoing, the following uses of county resources, including IT resources, are strictly prohibited, and violation of these policies may result in discipline, up to and including immediate discharge and, where appropriate, civil and/or criminal liability. This list is not intended to be all-inclusive and individuals may be disciplined, or subject to civil or criminal liability for matters not listed below:

1. Knowingly or negligently viewing, downloading, or any distribution or solicitation of offensive or harassing statements, transmission of defamatory, obscene, offensive or harassing messages or messages that disclose personal information without authorization.

2. Knowingly or negligently viewing, downloading, or any distribution or solicitation of incendiary statements which may incite violence or describe or promote the use of weapons or devices associated with terrorist activities.

3. Knowingly or negligently viewing, downloading, or any distribution or solicitation of sexually oriented messages or images that are unrelated to the duties being performed.

4. Any use of County-provided resources for illegal purposes or in support of such activities.

Any use of county resources for commercial purposes, product advertisement or "for-profit" personal activity unless authorized for this purpose.

6. Any sexually explicit use, whether visual or textual that is unrelated to the duties being performed.

7. Any use for religious or political lobbying.

III.

Prohibited Uses of IT Resources

1. Duplicating, transmitting or using software which is not in compliance with software licensing agreements and/or unauthorized use of copyrighted materials or other person's original writings.

2. Security violations including, but not limited to:

A. Accessing accounts or information within or outside the County's computers and communications facilities for which an employee is not authorized or does not have a business need.

B. Knowingly or inadvertently spreading computer viruses.

C. Transmitting confidential and/or attorney-client privileged communication and information without proper security and authority.

D. Misuse of another's password, negligent or intentional disclosure of the assigned password or any attempt to defeat the password security.

3. Modifying or altering software, programs or the standardized configuration of the equipment supplied by the County including software, hardware, and OS system files without prior authorization from the MIS Department.

4. Installing, removing, storing, uploading or downloading software or programs to the IT system without prior approval from the MIS Department. All approved installations must be performed by MIS personnel or at their direction.

5. Making available a network service (FTP server, WWW server, etc.) without written permission from the MIS Department.

6. Moving county equipment from its MIS designated location to a new location without prior authorization from the MIS Department.

7. Installing hardware or software without permission of MIS.

8. Intentionally wasting IT resources by, for example:

A. Placing a program in an endless loop; or,

B. Disrupting the use or performance of County-authorized IT resources or any other computer system or network.

C. Distributing "junk mail" such as chain letters, advertisements or unauthorized solicitations.

9. Making available any access to the County's telecommunications equipment, computers, or associated media without written authorization from the MIS Department.

Using the computer system to copy and/or transmit software programs, documents or other information protected by copyright law.

Policy Implementation

The Ingham County Board of Commissioners has adopted the County Resources Policy to govern the use of county resources, including IT resources, and reserves the right to change any portion of it at any time.

There are three groups involved with the implementation of the County Resources Policy: 1) the County-wide elected officials, Chief Judges, and Department Heads; 2) the MIS Department; and 3) the Information Systems Advisory Committee.

Except as provided by this policy, the County-wide elected officials, Chief Judges, and Department Heads are responsible for determining and enforcing appropriate use of county resources, including IT resources, by employees or contractors under their supervision and control. County-wide elected officials, Chief Judges, and Department Heads may establish standards of appropriate use which are more stringent than defined in this policy.

Where authorization by the MIS Department is required, the MIS Director is responsible for issuing guidelines for obtaining such authorization. The guidelines may include the delegation of authorization to others, including departmental MIS liaisons or the County-wide elected officials, Chief Judges, or Department Heads.

The Information Systems Advisory Committee ("ISAC") advises and assists the MIS Department in the development of long term county resource plans, implementation of system upgrades and new technologies, development of operational procedures affecting users, and the resolution of conflicts involving county resources. The ISAC is responsible for monitoring the overall effectiveness of the County Resources Policy and for recommending changes to the policy. The ISAC will also review any proposed guidelines implementing the policy which are proposed by the MIS Director, prior to their issuance.

Membership on the ISAC shall be comprised of representatives from the major program areas of the County: two representatives from the area of Law and Courts, one from the Human Services area, one from the Administrative Services area, and the Board Coordinator. Representatives shall be appointed by the Controller in consultation with the MIS Director.

Ingham County employees, County-wide elected officials, Judges and department heads are encouraged to use the ISAC to proactively address issues relating to the enhancement of technology within Ingham County government.