Kanawha County Commission
Charleston, WV
COMPUTER USAGE AND INTERNET POLICY
1.0 INTRODUCTION
The County Commission provides access to the information and resources of the Internet to assist its employees in the performance of their duties. The equipment and security necessary to provide this access are the result of large capital investments and a commitment of personnel resources provided by the general tax dollars of the County. This policy is designed to help you use these resources wisely, and understand the Commission’s expectations for the use of these resources.
POLICY
Access to the Internet, and the computer equipment utilized by Commission employees is intended for use as a business tool during the performance of their duties. As such, communication with taxpayers, vendors, or other related parties via e-mail, or research for relevant topics in order to obtain useful business information is an example of acceptable activity.
Employees shall conduct themselves in an honest and appropriate manner when accessing the Internet, and shall respect the copyrights, software licensing rules, property rights, and other related issues during their Internet usage. All existing County policies apply to your conduct on the Internet and e-mail systems. This includes, but is not necessarily limited to misuse of County resources, sexual harassment, information and data security, and in some instances confidentiality.
Written communications either posted directly to the Internet, or sent via e-mail may be viewed by a potential recipient of this information as representative of the County Commission’s philosophy. As such, employees must take special care to maintain a modicum of restraint when communicating to sources outside of the County offices. Political or other related communications are strictly prohibited. If anyone is found proliferating political messages via e-mail, or the Internet they will be subject to disciplinary action deemed appropriate by the Commission or County Manager.
2.0 DETAILED INTERNET AND COMPUTER USAGE PROVISIONS
2.1 General Provisions
2.1.1 The County Commission has software and systems in place that monitor and record all Internet usage. Our security systems are capable of recording (for each and every user) each World Wide Web site visit, each chat, newsgroup or e-mail message, and each file transfer into and out of our internal networks. The Commission reserves the right to access this information for monitoring purposes at any time. No employee should have any expectation of privacy as to his/her PC usage. Management will periodically review Internet activity and analyze usage patterns. In the event it is discovered that employees are spending too much time on the Internet in unproductive areas, or are accessing sites that are not appropriate, the employee will be subject to disciplinary action.
2.1.2 The County Commission and its management reserve the right to inspect any and all files stored in any area of the computer network, including local hard-drives in order to ensure compliance with the policies and procedures promulgated by the Commission.
2.1.3 The display of any kind of sexually explicit material on any County system is a violation of the Commission’s employment and sexual harassment policy. In addition, sexually explicit material may not be archived, stored, distributed, edited, or recorded using our network or computing resources.
2.1.4 The County Commission utilizes independently supplied software and data to identify inappropriate or sexually explicit Internet sites. The Commission reserves the right to block access from within our networks to all such sites. If you find yourself accidentally connected to an Internet site that contains sexually explicit or offensive material, you must disconnect from that site immediately, regardless of whether that site had been previously deemed acceptable by any screening or rating program.
2.1.5 The County’s Internet and computer resources must not be used to violate the laws and regulations of the United States or any other nation, or the laws and regulations of any state, city, or province or other local jurisdiction in any way. Use of any County resource for illegal activity is strictly prohibited, and may subject the employee(s) to criminal prosecution. Furthermore, the employee(s) will be subject to termination pending an appropriate investigation.
2.1.6 Any software or files installed on the County network, or other computer equipment become the property of the County. Unauthorized downloads of files or other related matter is strictly prohibited. Files or software may be used only in ways that are consistent with their licenses or copyrights and may not be deleted by anyone but authorized System Administrators.
2.1.7 No employee may use County facilities to download or distribute pirated software or data. Further, no software such as Kazaa, or any other Gnutella type file sharing program may be installed. Remote PC access software such as Go2MyPC may not be installed without System Administrator and supervisor authorization.
2.1.8 No employee may propagate any virus, worm, Trojan horse, or trap-door program code.
2.1.9 No employee may use the County’s facilities to disable or overload any computer system network, or to circumvent any system, particularly those intended to protect the privacy or security of another user.
2.1.10 Each employee using the Internet/Network facilities of the County shall identify himself/herself honestly, accurately, and completely (including one’s Agency affiliation and function where requested) when participating in chat groups, newsgroups, or when setting up accounts on outside computer systems or accessing network resources.
2.1.11 Only those employees or officials who are authorized to speak to the media, analysts, or on behalf of the County may speak/write in the name of the County to any newsgroup or chat room. Others may participate in newsgroup or chat room activities as it relates to their duties, but are not permitted to speak on behalf of the County Commission.
2.1.12 The County retains the copyright to any material posted to any forum, newsgroup, chat or World Wide Web page by any employee in the course of his or her duties.
2.1.13 Employees are reminded that chats and newsgroups are public forums where it is inappropriate to reveal confidential County information, customer data, trade secrets, and any other material deemed confidential or inappropriate by the County Commission. Anyone found violating this rule shall be subject to disciplinary action deemed appropriate by the County Commission or County Manager.
2.1.14 In the interest of keeping employees well informed, use of news briefing services is acceptable, within limits that may be set by each department’s activities.
2.1.15 Employees are permitted to use the Internet facilities for non-business research or browsing during meal time or other breaks, or outside of work hours, provided that all usage and related policies are followed.
2.1.16 Employees must take particular care to understand the copyright, trade-mark, libel, slander and public speech control laws of all countries so that our use of the Internet does not inadvertently violate any laws that may be enforceable against the County.
2.1.17 Employees may not download software onto their PC either from the Internet, or other source without the authorization of the System Administrator. Software must be used only under the terms and agreements of its license. Furthermore, employees may not use the Internet to download entertainment software or games, or to play games against opponents over the Internet. Images, music, and/or videos may not be downloaded unless there is an express business related use for the material.
2.1.18 Employees may not upload any software licensed to the County of data owned or licensed by the County without the express authorization of the manager responsible for the software or data. All data exported must be properly scanned for viruses using approved, current virus software.
3.1 Technical
3.1.1 User ID’s and passwords help maintain individual accountability for PC and Internet usage. Any employee who obtains a password ID for a network resource from the County must keep that password confidential. County policy prohibits the sharing of user ID’s or passwords.
3.1.2 Password protected screensavers must be active any time a PC is left unattended, If a PC is left for an extended period of time, the user must log off.
3.1.3 No employee shall attempt to gain access to an PC or other part of the network to which they are not authorized.
3.1.4 Employees are encouraged to schedule large communication intensive operations such as large file transfers, video downloads, large e-mails and similar operations for off-peak times.
3.1.5 Any file that is retrieved from or stored to disk must be scanned for viruses before it is run or accessed regardless of its origin.
4.1 Security
4.1.1 The County utilizes an Internet firewall to assure the safety and security of the County’s networks. Any employee who attempts to disable, defeat or circumvent any County security facility will be subject to immediate dismissal.
4.1.2 Files containing sensitive County data, as defined by the Commission or any of its existing policies that are transferred in any way across the Internet must be encrypted.
4.1.3 Only those Internet services and functions with documented business purposes for this County will be enabled at the Internet firewall.
5.1 Monitoring Activities
5.1.1 It is the responsibility of management to conduct periodic safety assessments to ensure that our employees comply with the policies and procedures set forth in this document. Management shall report any findings to the County Commission.
5.1.2 The Systems Administrator is responsible for monitoring the results of our Intrusion Detection System, and shall make a monthly report to the County Commission of all unauthorized attempts to gain access to the County’s computer systems. In the event a serious attempt, or breach of the system should occur, the Systems Administrator shall immediately notify the County Manager and Deputy County Manager, as well as the County Commission.
5.1.3 The County Manager and/or Deputy County Manager shall periodically employ the services of an independent security analysis firm to review and test the integrity of the County’s computer network. Such tests should be conducted at least every six (6) months. Any serious weaknesses found during the course of this independent analysis shall immediately be brought to the attention of the County Commission.