HomeMy WebLinkAbout972868.tiffWELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
Table of Contents
Latest Revision Date: August 18, 1997
Page
MISSION STATEMENT 3
ROLES AND RESPONSIBILITIES 4
SPECIFIC DUTIES AND RESPONSIBILITIES:
BOARD OF COUNTY COMMISSIONERS 5
GOVERNANCE COMMITTEE 6
USERS 7
INFORMATION SERVICES/SCT CORPORATION 9
INFORMATION SERVICES GOVERNANCE 12
WELD COUNTY INTERNET ACCEPTABLE USE POLICY
GENERAL 20
ELECTRONIC COMMUNICATIONS 20
PUBLIC NETWORKS 20
INTRODUCTION 21
GUIDELINES 22
ROLES AND RESPONSIBILITIES 24
INFORMATION SERVICES 24
ISGC 24
COUNTY DEPARTMENTS AND AGENCIES 24
PROTECTING PROPRIETARY INFORMATION 25
1
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
Table of Contents
Latest Revision Date: August 18, 1997
DATA SENSITIVITY 25
CONFIDENTIAL DATA 25
RESTRICTED DATA 25
PROPRIETARY DATA 25
UNCLASSIFIED DATA 26
DATA SENSITIVITY PROCESSING GUIDELINES 26
SECURITY 27
MODEM/INTERNET SECURITY 27
ACCEPTABLE USE GUIDELINES 29
GENERAL 29
PARTICIPATION IN DISCUSSION GROUPS 31
CLASSES OF MAIL ALLOWED 31
QUALIFICATIONS FOR ACCESS AUTHORITY 31
WEB SERVER GUIDELINES 32
INITIAL APPROVAL 32
GUIDELINES 32
USE OF ELECTRONIC MAIL 34
EMPLOYEE ACCESS 34
EMPLOYEE CONDUCT 34
MONITORING 34
RETENTION/ARCHIVING/DESTRUCTION 35
PUBLIC REQUESTS 35
GLOSSARY OF TERMS 36
APPLICABLE STATE OF COLORADO CODES 37
APPENDIX A 39
2
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
DEPARTMENT MISSION
Latest Revision Date: January 31, 1994
The mission of the Weld County Information Services Department is to provide all county departments with
computing and information services support which meets or exceeds their expectations.
This mission is accomplished by playing a leadership role in county -wide strategic planning for information
systems, user community involvement, and innovative uses of technology in meeting county needs. The
Information Services Department works to expand and enhance the quality and quantity of its services,
and plays a key role in facilitating the county's utilization of technology in order to improve its services to
the public at the lowest cost possible.
Information Services will fulfill this mission by organizing in the most effective manner, by staffing with the
highest quality professionals, by a continuing outreach program of working with and involving users, by
competent and visionary management, by the application of proven methodologies, and by a
comprehensive understanding of the latest technologies and how they apply to local government functions.
The Information Services Department is guided and directed by the goals and objectives established by
the Governance Committee, the Weld County Director of Finance and Administration, and the Board of
County Commissioners. In addition, Information Services provides leadership in the critical review of plans
and progress, and the assessment of goals and objectives in the light of new technology and the changing
needs of the county.
The Information Services Department is a service department and must provide its services in the most
effective manner possible. The department's success is basically determined by the reactions of its users.
The department solicits the reactions, comments and suggestions of its users, and incorporates these,
where possible, into its service delivery.
The department is flexible in its organization and staffing in order to accommodate the changes that occur
in technology and in the requirements of county departments. This includes a regular review of
organization, positions and their descriptions, and the nature and types of services provided in order to be
prepared to meet these ever changing needs. This also includes a regular review of all policies and
procedures to ensure that these are supportive and responsive in providing the required services to meet
the current needs.
3
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
ROLES AND RESPONSIBILITES
Latest Revision Date: January 31, 1994
Board of County Commissioners:
Provide overall direction to the information services function by formally adopting and approving policies
and guidelines for information services functions.
Information Services Governance Committee:The Weld County Information Services Governance
Committee was established by the Board of County Commissioners and is advisory to them to recommend
computer and information systems policies and procedures for the county. The committee's
responsibilities are to:
A. Recommend information services policies and procedures.
B. Provide a forum for recommending priorities and service levels.
C. Serve as a communication link between information services and the user
community.
Users:
A. Ensure that information services requested by and provided to them are consistent with the
efficient and effective use of their resources.
B. Ensure that all members of their department adhere to all Weld County related information
services policies and standards.
SCT Corporation:
A. Via a facilities management contract, is responsible for providing or being involved in all
information service activities in Weld County and for operation of the Department of
Information Services and the Information Services Center.
B. In conjunction with the Information Services Governance Committee, recommend priorities,
coordinate the allocation of resources, and coordinate county -wide information service
activities in Weld County.
4
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
SPECIFIC DUTIES AND RESPONSIBILITIES OF
BOARD OF COUNTY COMMISSIONERS
Latest Revision Date: January 31, 1994
Based upon recommendations from the other participants in the information services management, the
Board of County Commissioner should:
1. Formally approve and adopt policies and guidelines for information services in Weld
County. The principal policy should be to develop and operate only those systems
which satisfy county needs in an effective and efficient manner.
2. Approve long- and short-range information system plans and their implementation:
the long-range plan approved by the board shall act as a master guide for setting
annual priorities.
3. Review and approve specific Information Services Department proposals to meet
the county's information processing needs.
4. Approve policies and procedures for the effective utilization of information resources
by county departments.
5. Approve the funding of information services resources within the capacity of Weld
County.
5
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
SPECIFIC DUTIES AND RESPONSIBILITIES OF
THE GOVERANCE COMMITTEE
Latest Revision Date: January 31, 1994
The following specific duties will be assigned to the Information Services Governance Committee.
1. Monitor the information services function overall.
2. Review long- and short-range information systems plans and their implementation:
the long-range plan approved by the Board of County Commissioners shall act as
a master guide for setting annual priorities.
3. Review specific Information Services Department proposals to meet the county's
information processing needs.
4. Identify the annual information system priorities and related budgetary impact.
These priority recommendations will become an integral part of the budget process
subject to adjustment during budget preparation and adoption, and upon final
budget approval, will be established as part of the Information Services
Department's annual work program.
5. Monitor budget and time schedules.
6. Facilitate resolution of organizational conflicts arising from the impact of new
systems implementation and other information system utilization issues.
7. Develop policies and procedures for the effective utilization of information resources
by county departments.
6
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
SPECIFIC DUTIES AND RESPONSIBILITIES OF USERS
Latest Revision Date: January 31, 1994
The specific duties and responsibilities of each user are to:
General Responsibilities:
1. Designate a management level position to act as a departmental information
services liaison who provides management liaison between the user department,
governance committee, and the management from the Department of Information
Services.
2. Serve as the advocate for any service requested by the department.
3. Insure that aII department personnel adhere to county policies and procedures
related to information services.
Existing System Responsibilities:
4. Set priorities for user discretionary computer system maintenance requests.
5. Identify the need for changes to, or replacement of, existing systems in conjunction
with the Department of Information Services.
6. Insure that all computer system resources requested by and provided to them are
consistent with the efficient and effective use of their resources.
New System Development Responsibilities:
7. Identify future system needs to the Department of Information Services and the
governance committee in a timely fashion.
8. As needs arise, propose new development and major enhancement projects and
provide justification for them to the governance committee and Board of County
Commissioners.
9. Provide the necessary user staffing for all new development projects performed by
the Department of Information Services for the user department.
7
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
SPECIFIC DUTIES AND RESPONSIBILITIES OF USERS
Latest Revision Date: January 31, 1994
10. Review and approve all preliminary and final systems definitions and designs.
11. Review and approve the acceptance tests of all new systems.
12. Maintain communication with the management of the Department of Information
Services in new development projects by attending regularly scheduled
management review meetings.
8
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
SPECIFIC DUTIES AND RESPONSIBILITIES OF
INFORMATION SERVICES DEPARTMENT
VIA CONTRACT SERVICES OF SCT CORPORATION
Latest Revision Date: January 31, 1994
The following specific duties will be assigned to the Information Services Department:
Consultation Responsibilities:
1. Serve as a technical resource to the Board of County Commissioners, governance
committee, all departments, and appropriate public entities on matters pertaining
to information management.
2. Participate, with technical expertise, in determining whether the county's best
interests are served by specific systems.
Advisory Responsibilities:
3. Keep the governance committee and appropriate departments and public entities
continuously advised concerning the status of the design and operation of systems
which affect them.
4. Participate on committees relating to information services in Weld County.
Direct Action Responsibilities:
5. Represent Weld County to vendors of computer and data communications
equipment, systems, and services.
6. Provide for the acquisition and administration of personnel, hardware, software,
contracts, grants, and related services necessary to support the information
services requirements of any user or Weld County in general.
7. Inform users in advance, and consider their assessments of proposed major
changes to hardware, software, and related resources which may affect their
systems.
8. Take action to ensure the efficient use of any information service hardware,
software, staff, and related resources.
9
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
SPECIFIC DUTIES AND RESPONSIBILITIES OF
INFORMATION SERVICES DEPARTMENT
VIA CONTRACT SERVICES OF SCT CORPORATION
Latest Revision Date: January 31, 1994
9. In conjunction with the Director of Finance and Administration and governance
committee, provide the management control necessary to guarantee the most
effective use of information service resources in Weld County.
10. Establish and enforce county -wide standards and procedures and necessary
security measures for information processing.
11. Provide for project management of computer application development activities for
departments and agencies within Weld County.
12. Design, development or requisition of same, for all computer systems and
enhancements to existing systems.
13. Maintain and modify existing computer systems.
14. Provide for continued operation and scheduling of existing systems.
15. Prepare project packages in response to requests from users for new development
projects and feasibility studies for review during the budget and annual work plan
process.
16. Identify opportunities for information systems in conjunction with users.
17. Apply a county -wide perspective to information services planning.
18. Identify and coordinate proposals that affect more than one department or system
area.
19. Coordinate with the user to determine the priorities of approved information service
projects.
20. Review user requests for development of new systems and major enhancements
to existing areas.
10
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
SPECIFIC DUTIES AND RESPONSIBILITIES OF
INFORMATION SERVICES DEPARTMENT
VIA CONTRACT SERVICES OF SCT CORPORATION
Latest Revision Date: January 31, 1994
21. Control and coordinate the funding to systems development projects.
22. Provide a centralized clearing house for all computer hardware, software and
service acquisition, and purchases.
23. Maintain an inventory of all computer hardware and software.
24. Establish and enforce county -wide standards and procedures and necessary
security measures for centralized and personal computer systems.
25. Insure that any hardware or software solution not only meets the user's
requirements but also adheres to the overall county computer strategy.
26. Develop and maintain assessment guidelines for use in hardware and software
selection.
27. Facilitate county -wide sharing of related information.
11
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INFORMATION SERVICES GOVERNANCE
Latest Revision Date: January 31, 1994
Introduction
The Weld County Information Services Department has the need for continuing guidance on service
policies and development plans from a body which clearly represents the elected and appointed officials
of the county. "Governance" is the process of securing user input on such issues as department direction,
establishing priorities, reviewing technical decisions, and providing effective user communication in
systems development and daily operations. The governance process is meant to involve those persons,
organizations and interests served by the computing resource in meaningful and significant participation.
The functions of the Information Services Department are unique when weighed against those of most
agencies within Weld County. They encompass many technology -driven activities that, at times, more
closely resemble research and development efforts than the procedural or statutory activities of a county
agency. The Information Services Department provides services to all elements of the jurisdiction within
which it operates. Because i' is service -oriented, this organization must receive continual feedback from
the user community concerning direction and performance.
Because of its technical nature, the Information Services Department requires unique control methods that
would normally not be applied to any other county function. These controls must ensure that the best
interests of the entire county are served and, at the same time, ensure that the services offered to users
are relevant and cost effective. This form of control is best applied through the use of an information
services governance structure.
Proper control of the information services function requires two separate governance levels. On one level,
the Information Services Governance Committee is responsible for general control of the continuing
operation of the information services function. The second level consists of specific functional
subcommittees (Finance and Administration, Criminal Justice, Human Services, Property, and Clerk and
Recorder) responsible for monitoring activities within their unique areas. The functional subcommittees
and their respective departments for Weld County are shown in Attachment 1.
12
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INFORMATION SERVICES GOVERNANCE
Latest Revision Date: January 31, 1994
The Information Services Governance Committee is responsible to the Board of County Commissioners,
but possesses some specific powers. The committee acts in a top level policy advisory capacity to the
Board of County Commissioners, and is responsible for the execution of information resources policies.
To do so, the committee must first develop a strategic vision of the direction in which the development of
county information resources is headed. Having formulated an overall picture, the committee must then
translate the elements of their vision into specific activities, executable by means of a clearly delineated
operational process. This process specifies the roles and functions of the committee itself, of the
Information Services Department, and of involved departments and any other appropriately concerned
county agency.
Among the other responsibilities of the committee are to recommend information services policies and
procedures, and to review and approve those procedures when drafted. The committee is the focal point
for the prioritization process, both of the activities recommended by the planning process and those that
will arise in other contexts. In addition, the committee addresses the allocation of resources within the
Information Services Department, serving as a vehicle for resolving conflicts arising from competition for
those resources and from the overlapping impact of new system requirements.
Purpose and Structure:
1. The Weld County Information Services Governance Committee is established by the Board
of County Commissioners to recommend computer and information systems policies and
procedures for the county. The committee's responsibilities include:
A. Establishing information services policies and procedures.
B. Providing a forum for recommending priorities and service levels.
C. Serving as a communication link between Information Services and the user
community.
2. As a group, the governance committee acts in an advisory capacity to the Board of County
Commissioners and performs monitoring functions on behalf of the board and user
departments. The committee members are jointly responsible for the effective use of the
information services resources.
13
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INFORMATION SERVICES GOVERNANCE
Latest Revision Date: January 31, 1994
3. In order to ensure the unique controls required by information system activities, the
governance committee functions at two separate levels. First, the committee operates as
a whole to provide overall county monitoring of the continuing development and operation
of the information systems resource. Second, each member elected official/department
head represents a specific functional subcommittee which is responsible for monitoring
activities within their specific areas.
Role:
The role of the Information Services Governance Committee includes the following:
1. Monitor the overall information services function.
2. Review long- and short-range information systems plans and their implementation: the
long-range plan accepted by the committee shall act as a master guide for setting annual
priorities.
3. Review specific Information Services Department proposals to meet the county's
information processing needs.
4. Identify the annual information system priorities and related budgetary impact. These
priority recommendations will become an integral part of the budget process subject to
adjustment during budget preparation/adoption, and upon final budget approval, will be
established as part of the Information Service Department's annual work program.
5. Monitor budget and time schedules.
6. Resolve organizational conflicts arising from the impact of new systems implementation and
other information systems utilization issues.
7 Develop policies and procedures for the effective utilization of information resources by
county departments.
14
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INFORMATION SERVICES GOVERNANCE
Latest Revision Date: January 31, 1994
Membership:
1. The governance committee is comprised of five (5) voting members and one (1) ex -officio
member. The voting members include an elected official/department head (either
appointed or elected) from each of the functional subcommittees in the county: Criminal
Justice, Human Services, Finance and Administration, Property, and Clerk and Recorder.
The ex -officio member is the SCT Information Services Executive Director. The
Chairperson shall be the Director of Finance and Administration.
2. The responsibilities of the Chairperson are to:
A Execute committee decisions.
B. Preside at and call to order committee meetings.
C. Enforce committee rules.
D. Initiate and stimulate discussions of governance committee issues.
E. Adjourn meetings and establish future meeting times.
F. Notify members of the committee calendar.
G. Distribute minutes and background information.
H. Ensure minutes are taken at each meeting.
In the absence of the Chairperson, he appoints a temporary Chairperson.
15
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INFORMATION SERVICES GOVERNANCE
Latest Revision Date: January 31, 1994
Voting:
1. A simple majority of voting members of the governance committee is considered to be a
quorum. In the absence of a voting member, his designee is entitled to vote. Each
member, or his designee, present and voting has one vote.
2. An open invitation to attend all meetings is made to all elected officials/department heads.
An exchange of ideas and information may take place among everyone present, but
decisions and recommendations may be determined by a simple majority of members
serving and voting.
Meetings:
1. The governance committee meets on a monthly basis, or as necessary, at a time and
location as determined by the members.
2. The Information Services Department submits to the governance committee for its approval
the procedures to be followed by the department's staff, the functional subcommittees and
the governance committee for the development of the long-range strategic plan.
3. The Information Services Department provides a monthly status report to the committee
members. Information services also prepares a draft agenda prior to each meeting which
is reviewed by the Chairperson, finalized and distributed before each meeting.
4. Reports prepared for submission to the Board of Commissioners will bear the signature of
the governance committee Chairperson.
5. All requests by user departments for the acquisition and use of information services,
telecommunications, or word processing, hardware, software, and services will conform
with county computer use and acquisition policies and procedures.
16
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INFORMATION SERVICES GOVERNANCE
Latest Revision Date: January 31, 1994
Functional Subcommittees:
So that every department has a voice in information services decision making, each elected
official/department head (or his/her designee) shall meet periodically with the other members of that
functional subcommittee to discuss issues of common concern. On an annual basis, they will compile a
list of their information services priorities for the following fiscal year. The group's primary goal will be to
get an interdepartmental consensus of those priorities. The person representing the group on the
governance committee will present the priorities to the committee, which will then merge them, along with
those submitted by the other functional groups, into a comprehensive list for consideration during the
budget process.
Among the specific factors to be considered by the functional subcommittees are the time frames in which
specific projects or other activities can be carried out, the cost considerations involved, the staffing
requirements, and the subsequent maintenance activities. In addition, these subcommittees serve as
reporting vehicles from the departments within their respective functional area, channeling that information
up to the governance committee and funneling information from the committee back to the departments.
Purpose and Structure:
1. The functional subcommittees (Criminal Justice, Human Services, Finance and
Administration, Property, and Clerk and Recorder) are established to support the functions
and activities of the Governance Committee and to ensure that every department has a
voice in information services decision making.
2. The functional subcommittees meet periodically to discuss issues of common concern and,
on an annual basis, address the issues of priorities based on the goals and objectives of
the county regarding information services.
3. The responsibilities of the functional subcommittees are to:
A. Identify information systems needs with each member department and prioritizing
these needs to develop and update the long-range strategic plan.
B. Recommend appropriate actions to the governance committee concerning system
development and maintenance.
17
WELD COUNTY
ADMINISTRikTIVE MANUAL
INFORMATION SERVICES
INFORMATION SERVICES GOVERNANCE
Latest Revision Date: January 31, 1994
Ensure that resources necessary for the successful implementation of systems are
made available by user departments.
D. Resolve conflicts among user departments relevant to implementation of systems.
E. Ensure that user department systems design decisions are made in accordance with
annual information system work programs and approved project schedules.
F. Interact with Information Service Department management regarding operational
concerns such as production schedules and information system procedures.
G. Provide regular progress reports to the governance committee regarding system
implementation and other projects.
Maximize coordination of information system applications and systems among user
departments.
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INFORMATION SERVICES GOVERNANCE
Latest Revision Date: January 31, 1994
ATTACHMENT 1
FUNCTIONAL SUBCOMMITTEES
FINANCE AND ADMINISTRATION:
PROPERTY:
Accounting
General Services
Board of County Commissioners
Clerk to the Board
County Attorney
Finance
Personnel
Communications
CRIMINAL JUSTICE:
District Attorney
Office of Emergency Management
Sheriff
Useful Public Service
HUMAN SERVICES:
Health
Human Resources
Social Services
Extension
Ambulance Service
Housing Authority
Assessor
Building Inspection
Engineer
Planning
Treasurer
CLERK AND RECORDER:
Motor Vehicle
Recording
Elections
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SYSTEM
INTERNET ACCEPTABLE USE POLICY
GENERAL
Latest Revision Date: August 18, 1997
Information Services, in conjunction with the Weld County Information Services Governance Committee
(ISGC), has taken the necessary steps to provide an Internet Acceptable Use Policy (IAUP) on acceptable
use of the Internet by County agencies and departments. Any County agency or department eligible for
and having funding for the Internet will be provided with access under the terms and conditions of this
policy. Violation of this policy may be grounds for having access to Internet services revoked.
The objective of this policy is to minimize the risks to business functions and government owned assets,
and to assure adherence to regulatory and legal requirements and enterprise policies when County
resources are used to access public networks.
The scope of this policy applies to electronic communications on public networks including but not limited
to the following:
Electronic Communications
► e-mail
► File Transfer
Remote Login
Remote Control Software
► Discussion Groups/Bulletin Boards
► World Wide Web, Gopher, Web Servers, Wide Area Information Servers (WAIS)
Public Networks
► Internet
► America Online, CompuServe, Prodigy ...
► Online Search Services such as Dialog, Paperchase...
► Dialup Bulletin Board Systems
20
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
INTRODUCTION
Latest Revision Date: August 18, 1997
Internet access can provide significant business benefits for County government agencies. However, there
are also significant legal, security, and productivity issues related to how the Internet is used. Examples
of such issues are:
► The potential to receive computer viruses from Internet information sources.
► The potential for someone to eavesdrop on data or correspondence which is exchanged
via the Internet.
The potential for a County government employee, through the content of their Internet
exchanges, to impugn the reputation of local government officials and thereby invite civil
liabilities.
The potential for County government employees to be enticed by the vast social and
informational forums of the Internet into spending significant work time on nonproductive
activities.
If County government agencies or any person using an Internet connection sufficiently
upsets other Internet users, the connection could be flooded with traffic in protest, thus
negatively impacting the availability of the service for true business purposes.
Outside access to local databases can overwhelm the processing power of the local
network.
21
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
GUIDELINES
Latest Revision Date: August 18, 1997
The purpose of the following is to provide a short checklist of procedures which should be followed while
accessing public networks through company resources. These guidelines govern both County employees,
contractors, and anyone working via County direction . For more specific and detailed policy statements,
refer to the sections that follow in this policy manual.
Use of County resources for accessing public networks is for work related purposes only.
Act responsibly when participating in discussions over a public network. Be polite and do
not get abusive in your messages to others. Remember -- defamation can occur due to
malicious use of the Internet.
Do not use public networks inappropriately. Your use may be monitored and access may
be revoked at any time for inappropriate conduct.
► Determine and abide by the policies and procedures of any external network you access.
You are expected to be a "responsible network citizen" (Netiquette).
Downloading of any software programs or applications (including but not limited to
shareware, freeware, demo's, etc) is strictly prohibited. All such requests must go through
Information Services.
When downloading non -application software, check for copyright or licensing agreements.
If there is any doubt, do not copy. If a licensing agreement exists or you must pay for the
information, it must first be approved by the Information Services Governance Committee.
► There should be no automatic requests for information on the Internet.
o.
PP
Avoid the generation of excessive Internet Email.
The target directory must be scanned with anti -virus software before and after downloading
any file(s) from the Internet. As most downloads are in a "zipped" format -- scanning the
file(s) after "unzipping" is necessary. It is user responsibility to insure that the downloaded
file(s) are free from known viruses.
22
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
GUIDELINES
Latest Revision Date: August 18, 1997
Do not use software (network "probes") which attempts to discover properties about the
public network or computing resources connected to that network.
Be aware that any data transferred via the Internet is prone to be monitored and/or
intercepted by unintended destinations.
All County e-mail is a Public Record and may be subject to public inspection.
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
ROLES AND RESPONSIBILITIES
Latest Revision Date: August 18, 1997
Role of Information Services
Establish the Internet Acceptable Use Guidelines
Apprise elected officials/department heads of any continued abuse
It is specifically NOT the role of Information Services to act as the "Net Police".
Information Services cannot be held responsible for non-professional usage, improper humor. or the
moderation and monitoring of e-mail or Usenet groups. Disciplinary actions for Sexual Harassment and
Hostile Work Environments violations and for use of County property for personal purposes are defined
by the County policy published in the Employee Handbook.
Role of the ISGC
► Review and approve the Internet Acceptable Use Guidelines
► Advocate adherence to the policy
Role of the County Departments and Agencies
► Act as authorizing agent that allows access to the Internet
► Ensure that guidelines are followed
► Provide for training of employees that they want to have access
► Budget for service and associated training, if needed
► Establish their own data sensitivity policy
► See "Protecting Proprietary Information"
24
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
PROTECTING PROPRIETARY INFORMATION
Latest Revision Date: August 18, 1997
DATA SENSITIVITY
Persons transmitting enterprise data over public networks should ensure that the data is processed
according to its level of sensitivity by using the definitions and guidelines which follow. After having read
the following sections, if you are unsure of how to properly handle specific data, contact the information
asset owner (data custodian) for guidance.
DATA SENSITIVITY DEFINITIONS
Confidential Data
► Shows specific strategies and major directions
► Confidential information as defined by local, state or federal laws, rules or regulations (e.g.
Social Services data)
► Data of other business/persons with respect to which the enterprise is under an obligation
of confidentiality
Restricted Data
► Working files not completed for public dissemination
► Is of such a nature that unauthorized disclosure would be against the best interest of the
County
► Personnel Data
► Data with restricted use or access per local, state or federal laws, rules or regulations (e.g.
criminal justice data)
Proprietary Data
All enterprise related information requiring baseline security protection, but failing to meet specified
criteria for higher classifications:
► Organizational Policies and Procedures that are internal by nature
► Internal announcements
25
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
PROTECTING PROPRIETARY INFORMATION
Latest Revision Date: August 18, 1997
Unclassified Data
Information which requires no security protection:
► Public information
► Public announcements
Internal correspondence and documentation which do not merit a security classification.
Data Sensitivity Processing Guidelines
Confidential
Restricted
Proprietary
Unclassified
Encrypted
Encrypted
Owner defines
permissions
High Volume
Use other alternatives
(mail carrier)
Owner defines
permissions
Owner defines
permissions
High volume
Use other alternatives
(mail carrier)
Marked
confidential
High volume
Use other
alternatives
(mail carrier)
Electronic
confirmation
required
High volume
Use other
alternatives (Mail
Carrier)
26
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
SECURITY
Latest Revision Date: August 18, 1997
Internet growth over the last several years has been many tens of thousands of percent. There are literally
hundreds of millions of pages of Internet information and billions of publicly available files. It is impossible
to monitor every site in the world to determine if the site has material available which violates policy. Even
if a specific item is in violation of County standards, blocking access will not prevent access to the material,
as many sites are either mirrored at other locations, or change their name and IP number regularly to avoid
prosecution.
Modem/Internet Security
Therefore, the following modem/Internet security guidelines must be adhered to:
When utilizing a modem for remote access to another computer one must be aware and follow the
acceptable use policy, if any, regarding the remote public/private system.
► There is no such thing as a 100 percent secure system, the human element is always the weakest
link in system security.
► Make sure any related passwords are secure, DO NOT share the password(s) or write
passwords on paper. Also, it is recommended that a password consists of letters and numbers.
Within the software which controls the modem, it is recommended that the "answer off' (if
applicable) mechanism is exercised in all situations, unless approved by Information Services.
If one elects to download non -application software , the download directory MUST be scanned with
an anti -virus program immediately following the download. Information Services will be happy to
train the end -user on utilizing the anti -virus program. Be aware if you have a modem and are on
the County network, it is possible for a virus to attack any or all networked computers.
Do not distribute the phone number of the shared or dedicated modem line unless it is absolutely
required
27
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
SECURITY
Latest Revision Date: August 18, 1997
If the phone number to the remote system is long-distance, keep the call to a minimum length as
possible.
► If the modem is external, turn it off when the modem is not in use.
28
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
ACCEPTABLE USE GUIDELINES
Latest Revision Date: August 18, 1997
This section represents a guide to the acceptable use of the Internet for County employees. This section
intends only to address the issue of Internet use. In those cases where data communications are carried
across other regional networks, network users are advised that acceptable use policies of those other
networks apply and may limit use.
GENERAL
Participating agencies assume the responsibility for providing reasonable publicity and enforcement for
this "Internet Acceptable Use Policy". Ultimate responsibility for traffic that does not conform to this policy
lies with the individual end user. It is the responsibility of the County agency to monitor and rectify the
behavior of their users who disregard this policy.
It is also the responsibility of the agencies to provide adequate training for their users to ensure appropriate
network use.
Information Services and the County accepts no responsibility for the traffic which it transports and which
violates the acceptable use policy of any connected networks, beyond informing the County agency if and
when a violation is brought to the attention of the ISGC.
All use of the Internet must be consistent with the goals and purposes of the Internet and within the spirit
of this acceptable use policy. The guidelines listed herein are provided to make clear the categories of use
which are consistent with the purposes of the Internet. The intent is not to exhaustively enumerate all such
possible uses or misuses.
Internet computing resources are world-wide, and all users are urged to exercise common sense and
decency with regard to these shared resources. Particular attention should be paid to policies developed
for various Internet services by Internet users (such as Usenet policies).
Because of the diversity of resources on the Internet, an even moderately complete listing of do's and
don'ts would be quite large. In general, common sense should be used to judge situations. The following
guidelines are given as a starting point.
► Computing resources should be used only in the support of the administrative, instructional, and
research objectives vi the County.
29
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
ACCEPTABLE USE GUIDELINES
Latest Revision Date: August 18, 1997
► Appropriate use of resources is limited to the official work of the agencies.
► Examples of inappropriate use of resources include, but are not limited to,
► any traffic that violates State/Local and Federal laws
► any traffic that is unethical in nature
► distribution of unsolicited advertising
► propagation of computer worms and/or viruses
► distribution of chain letters
► attempts to make unauthorized entry to another network node
► use for recreational games
► personal use
► sexually offensive material
The ISGC endorses the following guidelines concerning computing resources.
► Respect the privacy of others. Do not seek information about, obtain copies of, or modify electronic
information belonging to other users unless explicitly authorized to do so by those users.
► DO NOT share passwords with others or use passwords not belonging to you.
► Respect appropriate laws and copyrights. The distribution of programs, databases, and other
electronic information resources is controlled by the laws of copyright, licensing agreements, and
trade secret laws. These should be observed.
All County agencies must accept these guidelines and understand network traffic originating from their
location is to be consistent with this policy. Information Services can not police the network but may refer
to the appropriate office holder for disciplinary action any agency that appears to be in persistent and/or
serious abuse of this policy. Questions pertaining to the policy or interpretation of the policy should be
submitted to the ISGC.
Information Services may at any time make a determination that particular uses are not consistent with the
purposes of the Internet connection. Such determinations will be reported to the agency's department
head, as appropriate, for information and possible imposition of sanctions. Persistent and/or serious
violations of the policy may result in withdrawal of approval to use the Internet or other penalties.
30
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
ACCEPTABLE USE GUIDELINES
Latest Revision Date: August 18, 1997
PARTICIPATION IN DISCUSSION GROUPS
There should be a good business reason for participating in any discussion group over the Internet.
Even in a discussion but not limited to a discussion, the user must be aware that the information he or she
puts out on the Internet will be perceived as the official Weld County position unless specifically identified
as personal opinion. If you are offering your own opinion, be sure it is clearly identified as such. Also, a
good rule of thumb is: "If you would be embarrassed to have someone read it on a postcard, don't say it
on the Internet."
In addition, all of the rules which apply to other forms of written correspondence apply here, even though
the style is more casual.
CLASSES OF MAIL ALLOWED
Setting the standards for both casual and official correspondence is the responsibility of the individual
department and would be the same for the Internet as for other forms of written correspondence.
QUALIFICATIONS FOR ACCESS AUTHORITY
Before Information Services approves a user for Internet access, a Weld County Computer Security
Request Form (see appendix A) must be properly filled out and according to the normal procurement
process.
WELD COUNTY I
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
WEB SERVER GUIDELINES
Latest Revision Date: August 18, 1997
Information Services and the Weld County Governance Committee will review all Web access proposals
to ensure the project adheres to all guidelines set forth in this section.
1. Initial Approval - Any proposed Web access must be submitted to the Information Services
Governance Committee for initial approval of the proposed project.
A. The following information must be provided to Information Services for them to review and
assist in submitting the initial request to the Governance Committee.
1) State the general purpose of the project and how it relates to Weld County
business.
2) Define the scope of the project. What information is going to be made available and
to whom. Who is the targeted user of the project.
3) Provide initial design documentation, which includes a rough page layout, applets,
links, images, etc.
4) Identify any Weld County data accessed that is not located on the web server and
indicate how the data will be used.
5) Who is the designated contact person within the department for this project. This
person will be responsible for maintaining current information.
6) What are the security requirements of the project.
2. Guidelines - If initial approval is granted for the project, the following guidelines must be followed
during the development.
A. Information Services must establish and maintain a fully functioning firewall for web access
projects to be operating in production.
B. Information Services will monitor applications and network activity and set restrictions as
needed to prevent problems with Weld County data or internal network processing.
32
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
WEB SERVER GUIDELINES
Latest Revision Date: August 18, 1997
C. Appropriate security levels will be maintained by Information Services.
D. Information Services will approve and allocate resource requirements.
E. To help ensure compatibility between applications, use development tools as defined by
Information Services and approved by the ISGC.
F. Information Services must first review and approve the proposed location of the data and
Web page access, Web server, and network access points.
G. All development and/or enhancements to a project must be performed and tested on a
designated test Web server.
H. After testing is completed and the project is reviewed by Information Services, the project
will be transferred to the production Web server. Only Information Services will have
development access on the production Web Server.
Information Services' main priority is to maintain the integrity of the Weld County data and
in-house network processing capabilities. If at any time, the web page and/or associated
links/controls do not adhere to the set standards or cause a problem for what ever reason,
the web page may be terminated without notification.
J. Contents of Web pages should be approved by Department Head/Elected Official or his or
her designee.
33
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
USE OF ELECTRONIC MAIL
Latest Revision Date: August 18, 1997
Use of Electronic Mail
Electronic mail ("e-mail") is defined as any message that is transmitted electronically between two or more
computers or terminals, whether stored digitally or converted to hard (paper) copy. Under part 2 of article
72 of title 24, C.R.S. , e-mail messages are considered public records and may be subject to public
inspection, Pursuant to §24-72-203, C.R.S. All computer -related information, including e-mail messages,
are the property of Weld County and are considered the County's records.
1. Employee Access
All county employees with a need will be assigned a users address by Information Services. These
addresses may be used to send and receive e-mail messages to/from other county employees.
Conduct for use of these e-mail systems is detailed below.
Elected officials and department heads may also request an e-mail address that is Internet -
accessible. At the request of the department head or elected official, employees will be provided
Internet -accessible e-mail addresses for conducting county business. Employees will be provided
such e-mail addresses, pending county technology capabilities and availability; continued access
to Internet -accessible e-mail will be contingent upon the employee's conduct, as outlined previously
in this document anci reviewed below. Costs associated with e-mail access will be evaluated
annually and determined through the County's budget process.
2. Employee Conduct
As with any county property or equipment, e-mail should be used for official county business only.
However, strictly forbidden e-mail usage includes use for personal profit or gain; transmission of
political messages; solicitation of funds for political or other purposes; or sending of harassing
messages.
3. Monitoring
Because e-mail is county property, the county has the right to inspect and review any e-mail or
other data stored on county computers/equipment. Information Services is responsible for
monitoring electronic mail through regular computer/network maintenance. Additionally, County
34
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
USE OF ELECTRONIC MAIL
Latest Revision Date: August 18, 1997
officials may inspect and copy e-mail and computer records when there are indications of
impropriety by an employee, when substantive information must be located and no other means
are readily available, or when necessary for conducting county business. Supervisors may review
the contents of an employee's electronic mail without the employee's consent.
4. Retention/Archiving/Destruction
E-mail messages that concern policies, decision -making, specific case files, contracts or other
information that should be kept as part of the official records of county business should be retained
by the recipients of such e-mail. Therefore, employees are responsible for retaining and archiving
electronic mail messages as official records of county business. E-mail messages should be stored
on the County's network drives.
The Director of Information Services is the official custodian of electronically/digitally stored
information, including electronic mail. Information Services is responsible for monitoring and
retrieving archived data/information.
Users (employees) are responsible for archiving e-mail messages. After 45 days, employees
should delete e-mail messages to minimize storage requirements. Information Services is
responsible for long-term storage of electronic mail and will retain/destroy e-mail records in
accordance with the records retention schedules established for records by the State (pursuant to
part 1 of article 17 of title 6, C.R.S.)
5. Public Requests
Public requests for electronic mail that is a public record should be submitted to the elected
official/department head. Public requests for public records wi// be handled in compliance with the
Public Records Act. If a request is made to inspect electronic mail County staff shall prior to
release consult with the elected official/department head prior to allowing inspection of the
correspondence for the purpose of determining whether the correspondence is a public record.
Members of the public who request public electronic mail records will be charged for the costs of
providing those records, in accordance with the County fee schedule.
35
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
GLOSSARY OF TERMS
Latest Revision Date: August 18, 1997
Data Custodian Owner or person responsible for the data.
E-mail (electronic mail) widely used network application in which mail messages are
transmitted electronically between end users over various types of networks using
various network protocols.
Gopher
HTTP
ISGC
Internet
IP
SCT
Usenet
WAIS
WWW
The Internet Gopher is a distributed document delivery service. It lets users access
various types of data residing on multiple hosts. This is done by presenting the user
menu documents and by using a client -server communications model.
Hyper Text Transport Protocol
Information Services Governance Committee.
Term used to refer to the world's largest internetwork, connecting thousands of
networks worldwide and having a "culture" that focuses on simplicity, research, and
standardization based on real -life use.
Internet protocol. The network layer for the TCP/IP Protocol Suite. It is a
connectionless, best -effort switching protocol that offers a common layer over
dissimilar networks.
Systems and Computer Technology Corporation.
The thousands of topically named newsgroups, the computer which run them, and
the people who read and submit Usenet news.
Wide Area Information Servers. A distributed information service that offers natural
language input, indexed searching, and lets the results of initial searches influence
future searches.
World wide web. A project that merges information retrieval and hypertext to make
an easy to use, powerful, global, academic information system.
36
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
APPLICABLE STATE OF COLORADO CODES
Latest Revision Date: August 18, 1997
Applicable State of Colorado Codes
§ 18-5.5-101. Definitions
As used in this article, unless the context otherwise requires:
(1) "Authorization" means the express consent of a person which may include an employee's job
description to use said person's computer, computer network, computer program, computer software,
computer system, property, or services as those terms are defined in this section.
(2) "Computer" means an electronic device which performs logical, arithmetic, or memory functions
by the manipulations of electronic or magnetic impulses, and includes all input, output, processing, storage,
software, or communication facilities which are connected or related to such a device in a system or
network.
(3) "Computer network" means the interconnection of communication lines (including microwave or
other means of electronic communication) with a computer through remote terminals, or a complex
consisting of two or more interconnected computers.
(4) "Computer program" means a series of instructions or statements, in a form acceptable to a
computer, which permits the functioning of a computer system in a manner designed to provide appropriate
products from such computer system.
(5) "Computer software" means computer programs, procedures, and associated documentation
concerned with the operation of a computer system.
(6) "Computer system" means a set of related, connected or unconnected, computer equipment,
devices, and software.
(7) "Financial instrument" means any check, draft, money order, certificate of deposit, letter of credit,
bill of exchange, credit card, debit card, or marketable security.
(8) "Property" includes, but is not limited to, financial instruments, information, including electronically
produced data, and computer software and programs in either machine or human readable form, and any
37
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
APPLICABLE STATE OF COLORADO CODES
Latest Revision Date: August 18, 1997
other tangible or intangible item of value.
(9) "Services" includes, but is not limited to, computer time, data processing, and storage functions.
(10) To "use" means to instruct, communicate with, store data in, retrieve data from, or otherwise
make use of any resources of a computer, computer system, or computer network.
§ 18-5.5-102. Computer crime
(1) Any person who knowingly uses any computer, computer system, computer network, or any part
thereof for the purpose of devising or executing any scheme or artifice to defraud; obtaining money,
property, or services by means of false or fraudulent pretenses, representations, or promises; using the
property or services of another without authorization; or committing theft commits computer crime.
(2) Any person who knowingly and without authorization uses, alters, damages, or destroys any
computer, computer system, or computer network described in section 18-5.5-101 or any computer
software, program, documentation, or data contained in such computer, computer system, or computer
network commits computer crime.
(3) If the loss, damage, or thing of value taken in violation of this section is less than one hundred
dollars, computer crime is a class 3 misdemeanor; if one hundred dollars or more but less than four
hundred dollars, computer crime is a class 2 misdemeanor; if four hundred dollars or more but less than
fifteen thousand dollars, computer crime is a class 5 felony; if fifteen thousand dollars or more, computer
crime is a class 3 felony.
38
WELD COUNTY
ADMINISTRATIVE MANUAL
INFORMATION SERVICES
INTERNET ACCEPTABLE USE POLICY
APPENDIX "A"
Latest Revision Date: August 18, 1997
Weld Coun
COMPUTER SECURITY REQUEST
Requestor:
Dept:
Extension:
Date:
ADD
DELETE
CHANGE
Users Name:
Dept:
Extension:
Term ID:
Servers:
Groups:
EMAIL Groups:
SECURITY Manager(s):
Facilities:
SERVER
Banner / PeopleSoft
UNIX (Banner batch)
EMAIL
Modem / Dial -in
Modem / Dial -out
Internet - EMAIL
Internet - WEB / FTP
Special Instructions:
Elected Official/Department Head's Approval:
Date:
Director of IS Approval:
Date:
Implemented by:
Date:
39
Hello