Monterey County

Information Technology Policies

  

appendix a - Information Technology Policy
Familiarity Checklist for Individual County Employees

The following is a summarization of the responsibilities assigned to individual County officers and employees through the Information Technology Policies.  It is intended as a training aid to simplify the process of obtaining an overall understanding of the detailed policies, however, it is not intended to replace those policies.  For clarification and interpretation of the policies it is necessary to consult the actual policy.  In no manner shall this checklist be interpreted as the actual Countyís adopted policy.

1.0              Overall Policy

No individual responsibilities

2.0              Strategic Planning Policy

No individual responsibilities

3.0              Asset Management Policy

                  No individual responsibilities

4.0              Appropriate Use Policy

        Use information technology resources in ways consistent with the mission and objectives of County government.

        Do not make unauthorized copies of software, information, communication, data, or digital media.

        Do not operate or request others to operate any County information technology resource for personal reasons, gain, benefit, or profit.

        Do not divulge the contents of County records or reports to anyone except in the conduct of their work assignment.

        Do not knowingly record any false, inaccurate, or misleading information.

        Do not violate intellectual property rights or copyright protections, nor misrepresent, tamper with, destroy, or steal information produced by others.

        Do not record, store, or process illegal material, such as child pornography, form any source, except as required to fulfill law enforcement responsibilities.

        Do not record, transmit, retrieve, or store any information of a discriminatory or harassing nature, or materials that may be perceived as obscene.  This prohibition includes abusive, profane, or offensive language or pictures and is extended to preclude any derogatory or inflammatory remarks about an individualís race, age, disability, religion, national origin, physical attributes, or sexual preference.

         Do not electronically transmit any confidential or sensitive information without enacting approved security measures, such as encryption.

        Limit the distribution of e-mail messages to those that need to know and limit the size of messages and attachments when a broad distribution is necessary to avoid adverse network and workstation performance.

        Respect the privacy of others and do not send or forward chain e-mail messages or notes.

        Be responsible for the content, syntax, and format of all text, audio, or images that you send or retrieve.

5.0              Operations Policy

        Do not place food, drinks, or other liquids around computer equipment.

        Make backup copies of critical information per the parameters defined in the Operations Policy.

        Ensure that confidential information is encrypted when stored, even in backup copies.

6.0              Security Policy

        Be responsible for maintaining the physical and logical security of information technology assets under your control or jurisdiction.

        Take steps to prevent unauthorized access, disclosure, duplication, modification, diversion, destruction, loss, misuse, or theft of information under your control.

        Protect third party information and trade secrets that have been entrusted to Monterey County.

        Challenge unescorted visitors to restricted areas where confidential information may be stored or in use, including questioning their identity and purpose in the area, and accompanying them out of the area to their destination or a reception area where they can await the party they are seeking to visit.

        Report the theft or loss of computer hardware, software, or data to management and security officials.

        Use a screen saver to blank the screen and prohibit unauthorized viewing or access to your system when you must leave it, even for a brief period of time.

        Make sure anti-virus programs are active at all times on computer systems you use.

        Never leave portable, laptop, palmtop, etc. devices unattended unless any confidential information stored upon them is encrypted.

        Protect all forms of confidential and sensitive data to prevent its loss or access by unauthorized individuals.

        Construct unique passwords consistent with the Security Policy.  Keep your password confidential and change it often.  Never divulge your password to another person, and change it immediately if you ever suspect them someone else has come to know it.

        Report suspected breaches of security to management and appropriate security officials.

        Report virus incidents immediately to management and appropriate security officials.

        Report all network or systems software malfunctions to the Information Technology Department Help Desk or the external information systems service provider immediately.

7.0              Data Privacy Policy

        Understand the responsibilities of data privacy requirements and safeguard the confidentiality of personally identifiable information.

8.0              Personal Computing Device Policy

        Understand the responsibilities of being afforded use of personal computer devices and effectively using the County information technology assets while maintaining conformance with adopted County information technology policies.

9.0              Unified Technical Architecture Management Policy

No individual responsibilities

10.0          Sourcing & Procurement Policy

No individual responsibilities

11.0          Chargeback Policy

No individual responsibilities