The information below is provided primarily for reference by Tulsa County employees and contractors.
TULSA COUNTY RULES FOR ACCEPTABLE USE OF INFORMATION RESOURCES
The information in this document summarizes Tulsa County policies for the management and security of information resources, including, but not limited to: information processing equipment and materials; physical, electronic and other storage media; and tangible or intangible data owned or subject to use by Tulsa County. For additional information, refer to Tulsa County Policy TCP 2004, “Management and Security of Information Resources.”
DATA: AN INFORMATION RESOURCE
Except as otherwise provided by applicable law, other Tulsa County policy, or a legally binding agreement:
At any time and without notice, data of any kind processed by any means using Tulsa County information processing equipment, materials or implements is subject to being intercepted, monitored, examined, investigated, and otherwise lawfully and appropriately used by authorized representatives of Tulsa County for purposes of: (1) managing and ensuring the security of County information resources; and/or (2) supporting internal investigations. Such data includes, but is not limited to: handwritten, machine-printed, and electronic data; “private,” “personal,” and work-related documents and files; access, receipt and transmission records; saved, unsaved, current, archived, and discarded data; graphic, textual and numerical data; and electronic mail (“e‑mail”), voice-mail, fax transmissions, and telephonic communications.
ACCESS PRIVILEGES: COUNTY NETWORK SYSTEMS AND THE INTERNET
In the interest of maintaining the security of Tulsa County information resources:
Tulsa County information resources for which Tulsa County’s Department of Information Technology (IT) has current or future responsibility shall be networked to one another and/or to the Internet and/or to other external (non-County) devices and/or networks only by arrangement with IT.
Written authorization of the Elected Official/First Deputy or Division Director shall be obtained before any person accesses or attempts to access (a) County network systems by any means of entry; and/or (b) the Internet using County information resources. The type, extent and duration of access for each user shall be guided by work-related purposes, as stated by the Elected Official/First Deputy or Division Director in the written authorization. IT shall review the authorization for security purposes and shall inspect the prospective user’s workstation to ensure minimum equipment and software requirements are met. Access may be suspended or terminated for security or resource management reasons at any time without notice to the user. Persons with access to Tulsa County information resources shall not provide or assist in providing access to any unauthorized person.
Prior to access authorization, the user shall sign a statement that s/he has read and agrees to comply with the Rules for Acceptable Use of Information Resources. Promptly upon being completed, two copies of the signed Rules shall be sent by the authorizing department/division to IT.
Any material originating outside County information processing devices and networks, including but not limited to computer files and software, shall be screened by the user with virus detection software prior to being introduced into any networked Tulsa County computer, computer peripheral, or equivalent information resource. Assistance with this process is available through the Tulsa County Help Desk, upon request.
ACCEPTABLE USE OF COUNTY INFORMATION RESOURCES, INCLUDING INTERNET
Except as otherwise stated, users of Tulsa County information resources may:
Use information resources to which they have authorized access to perform appropriate work-related functions as determined within the responsible department/division and within the limits of applicable law. Among these work-related functions, all users shall be required to periodically purge electronic messages and files no longer needed for County business from their assigned storage areas.
Use the Internet (when access has been duly authorized in writing) to pursue personal interests as a skill development activity and as determined within the responsible department/division, provided that such use is (1) limited to nonduty time; (2) cost-free or of negligible practical cost to the County; (3) not excessive; (4) not contrary to any County or department/division-level policy, activity or objective.
UNACCEPTABLE USE OF COUNTY INFORMATION RESOURCES, INCLUDING INTERNET
Except for authorized law enforcement personnel acting within the legal limits of their duties, Tulsa County information resources shall:
Not be used to perform or assist in performing any illegal activity. (This includes, but is not limited to: obtaining or disseminating illegal material, including illegal use of copyrighted or pirated material; making libelous or slanderous statements; and causing or threatening to cause intentional harm to persons or property, including deliberate interference in the normal operation of any information resource.)
Not be used to violate the privacy, security or property rights of any person, group or institution, including but not limited to use of others’ passwords, sign-ons, or e-mail accounts.
Not be used to sell, transfer or disclose County data in any form without proper authorization and, when authorized, only after any sensitive information (credit card numbers, log-in passwords, etc.) has been appropriately suppressed (e.g., blackened out or covered before making a photocopy) or, if meant to be readable to specific recipients in electronic form, encrypted using County IT-approved methods.
Not be used to download software from a non-County source, unless the software is legally available for downloading and has been screened by virus detection software prior to being activated.
Not be used to misrepresent status as a spokesperson for Tulsa County and/or its departments/divisions. Only County officials and their designees may express official views on behalf of Tulsa County or their respective departments/divisions. Information resource users may truthfully state that they work for Tulsa County but shall not actively or passively make any misrepresentation that they “speak for” the County in expressing personal opinions.
Not be used to view, read, create, convey, transfer or otherwise use sexually explicit, pornographic or indecent materials. Because of the County’s strong disapproval of offensive or inappropriate sexual behavior in the workplace, County Internet users are advised to avoid any possibility of disciplinary action by not accessing suspect material. Should such material be unintentionally accessed, the user shall immediately disconnect from the material without calling others’ attention to it. Displaying such material to another person constitutes sexual harassment under some circumstances.
Not be abused or exploited in any manner that could strain County information resources or other (non-County) computing resources. (This includes, but is not limited to, using County resources to solicit or transact personal business for gain of any kind, including but not limited to sending of “junk mail”; using a County postal or e-mail address in a way that invites excessive incoming personal mail; having responses to personal or personalbusiness ads directed to County postal or e-mail addresses; and downloading, uploading, copying or storing large or numerous electronic files.)
Not be used to add connections or communication channels to any information resource without appropriate authorization, including prior approval of the Tulsa County Chief Information Officer if IT has current or future responsibility for the information resource.
SUPERVISOR AND IT NOTIFICATION OF SECURITY PROBLEMS
If a data loss, security compromise or policy violation is suspected to have occurred, the employee’s supervisor (or contractor’s liaison with the County) shall be notified immediately; and, in cases involving information resources for which IT has current or future responsibility, the Tulsa County Help Desk shall also be notified immediately.
VIOLATIONS OF POLICY
Any violation of the Tulsa County Rules for Acceptable Use of Information Resources may result in disciplinary action(s) against the violator(s). Available disciplinary actions include, but are not limited to: verbal reprimand; written reprimand inserted in employee’s personnel file; suspension or termination of access privileges; suspension without pay; and/or termination of employment (for contractors, termination of contract). Authorized and unauthorized users of Tulsa County resources are solely responsible for any illegal action they take and are subject to civil and/or criminal charges when warranted. Tulsa County cooperates with legitimate law enforcement activities involving persons alleged to have used County resources for illegal purposes.