|
The information below is provided primarily for reference use by Tulsa County employees and contractors. The information in this document summarizes Tulsa County policies for the management and security of information resources, including, but not limited to: information processing equipment and materials; physical, electronic and other storage media; and tangible or intangible data owned or subject to use by Tulsa County. For additional information, refer to Tulsa County Policy TCP 2004, "Management and Security of Information Resources." DATA: AN INFORMATION RESOURCE Except as otherwise provided by applicable law, other Tulsa County policy, or a legally binding agreement: At any time and without notice, data of any kind processed by any means using Tulsa County information processing equipment, materials or implements is subject to being intercepted, monitored, examined, investigated, and otherwise lawfully and appropriately used by authorized representatives of Tulsa County for purposes of: (1) managing and ensuring the security of County information resources; and/or (2) supporting internal investigations. Such data includes, but is not limited to: handwritten, machine-printed, and electronic data; "private," "personal," and work-related documents and files; access, receipt and transmission records; saved, unsaved, current, archived, and discarded data; graphic, textual and numerical data; and electronic mail ("e-mail"), voice-mail, fax transmissions, and telephonic communications. ACCESS PRIVILEGES: COUNTY NETWORK SYSTEMS AND THE INTERNET In the interest of maintaining the security of Tulsa County information resources: Tulsa County information resources for which County Management Information Systems (MIS) has current or future responsibility shall be networked to one another and/or to the Internet and/or to other external (non-County) devices and/or networks only by arrangement with MIS. Written authorization of the Elected Official/First Deputy or Division Director shall be obtained before any person accesses or attempts to access (a) County network systems by any means of entry; and/or (b) the Internet using County information resources. The type, extent and duration of access for each user shall be guided by work-related purposes, as stated by the Elected Official/First Deputy or Division Director in the written authorization. MIS shall review the authorization for security purposes and shall inspect the prospective user's workstation to ensure minimum equipment and software requirements are met. Access may be suspended or terminated for security or resource management reasons at any time without notice to the user. Persons with access to Tulsa County information resources shall not provide or assist in providing access to any unauthorized person.
Any material originating outside County information processing devices and networks, including but not limited to computer files and software, shall be screened by the user with virus detection software prior to being introduced into any networked Tulsa County computer, computer peripheral, or equivalent information resource. Assistance with this process is available through the MIS Help Desk, upon request. ACCEPTABLE USE OF COUNTY INFORMATION RESOURCES, INCLUDING INTERNET Except as otherwise stated, users of Tulsa County information resources may: Use information resources to which they have authorized access to perform appropriate work-related functions as determined within the responsible department/division and within the limits of applicable law. Among these work-related functions, all users shall be required to periodically purge electronic messages and files no longer needed for County business from their assigned storage areas. Use the Internet (when access has been duly authorized in writing) to pursue personal interests as a skill development activity and as determined within the responsible department/division, provided that such use is (1) limited to nonduty time; (2) cost-free or of negligible practical cost to the County; (3) not excessive; (4) not contrary to any County or department/division-level policy, activity or objective. UNACCEPTABLE USE OF COUNTY INFORMATION RESOURCES, INCLUDING INTERNET Except for authorized law enforcement personnel acting within the legal limits of their duties, Tulsa County information resources shall: Not be used to perform or assist in performing any illegal activity. (This includes, but is not limited to: obtaining or disseminating illegal material, including illegal use of copyrighted or pirated material; making libelous or slanderous statements; and causing or threatening to cause intentional harm to persons or property, including deliberate interference in the normal operation of any information resource.) Not be used to violate the privacy, security or property rights of any person, group or institution, including but not limited to use of others' passwords, sign-ons, or e-mail accounts. Not be used to sell, transfer or disclose County data in any form without proper authorization and, when authorized, only after any sensitive information (credit card numbers, log-in passwords, etc.) has been appropriately suppressed (e.g., blackened out or covered before making a photocopy) or, if meant to be readable to specific recipients in electronic form, encrypted using MIS-approved methods. Not be used to download software from a non-County source, unless the software is legally available for downloading and has been screened by virus detection software prior to being activated. Not be used to misrepresent status as a spokesperson for Tulsa County and/or its departments/divisions. Only County officials and their designees may express official views on behalf of Tulsa County or their respective departments/divisions. Information resource users may truthfully state that they work for Tulsa County but shall not actively or passively make any misrepresentation that they "speak for" the County in expressing personal opinions. Not be used to view, read, create, convey, transfer or otherwise use sexually explicit, pornographic or indecent materials. Because of the County's strong disapproval of offensive or inappropriate sexual behavior in the workplace, County Internet users are advised to avoid any possibility of disciplinary action by not accessing suspect material. Should such material be unintentionally accessed, the user shall immediately disconnect from the material without calling others' attention to it. Displaying such material to another person constitutes sexual harassment under some circumstances. Not be abused or exploited in any manner that could strain County information resources or other (non-County) computing resources. (This includes, but is not limited to, using County resources to solicit or transact personal business for gain of any kind, including but not limited to sending of "junk mail"; using a County postal or e-mail address in a way that invites excessive incoming personal mail; having responses to personal or personal-business ads directed to County postal or e-mail addresses; and downloading, uploading, copying or storing large or numerous electronic files.)
SUPERVISOR AND MIS NOTIFICATION OF SECURITY PROBLEMS If a data loss, security compromise or policy violation is suspected to have occurred, the employee's supervisor (or contractor's liaison with the County) shall be notified immediately; and, in cases involving information resources for which MIS has current or future responsibility, the MIS Help Desk shall also be notified immediately. VIOLATIONS OF POLICY Any violation of the Tulsa County Rules for Acceptable Use
of Information Resources may result in disciplinary action(s)
against the violator(s). Available disciplinary actions include,
but are not limited to: verbal reprimand; written reprimand inserted
in employee's personnel file; suspension or termination of access
privileges; suspension without pay; and/or termination of employment
(for contractors, termination of contract). Authorized and unauthorized
users of Tulsa County resources are solely responsible for any
illegal action they take and are subject to civil and/or criminal
charges when warranted. Tulsa County cooperates with legitimate
law enforcement activities involving persons alleged to have
used County resources for illegal purposes. |
