The URL can be used to link to this page

Browse Search

Home My WebLink About20200251.tiffEXHIBIT INVENTORY CONTROL SHEET ORD2020-09 - IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMATION TECHNOLOGY, OF THE WELD COUNTY CODE Exhibit Submitted By Description Proposed Change presented to BOCC A. Bruce Barker at Second Reading 02/10/20 Email received prior to Final Reading — B. Bruce Baker Change Proposed for Final Reading C. D. E. F G. H. J. K. L. M. N. O. P. Q. R. S. 2020-0251 ORD2020-01 O2 Sec. 9-1-10. — General provisions. A. The Information Technology Acceptable Use Policy is to be followed by ALL employees (full time, part time, seasonal, temporary, interns), elected officials, contractors, vendors, and other authorized individuals ("Users") who utilize any information technology (IT), electronic, or other communication device owned and provided by Weld County, or who are granted access to any Local Area Networks and/or Wide Area Networks or other technology services maintained and provided by Weld County. B. This Policy applies to any activity performed from a County -owned computing device or personally owned computing device that is connected to, or has access to, the County computing network. Additional policies related to information technology must be approved by Information Technology and the Board of County Commissioners, based on internal business needs. C. This Policy does not apply to any County -owned computing device or personally owned computing device that is connected to, or has access to, the County computing network when used by the Weld County Criminal Justice Agency personnel in the scope and course of their work for and on behalf of a Weld County Criminal Justice Agency in accordance with the Agency's Criminal Justice Information System Policy. The term "Criminal Justice Agency" is defined in Section 24-72-302(3), C.R.S. goOaLa,2 61 EXHIBIt 4/C1(11 3A,al From: Sent: To: Cc: Subject: Cheryl Hoffman Wednesday, February 12, 2020 9:04 AM Bruce Barker; Ryan Rose Don Warden RE: Chapter 9 - Updates for your review Thank you. I'll make the redline correction for 3rd Reading. n c �a scr `man Deputy Clerk to the Board 1150 O Street/P.O. Box 758 Greeley, CO 80632 Tel: (970) 400.4227 choffman@weldgov.com From: Bruce Barker <bbarker@weldgov.com> Sent: Wednesday, February 12, 2020 8:37 AM To: Ryan Rose <rrose@weldgov.com>; Cheryl Hoffman <choffman@weldgov.com> Cc: Don Warden <dwarden@weldgov.com> Subject: RE: Chapter 9 - Updates for your review Excellent. Thanks. We will bring that up at 3rd reading. Bruce T. Barker, Esq. Weld County Attorney P.O. Box 758 1150 "O" Street Greeley, CO 80632 (970) 400-4390 Fax: (970) 352-0242 Confidentiality Notice: This electronic transmission and any attached documents or other writings are intended only for the person or entity to which it is addressed and may contain information that is attorney privileged and confidential, or otherwise protected from disclosure. If you have received this communication in error, please immediately notify sender by return e-mail and destroy the communication. Any disclosure, copying, distribution or the taking of any action concerning the contents of this communication or any attachments by anyone other than the named recipient is strictly prohibited. From: Ryan Rose <rrose@weldgov.com> Sent: Wednesday, February 12, 2020 7:37 AM To: Bruce Barker <bbarker@weldgov.com>; Cheryl Hoffman <choffman@weldgov.com> 1 c206,2A - 5/1 Cc: Don Warden <dwarden@weldgov.com> Subject: FW: Chapter 9 - Updates for your review Bruce, Commissioner Kirkmeyer confirmed she and the other board members are good with the language below. So, we should be good -to -go for our final reading scheduled for 3/9. Thanks, Ryan From: Ryan Rose Sent: Monday, February 10, 2020 1:29 PM To: Barbara Kirkmeyer <bkirkmeyer@weldgov.com> Cc: Bruce Barker <bbarker@weldgov.com> Subject: Chapter 9 - Updates for your review Commissioner Kirkmeyer, Bruce, Don and I have reviewed and we believe this captures our quick work session discussion from this morning. Would you please review and provide feedback. If you're OK with the changes, we will incorporate into the 3rd and final reading on 2/24. Thank you! C. This policy does not apply to Weld County Criminal Justice Agency personnel in the scope and course of their work for and on behalf of a Weld County Criminal Justice Agency only when accessing Criminal Justice Information (CJI) as defined by the Criminal Justice Information Services (CJIS) security policy. Weld County Criminal Justice Agency personnel in these particular instances must instead adhere to the Agency's Criminal Justice Information Services Security Policy. The term "Criminal Justice Agency" is defined in Section 24-72-302(3), C.R.S. Ryan Rose Chief Information Officer Weld County Information Technology 1401 North 17th Avenue Greeley, CO 80634 970-400-2550 Confidentiality Notice: This electronic transmission and any attached documents or other writings are intended only for the person or entity to which it is addressed and may contain information that is attorney privileged and confidential, or otherwise protected from disclosure. If you have received this communication in error, please immediately notify sender by return e-mail and destroy the communication. Any disclosure, copying, distribution or the taking of any action concerning the contents of this communication or any attachments by anyone other than the named recipient is strictly prohibited. 2 CHAPTER 9 - Information Technol}gyu Footnotes: (1) --- or's note— Weld County Code Ordinance 2018-06 , adopted August 1.3, 2018, amenced ch to read as herein set out. ARTICLE I - Weld County Footnotes: c ormerly, such chapter pertainec to information services. nr rmatuon Technology Acceptable Use Policyul O( Editors ,gate— Weld County Code Ordinance 2018-06 i eoea►ed the former Art. 1, §§ 9-1-10 9 - o -90, and enacted a new Art. 1 as set out herein. The former Art. I pertained to information technology. See the Disposition of Ordinances Table for complete derivation. Sec. 9-1-10. - General provisi ns. A. The Information Technology Acceptable Use Policy is to be followed by ALL employees (full time, part time, seasonal, temporary, interns), elected officials, contractors, vendors, and other authorized individuals ("Users") who utilize any information technology (IT), electronic, or other communication device owned and provided by Weld County, or who are granted access to any Local Area Networks and/or Wide Area Networks or other technology services maintained and provided by Weld County. B. This policy applies to any activity performed from a County -owned computing device or personally owned computing device that is connected to, or 1as access to, the County computing network. Additional policies related to information technology must be approved by Information Technology and the Board of County Commissioners, based on internal business needs. C. This policy does not apply to any County -owned computing device or personally owned computing device that is connected to, or has access to, the County computing network and used by Weld County Criminal Justice Agency personnel in the scope and course of their work for a Weld County Criminal Justice Agency. The term "Criminal Justice Agency" is defined in Section 24-72-302(3), C.R.S. Responding to security incidents. All security incidents shall be reported to the Information Technology Technical Support Center for immediate review and response. Information Technology employees will follow the Computer Incident Response Plan to address any IT security related events. ANY USER FOUND VILATING THIS POLICY MAY FACE SANCTIONS WHICH SHALL INCLUDE, BUT ARE NOT LIMITED TO, DISC DLINARY ACTION BASED ON PROVISI ONS OF HUMAN RESOURCE RULLLS, DEVICE REVOCATION OR SERVICE ACCESS TERMINATI1N, AND/OR LEGAL ACTION. (W&d County Code Ordinance 2018-06) Sec. 9-1-20. wnership of devices and services. A. All IT and communication devices and services, including, but not limited to, computers, peripherals, cell phones, pagers, software, files, e-mail messages, internet activity logs, remote access, and any other data or records stored on devices or other media provided by Weld County regardless of their 2020-02561 physical location, or the form in which they are maintained, are considered property of Weld County and are owned exclusively by Weld County. B. USERS HAVE NO EXPECTATION OF PRIVACY WHEN USING ANY INFORMATION TECHNOLOGY OR COMMUNICATION DEVICE, SERVICE, SYSTEM, NETWORK, FILE, OR ANY OTHER DATA OWNED BY WELD COUNTY. The County, as directed by the Board of County Commissioners, reserves the right to access, review, delete, and/or disclose any files, records, e- mail messages, or other data without notice to, or authorization from, a User, and to seize any IT or communication devices provided by Weld County. This right continues after the User ceases to have access to a device or service provided by Weld County. (Weld County Code Ordinance 2018-06) Sec. 9-1-30. - Organizations affected. A. The scope of this policy defines the obligations of Users, as defined in Section 9-1-10, in using County Information Technology resources owned, managed, supported, maintained or operated by Weld County Information Technology. While this policy contains specific information regarding expected use of Weld IT resources, Users must follow and stay current on all additional requirements stated in Weld County Cyber-Security guidelines and standard operating procedures which are available on the County Intranet. (Weld County Code Ordinance 2018-06) Sec. 94-40. - Authorized County network access. A. Authorized access to the County network for new Users must be approved by the department head, elected official, or designated person in the department. Requests for new employee security, or changes to existing security, must be submitted using the online IT Security Request Form. 1. All documentation authorizing User access to controlled computing and information resources must be archived and retrievable upon request for all accounts. Requests will be retained for a period of seven (7) years. 2. Login passwords must meet the County required standard as set forth in Section 9-1-50. 3. Generic and shared accounts are strictly prohibited. All User IDs must uniquely identify Users to the system, unless specified by the Chief Information Officer and/or the IT Security Manager. B. All IT security requests for user terminations within the County's operations must be submitted to the Department of Human Resources who will then coordinate with Information Technology. Upon the termination of an employee, the employee's access to all accounts, including remote access and e- mail, will be immediately suspended. All devices must be gathered and returned to IT immediately. The department head or elected official must coordinate with Human Resources, IT, and Legal Counsel prior to destruction or reassignment of any hardware, device, or electronic information. (Weld County Code Ordinance 2018-06) Sec. 94-50. - Guidelines. A. Responding to security incidents. All security incidents shall be reported to the Information Technology Technical Support Center for immediate review and response. Information Technology employees will follow the Computer Incident Response Plan to address any IT security related events. B. Responding to violations. All Users must play an active role in helping to assure the security and quality of all County applications by reporting any violations of this policy. In doing so, Users help to assure the optimum performance and availability of County systems. C. User obligation to report security and policy violations. Any User who observes violations of the IT Acceptable Use Policy should report the violation to his or her supervisor or Information Technology. D. User responsibility. The security, protection, and integrity of County information assets are the responsibility of all Users. It is each User's responsibility to fully understand the information security policies contained in this Article and to apply these policies effectively to his or her daily practices and routines. E Manager responsibility. It is the responsibility of all managers to ensure all Users under their supervision fully understand and follow these information security policies. Managers are responsible for keeping their Users informed on any changes regarding these policies. Should any User consistently not adhere to County policy, the manager shall take appropriate remedial steps. It is the responsibility of all managers to ensure all information assets under their purview are secured and managed to ensure compliance with relevant policies and procedures. F. Use of information systems and resources. Any User who is allowed to use County computing systems to perform the necessary functions identified with his or her position must not misuse or abuse computing systems and resources. G. Compliance with software copyrights and licenses. All Users must comply with, and respect, the copyright laws and license agreements of the software licensed to the County for use on business computing systems. 1. Use of illegal software. Users must not download and/or install pirated or illegal software or software that violates existing copyright or license agreements. 2. Use of nonapproved software. The County strictly forbids the downloading or installation of non - County -owned, non -County -licensed, or other unapproved software on County computing systems without prior consent from Information Technology. Applications which are no cost and do not threaten security of the computing system may be installed unless IT objects. H. Acceptable use of passwords. Each password owner is required to safeguard and protect each password he or she has created or that is entrusted to him or her. Password sharing and account sharing is strictly prohibited. Writing down passwords is not an acceptable practice. I. Security of the computer through locking practices and mechanisms. All Users of a computing system must either lock the computing device, or logoff the system, when away from a computer device for any length of time. J HIPAA systems. Computing systems covered by HIPAA must employ the use of a locking screensaver or similar mechanism to automatically enable after a minimum usage lapse of five (5) minutes. All other County systems will be fifteen (15) minutes, unless specified by Information Technology. K. Transmission of sensitive information over unsecured networks. Users must not send sensitive information over unsecured networks without the use of encryption technologies to secure the transmission. Such examples would be, but are not limited to: 1 Sending credit card information over the Internet. 2. Sending confidential business information over unsecured, non -County networks. 3. Sending information via e-mail without applying the appropriate security protocols. Any questions about whether information should be encrypted or secured should be referred to Information Technology. L. Tampering with security mechanisms. All County computing systems are equipped with security mechanisms to protect the information and resources of each system. Users shall not tamper with, reconfigure or disable such mechanisms. Such mechanisms would include, but not be limited to, anti -virus software, encryption and access controls. M. Prohibited Activity. The following are prohibited: 1. Introduction of malicious programs into the network or server (e.g. viruses, worms, Trojan horses, e-mail phishing, etc.). 2. Circumventing User authentication or security of any host, network or account. 3. Introducing honeypots, honeynets, or similar technology on the network is prohibited. 4. Providing access to another individual, either deliberately, or through failure, to secure access. 5. Accessing a server or an administrative account for any purpose other than conducting County business, even with authorized access. N. Illegal access of computer systems. County computing systems must not be used to obtain illegal access to computer systems, to interfere with the normal operations of computer systems, or to perform malicious acts against a computer system. O. Unauthorized testing of computing system security. Users shall never test the security of computer systems, whether physical or logic based, without written permission from the Information Technology Security Manager and the senior management of both the facility from where the test is being launched, and the facility where the system resides. P. Disclosure of Attorney -Client privilege information. Users must never disclose information that could be considered classified or proprietary to unauthorized persons. Q. Disclosure of classified information. Users must never disclose information that could be considered sensitive, classified, or proprietary to unauthorized persons. R. Use of system. Data is intended to be accessed, used, and shared only to the extent that it is authorized and necessary to fulfill a User's assigned job duties. S. System changes. Any software that allows configuration changes to networks, computers and other hardware or software, should only be installed by members of Information Technology. T. Workstation reallocation. Information Technology is responsible for maintaining all computing hardware on the County network. A User may not remove or retain hardware or software without County IT permission. The procedure for the reallocation of a workstation is as follows: 1. Remove PC from location. 2. Re -format hard drive and re -image for new User. 3. Redeploy to new location. U. Security breaches and disruptions of network communication. Security breaches include, but are not limited to accessing data of which the employee is not an intended recipient, or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular assigned duties. Disruption includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service, and forged routing information for malicious purposes. V. Use of e-mail systems and resources. Users with legitimate business needs for a County e-mail account may have the use of the County e-mail system. Such usage is for enhancing productivity and communication. Users shall not misuse or abuse e-mail systems and resources. 1. Electronic mail (e-mail) is defined as any message that is transmitted electronically between two (2) or more computers or terminals, whether stored digitally or converted to hard (paper) copy. 2. Under Part 2, Article 72, Title 24, C.R.S., e-mail messages may be considered public record and may be subject to public inspection. Users must be aware of the potential public release of their emails. All computer -related information, including e-mail messages and/or digitally stored documents, are the property of the County and are considered the County's records, even if the information resides on privately owned devices. County e-mail should remain within the County e-mail system until archived or deleted. 3. E-mail messages that concern policies, decision -making, specific case files, contracts or other information that should be kept as part of the official records of County business, shall be retained within the County's e-mail archiving system by the recipients of such e-mail. 4. E-mail messages will be automatically deleted by the e-mail system on the 90th day following receipt, unless stored within the County's e-mail archiving system. 5. The Board of County Commissioners retain ultimate authority over all electronically and digitally stored e -mails, except for emails containing criminal justice information. 6. For purposes of open records requests, either the department head or designated data/records steward is the custodian. Information Technology will assist in retrieving any data and information. 7. Users must cooperate in the preservation and retention of any hardware, information, or documentation related to potential litigation. This includes maintaining any hardware, e-mail, electronic files or other information. 8. As with any County property or equipment, e-mail is intended to be used for official County business only. Strictly forbidden e-mail usage includes transmission of political messages, solicitation of funds for political or other purposes, or sending of harassing messages. a. Users must refrain from sending e-mail messages that are considered lewd, offensive or harassing. b. Users must not participate in sending, forwarding or responding to e -mails that are of a disruptive or coercive nature; such as, the distribution of spam or chain letters. c. The County identifies passwords as highly sensitive information. Account owners shall never divulge their e-mail account passwords and login information. 9. Users must never share e-mail accounts. 10 E-mail is County property. The County has the right to inspect and review any e-mail or other data stored on County computers and equipment or on privately owned devices if used for County business. Additionally, County officials may inspect and copy e-mail and computer records when there are indications of impropriety by a User, when substantive information must be located and no other means are readily available, or when necessary for conducting County business. Supervisors may review the contents of an employee's electronic mail, without the employee's consent, with the approval of the Department Head, the Director of Human Resources and/or County Legal Counsel. W. Use of Internet systems and resources. Users shall not misuse or abuse County Internet resources, which could result in disciplinary action by the County. 1. Acceptable Internet connectivity. Users access to the Internet is intended for County business, through authorized County gateways. 2. Personal use of Internet connectivity. Use of County computing resources to access the Internet is intended for legitimate County business purposes only. 3. Affiliation with the County. Users may make public their affiliation with the County in work - related mailing lists and other work -related communication resources on the Internet. 4. Inappropriate use of Internet resources. Users initiating or participating in communications of an inappropriate nature, or in an unprofessional way are strictly prohibited. Users must refrain from the use of lewd, offensive or hostile language when communicating using County resources. Likewise, all Internet messages that are intended to harass, annoy or alarm persons are prohibited. 5. Inappropriate use of Internet resources for illegal access. Users are strictly prohibited from contacting or probing information systems with the intent to gain unauthorized access. Users must not attempt to disrupt, or interfere with, the operation or function of any information systems. X. Use of networked systems and network related resources. Users must not misuse or abuse networked systems and network related resources. This could result in disciplinary action by the County, pursuant to Chapter 3 of the Weld County Code. 1. Disregard for security mechanisms. Users must not attempt to bypass security mechanisms. 2. Use of encryption for highly sensitive information. It is the responsibility of all Users to take the necessary precautions to encrypt highly sensitive information. 3. Network privacy. All communications using County resources may be monitored for statistical, legal and investigative purposes. Users should expect no right of privacy to communications made using County equipment and resources. The County retains the right to preserve, catalogue, and distribute any County -owned information or resource. Y. Use of remote access (VPN). Remote access into County networks is only permissible through an Information Technology -administered VPN (Virtual Private Network) solution. 7. Compliance with software licenses. Each department is responsible to ensure that all software licenses are complied with. (Weld County Code Ordinance 2018-06) Sec. 9-1-55. - Password policy. A. All passwords must conform to the requirements described below. This includes County -owned systems that are managed outside of IT, as well as IT -managed systems. Any User found to have violated this policy may be subject to disciplinary action, pursuant to Chapter 3 of the Weld County Code 1. Password Creation Requirements. a. Must be a minimum of nine (9) characters in length. b. Must possess a minimum of three (3) of these four (4) characteristics: 1) One lower case letter. 2) One upper case letter. 3) One number. 4) One special character. 2. Password must be changed every 90 days. (Weld County Code Ordinance 2018-06) Sec. 9-1-60. - County network and Internet security. A. Access to inappropriate and malicious websites for Users is prohibited. B. The Board of County Commissioners is the only authority that can approve changes to the default filter restrictions applied to Users Internet access. C. All remote access must follow the guidelines of the Acceptable Use Policy. D. Users shall not access malicious websites, files or other potentially malicious content. Such activity is a direct violation of this policy and may result in disciplinary action. (Weld County Code Ordinance 2018-06) Sec. 9-1-70. - Physical and environmental security policy. A. Internal security operations. All County facilities must be secured, as appropriate, to prevent unauthorized access to County information computing systems, resources and networks, including the wireless network. 1. All information technology equipment must be purchased by Information Technology. (See Section 9-9-10.) a. Only County devices with approved wireless adaptors are allowed on the wireless network. b. Approved devices will be configured by Information Technology for secure access to the County wireless network. c. Guest wireless access is permissible in certain areas of the County wireless network. Guest wireless is restricted to web browsing only and is provided on a limited basis. d. All policies and procedures for accessing the County network apply for wireless access. B. Computing in public and untrusted zones. The County operates several computing systems. There are computing systems in public access areas. There are also computing systems within the County jail for inmate use. C. Public computing systems. The County operates several public access computers which are available for use by the public, within County facilities. These systems, due to the uncontrolled nature of their use, must be segregated to an isolated or physically separate segment of the County network. All access to internal County resources must be tightly controlled and limited, to prevent any misuse of these systems. Auditing must be enabled on these systems. Inmate computing systems. The County provides several computers for the use of inmates within the County jail. Due to the uncontrolled use of these systems, all inmate computing systems must only maintain a minimal set of computer resources to prevent abuse of such systems and resources. This would include: 1 Computers must not maintain any unnecessary ports or peripherals, including a CD-ROM drive, floppy drive, serial ports, USB ports, modems or other nonessential interfaces. 2. Computers must not have access to other computing systems or servers, except to accomplish the specific purpose for the inmate computing systems. 3. Computers must not have Internet access. 4. Network access must be segregated from the other County network segments. E. Security zones. Specified areas within a facility that are designated as performing critical functions, or that contain sensitive information or systems, must make use of security mechanisms and procedures. These zones must be isolated by security controls of reduced permission from the general facility population. Permission must be based on the need to physically access the area for a job function. Such security zones would include server rooms and the communications closets. Access to these areas is controlled by the Department of Buildings and Grounds, in conjunction with Information Technology. Information Technology monitors all access. Access is limited to the following Information Technology employees via proximity card security: 1. Chief Information Officer. 2. Information Technology Security Manager. 3. Technical Director. 4. System Administrators. 5. Network Specialist. 6. Vendors working with Information Technology who require access to server rooms will be escorted by one (1) of the above authorized employees and will be required to sign and date the access log located outside of the secured area. F. Equipment security. All information -computing equipment, and any information contained or processed by the equipment, must be reasonably protected from damage, interruption and interception. G. Secure disposal of computing equipment. All County computing equipment, including phones, and peripherals, must be disposed of securely by IT personnel to prevent unauthorized access to any residual company information. 1. Hard drives. Prior to the disposal of any hard drive or disk drive, the device must either be physically destroyed or formatted to current Department of Defense standards. This is to be performed only by Information Technology. 2. Optical media. Prior to the disposal of any optical media, such as CD-ROMs or DVDs, these devices must be physically destroyed. This may be accomplished using shredding or incineration. 3. RAM. Prior to disposal, all Random -Access Memory modules must be destroyed. This includes all memory devices; such as, memory from computers, memory from printers and FAX machines, or other memory devices. This is to be performed only by Information Technology. 4. Secure disposal of computing equipment. All County computing equipment, including phones and peripherals, must be disposed of securely by IT personnel to prevent unauthorized access to any residual company information. H. Data security and protection guidelines. 1. Information Technology is responsible for ensuring that all County data on the network is backed up. 2. Backup retention is as follows: a. Incremental daily backups: one (1) week on site. b. Weekly full backups: one (1) month on site. c. Monthly full backups: one (1) year. d. Annual full backups: seven (7) years. 3. Backup storage will be as follows: a. Weekly and monthly backups will be retained on site up to three (3) months. b. All other monthly and annual backups will be stored off site. 4. For any major changes to a server or application, a full backup is run prior to changes being completed. (Weld County Code Ordinance 2018-06) Sec. 9-1-80. - Definitions. A. LAN - A Local Area Network (LAN) is a computer network within a small geographical area such as a home, school, computer laboratory, office building or group of buildings. A LAN is composed of inter -connected workstations and personal computers which are each capable of accessing and sharing data and devices; such as, printers, scanners and data storage devices, anywhere on the LAN. LANs are characterized by higher communication and data transfer rates and the lack of any need for leased communication lines. B. WAN - A Wide Area Network (WAN) is a network that exists over a large-scale geographical area. A WAN connects different smaller networks, including local area networks (LANs). This ensures that computers and Users in one location can communicate with computers and users in other locations. WAN implementation can be done either with the help of the public transmission system or a private network. C. Encryption - the process of converting information or data into a code, especially to prevent unauthorized access. D. Computing device - a unit of hardware, outside or inside the case or housing for the essential computer (processor, memory, and data paths) that can provide input to the essential computer, or of receiving output, or of both. E Computing network - a set of computers connected for sharing resources. The most common resource shared is connection to LAN and WAN. Other shared resources can include a printer, a file server, or database server. F. Honeypot - a computer security mechanism set to detect, deflect, or in some manner, counteract attempts at unauthorized use of computing networks. Generally, a honeypot consists of data which appears to be a legitimate part of the site, but is isolated and monitored, and that seems to contain information, or a resource of value to attackers, who are then blocked. G. Phishing - the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information; such as, passwords and credit card numbers. H. Security incident - An information security incident is a suspected, attempted, successful, or imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of information, interference with information technology operations, or significant violation of responsible use policy. (Weld County Code Ordinance 2018-06) participation. information services governance structure. or statutory activities of a County uires unit ue contra methods that wou A E. The Information Services Governance Committee is responsible to the Board of County headed. Having formulated an overall icture, the Governance Committee must then translate the agency. Governance Committee is the focal point for the prioritization process, both of the activities that will arise in other contexts. In addition, the yes the allocation of resources within Information Services, serving frnrn f Sec. 9-2-20. - Purpose and structure. I C. _ The Governance Commi services resources. Corn areas. Sec. 9 2 30. Rom e of the information es within their specific annual priorities. needs. part of Informa a i r proposals to meet the county's information processin 9 part of the budget process subject to adjustment sc h-ed-u es. other info;r systems utilization issues. 0 A. The Governance The voting members include an e ected officia 3. Enforce Governance Committee rules. ba:e ant s m -u a:e c IScUssion-s a nsure min-udes are :a-cen a: eaci mee or c apartment nance Commi ng- ieac (eit tier ee issues. Administration. Sec. 9 2 500 - Voting. designee is entitled to vote. Each member, or his or her exchange of ideas anc Sec. 9 260. Meetings. G. _ t information may ta<e finalized and distributed before each meeting. (Weld County Code Ordinance 2005 13) p ace among everyone procedures. group on the Governance Committee wi oresen-t t priorities to the Governance Committee, whic co-nsi-derat-inn du -ring the budget process. present, out recisions and its approval the procedures to be fo-r m with County I activities of the Governance Committee and to ensure that every department has a voice in annual basis, ad 1 mmittees are to: . Identify information systems needs with each member aeoartmen-t anc o-ri-o-ri-tize t e the bng-range strategic plan. iese needs to 2 Recommend appropriate actions to 6 _ s an County networks and public networks, including but not limited to the following: a. E-mail. b. File transfer (FTP). c. I. H3xx, such as video conferencing. aInternet and Internet Services. b. Internet Service Providers. c. Bulletin board systems. d. County network. O A Sec. 9 3 20. Introduction. A es of such issues are isted be OW. A. The potential to receive computer viruses, Trojans, worms anc spyware from Internet information sources. Internet. ant officials and th liabilities. activities. other Internet users, the connection could be flooded with traffic in protest, thus negatively Requests for new employee secu-ri-ty or ch j to existing security must be submitted using the to hire date and sig- 2 for a period of five (5) years. 3. Requested access must be approved by the owner of the data. or designated person. the system. 2. Sec. 9 3-30. Definitions. ISP means erne!. Sery 7 searches. n • • ce County Code Ordinance 2005 13) Sec. 9-3-l0. Guidelines. ccount. Security request forms are required for unplanned roved by the department head, elected officia research and stan network layer for the TCP/IP Protocol Suite. It is a rov Ina cer. hypertext to . 9 A. ri$a e . -Gi- --h is . All sect .I Y in+� �rd $� ncnnl � Don .- • acts,e A rn y n�i g to e • A repog 2ny continual malfunctions in scn� e re and har m InyIcaAc hc� I.Yp tin su e hre ap n,Qr$ anrJ � il � hi ' nncc c,ec$r�r`nc o-�r9 � 1 " " nom i�, n1, r i Wrca�'�� e for that software . ° continual of recurring malfunctioi�n •r, ,-a-ny—Qo " n$�e ins yst °T-GEWS. , r " to Iris or her su e -c -r • tI� nr ha rd a-re- -T mtanco . 3 . Emo-1 - t n rep e� � -p1eyee who observes the violat; supervisor. C . 6 ncibtlinn- onnrtr ctor5 . It I`� nom' eei il4y • ' r, ' r� nlaarnlli � iI • • Dn orm or not $h I I n, A i I i r�i c la�d�h� r�crhr�' �n hh ,Ie o r-i� �1 � $h a$ ® ' ter$ hic nr hnr m n e a cn �'®- r r"r-c� �rh� � t-rf¢r� " rcinor-�� $ $!^ � i ,e I $ i pIayea's violations of theme I "�" � � $ham$ h or n � � �A� " A" ,r te - h A� I� nna�el��dge n D . Manager r s under $h �icinn �s n araA_i_th $here infnr►-n �$inn " ri$v ra " nc � -� stand d and � � � -�,, r� Manager ar raa� rrnnstb4e �nr I�� r, " _t ,air employees u-p d e-nom GhangAs--re rding these " a ,at e-sponsibility to take cisciplinar ---me , res in acco� { . I .• poll ures . Li is the reap n °;� ��® rc +n � s " en d—i,"r�,mnvm Yat nn � � �� $s under their domain 4re--secured n� m n �ged--i o e to ens " " rte c p� Y-� � h relevant polices and procedures . ation snecessary functions identified with h ^ r her inn , �Y-�r-rte-Y'Y�eYl�f'Y�a,dZC r-. b", " ` ',te put �r+�gr nrd recn" " rncac 1 . comol-i�� , ce with software-c a l pI, oc - 0 the co • businesa- $ing tea_, , 2 . cn of illsarv � l sof$a�A�ar� = �,�® s � " " c$ nn$ rdn �1 � n inc$� ll ad nr ill�g cn$$araA� � . _ . . . j�/ ` ire that vial $mac �" c$" nn e � ; � ar��-v,�n$ • bids the oovvn ng or installation of non " " n$u_Ii�r , i $� , s c e r 4 . "�" a- recd---�r'Y�r protect each —h or she has r t $ i c n `r" " c o -e-'�rrr°�rr--ter er.. Pass-wore i c i ter, i must be written down , the information shall me $ f • •nit i 5. SeGui� b 1 , V A4' " lS V 1 4+t `�d�.O �r� \.a a.Y 1 1 `�F, tiee s \..� V. �'� !a nY O�r` p� `V . / a R� y a rfr " rt�• NA c$n " r c$ ,� nom i ��" "r$ti -r�.@@dam- i n�v minimum usage lapse of five (5) minutes. 6. Transmission of sensitive information over unsecured ne:works. Emplc 7. Tarnpe offensive or disrespectful to others. o r not to to Count' 10. Illegal access of computer systems. County computing systems must n e e system re employe 42. _ drmati•on and resources of each system. Employees are nd e a • 7 from senior other hardware or software should only be installed by members of Information Services. b. Reformat hard drive and re -image for ne4 storage.) c. Redeploy to new location. F. Use of e-mail important that emo oyees not misuse or abuse e-mail systems and resources. 7 4 _ 5 _ 7 by the County. 1. _ ma. t i roug I authorized County gateways. Inappropriate use of Internet resources. Employees initiating or participating in communications frGm are similarly prohibited. r rupt or interfere with the iN • H. Use of networked systems and resorces.I of the Comity are granted access to the important tha4 by the County. 4 jokes. transmitting. the licenses of such software inventoried. 4 _ must remain mec ianisms Employees must not attempt to bypass security he re -Apo -n s+b i t ity of a l l restrictions imposed by the licenses. computing systems is expressly prohibited. disclosure Services is as follows: Dual harassment and hostile work environment contained in Chapter 2 of this Code. I _ C. The role of the County departments and agencies is as follows. It is the responsibility of all managers to: the County policies. Managers are responsible for keeping employees up to date on any I limited to job -specific data. 2. Provide for training of employees who need access. � Ri irlrvcaf fr�r �or�iir�ca �n� �ccnr�i-�torl #r��ninry if noorlc» 1 /1. Establish their own data sensitivity policy. Sec. 9 3 60. Protection of proprietary information. re that the data is processed according to its level of sensitivity by using the definitions and guidelines which J B. Data sensitivity definitions. 1. Confidential data: a. _ directions. Social Services data. obligation of confidentiality. 2. Restricted data: a. Working files not completed for public dissemination. County. c. Personnel data. Data with restricted use or access per local, state or federal laws, rules or regulations, e.g., criminal justice data. 3. Proprietary data: All enterprise -related information requiring baselina security protection, but b. Internal announcements. /I. Unclassified data: Information which requires no security protection: a b. Public a c. sensitive data: Encrypted permissions Marked rnn-frden+ial carrier} High volume Use other alternatives (mail carrier). Restricted Encrypted Table 9n1 Owner defines permissions (Weld County Code Ordinance 2002 12) a Owner defines alternatives (mail carrie-r) classification. Unclassified j 4. _ each modems. The use Sec. 9-3-75. - Phys4ca gusted to them. Password sharing and logon sequences is strictly prohibited. Each e for securing his or her remote access infornn a-nc e nvfron-me red, as appropriate, to prevent unauthorized access to County information computing systems, resources and networks, including the wireless network. must be purchased by nformation Services. (Se -Section 9-1-90. ) b. Only County employees will be given wireless access. c. The Computing Device Request Form (see Appendix 9-D) must be completed and approved by the Governance Committee. nd limited to systems. b. _ lart p information or systems must make use of security oyees via proximity card security: f. Network Specialist. r-11fl4. } interception. at-i-o-n s ca -b1 i-n-g . All electrical power a n d cabling must be reasonably protected from tampering or interception of communications. information. a. _ performed by Info shredding or incineration. Th be completely destroyed. Flopp 7 7 1 7 d. _ chips. This is performed by Information Services. up. 2. Backup retention is as follows: a. ncrementa C ai y bac<ups: one (1) wee c. Monthly full backups: one (1) year. d. Services Complex. completed. Irs n n ua! backups w-i on site. �t i o n , a full backup is run prior to changes being B. General. and which violates the Acceptable Use Policy of any connected networks, beyond informing the County if and when a violation is brought to the attention of the Information Services Dy nd all users are urged to exercise common nternet users, such as Use - et policies. a. Computing resources should be used only for county-rela administrative, in �� e� .o 'a�;ser +c service objectives of the county. 1) An�� traffic th-i violate tale/local aril fedeFal la\A�� 3) Distribution of unsolicited advertising. t) Rropa a$ion of com of i� -r-mrs a—nci�,r �®irs se �� l�ic�ri6�i ��i�n ref r�l�air� lt�t�carc ®Att A- tom e a onaa � 4o izeo- a ntry on tie Co my net�A�r�rk 7) Use for recreational games. 9) Sexually offensive material. 6 the test is being launc function. a. _ c. Users shill resp 9. licensing agr iec disciplinary action i anc the fact ity where t ie he faci stem resides. The on ity from whic'i y exception to ek information about, obtain 6 the Information Services Governance co-mittee. r 1 _ Internet. discussion. It the user is offering his or her own opinion, he or she shall be sure it is clear! identified as such. Y Sec. ¶- 3 90. Web server guidelines. 1 _ 2. 3. _ user. used. 4. Identify the de d contact access must be submitted to the Information Services person within the de 5. Identify the security requirements of the project. projects to be operating in production. 2. _ Information Services will maintain appropriate security levels. oartment for t ells project, w elo will be 7 transferred to the access on the pcc nd tested on a production Web server. Only Information Services will have deve efficial Weld County Website. Code Ordinance 2007 12) Sec. 9-3-100. Use of electronic mail. opment sponsor, fund or allow links to the Weld County website for or more computers or terminals, whether stored digitally or converted to hard (paper) copy. Under Part 2, public inspection, pursuant to Section 24 C a B _ G. _ threatening messages. E. course of County business. Information information must be I A. _ • ►means are readily available, or when necessary for conducting ted for retention in paper files. E-mail Information Services is responsible for monitoring, retrieving and/or Code Ordinance 2005 13) A. Public requests for e-mail that is a public record should be submitted to the elected official or Records Act. If a request is made to ins e _ or dep rent—had prierior t---allowirire i _ — - - -- -=-- is e-mai those records, in acco (Weld County Code Ordinance 2002 12) ARTICLE IV - Geographical Information System Sec. 9-4-10. - Mission. records will be charged for the costs of arovidin g A. The mission of GIS is to provide all County departments and members of the public with the continued planning, development, operation and maintenance of GIS and related functions, as may be assigned by the County. B. This mission is accomplished by playing a leadership role in County -wide strategic planning for GIS systems, user community involvement and innovative uses of technology in meeting the County's GIS needs. GIS works to expand and enhance the quality and quantity of its services and plays a key role in facilitating the County's utilization of GIS technology in order to improve its services to the public at the lowest cost possible. C. GIS will fulfill this mission by organizing in the most effective manner, by staffing with the highest quality professionals, by a continuing outreach program of working with and involving users, by competent and visionary management, by the application of proven methodologies and by a comprehensive understanding of the latest GIS technologies and how they apply to local government functions. 1 addition, GIS provides leadership in the critical review of plans and progress and the assessment of G -IS te-chnolog delivery. and procedure (Weld County Code Ordinan tb Sec. 9 4 3-. are: sfe nsibi ities of GIS Di and effective use of their resources. (Weld County Code Ordinance 2005 13) Sec. 9 4 60. Res 3onSI DI :g ities of ACS Corporation. Based upon recommendations from other participants in GIS manageme nd efficient manner. priorities. departments. E. Approve the funding of the GIS resource G. Ensure that t 1e DO • ides, design, imolomentation and oaeration of the GIS are lega Y C r e y consistent A. Monitor the ov b priorities. C. Review specific GIS E. Monitor budget and time schedules. departments. County. • A. General responsibilities: a and the management from the GIS Division. S. Existing system responsibilities: 1. _ 2. Identify t with GIS. 1 _ lee le need for changes to or replacement of existing GIS functions in conjunction Icien ana e Z. _ GIS for the user department. ec. veuse impacting the department. P el so 'l e A. Address technical issues involved in GIS imps B. Provide a general forum for technology transfer among the various departmental GIS users. Sec. 9-4-110. Specific duties and responsibilities of GIS. resources. in a timely fashion. n B. _ systems. The GIS Adm. i 1. Consultation responsibilities: 4 matters pertaining to GIS management. , served by specific GIS functions. 2. Advisory responsibilities: a. _ County in general. C _ equipment, systems and services. resources. a In conjunction with the Director of Fina systems. i. Maintain and modify G!S functions as necessary. m. A Dply a County -wide perspective area. a communications functions and enhancements to existing q. Control and coordinate the funding to GIS development projects. the overall County GIS strategy. w. Facilitate County -wide sharing of related GIS data. (Weld County Code Ordinance 2005 13) ARTICLE V - GIS Governance Sec. 9 5 10. -Introduction. which clearly represents the elected and appointed officials of the County. Governance is the I I J reviewing technical decisions and providing effective user communication in systems development neighed against those of most agencies within the County. GIS provides services to many elements of the jurisdiction within which it operates. Because it is must receive continual feedback from the user community concerning direction and performance. a 3 3 J tee to any other County function. These contro s must ensure that the best interests of the entire t. D. Proper control of GIS function requires two (2) separate governance levels. On one (1) level, the I function. The second level consists of specific functional subcommittees (Finance and Administration, Criminal Justice, Health and Human Services, Assessor, Planning, Public Works and Clerk and Recorder) responsible for monitoring activitic� a Scc. 9 5 20. Responsibilities. A. The GIS Governance Committee is responsible to the Board of County Commissioners, but Board of County Commissioners, and is responsible for the execution of GIS resource policies. To of County GIS resources is headed. Having form-ulated an overall picture, the Committee must then delineated operational process. This process specifies the roles and functions of the Committee ncerned County agency. arise in o ition, he Commi ion o iose la. wi ier con ex s. n ac c ee accresses ie a oca • serving as a vehicle for reso-lving c fl+cts risi resources one from the overlapping--" (Weld County Code Ordinance 2005 13) A. f P 1. Establishing GIS policies and procedures. 2 _ 0 r evels. First, the (Weld County Code Ordinance 2005 13) the following: and time schedules. ie integral part of the budget process subject to--odfustment H. Recommend new procedures, . es and processes necessary for the operation of GIS in the County. C exchange of ideas ano ssor, Public Works and Clerk and he -responsibilities of the Chairperson are to: 1. Execute Committee decisions. 2. Preside at and call to order Committee meeting- 3. Enforce Committee rules. 9 (Weld County Code Ordinance 2005 13) ttend all meetings is made to all elected officials/department heads. An information may to<e o ace among everyone present, out recisions anc Sec 9-5-70. - Meetings. ,eetings. Governance Committee Chairperson. A. So that every department has a voice in GIS decision -making, each elected official/department head along with those submitted by the other functional groups, into a during the budget process. that information up to the GIS Go' attee (Weld County Code Ordinance 2005 13) making. 1 . Identify GIS needs with each mem and GIS procedures. 6 1 Committee. (Weld County Code Ordinance 2005 13) A. The GIS Technical Users Group is comprised of technical staff from G-ts I _ Committee. D. Membership. 2 Governance Committap to ensu-- 1-h , GIS Administ 4or hall chaff a. Forward Committee decisions to the GIS Governance Committee for action. 4 r a E. Voting. The G erson, he or she shall appoint a temporary Chairperson. positions are su000rted ay whic F. Meetings 2 _ users. e event that a the Chairperson. ARTICLE VI - GIS System Products and Services Sec. 9-6-10. - Definitions. A. Unless the context specifically indicates otherwise, the following general terms, as used in this Chapter, shall have the meanings designated below: 7 1. 1 i if 1 1 information system. Customer means any applicant who executes a contract for GIS products or services, purchases copies of standard system products, custom hard copy system products, digital data, technical assistance or other products and services. Geographical Information System (GIS) means data regarding the location and attributes of property, and infrastructure stored and maintained as part of a computer information system. documents. Other County agencies, departments and appointed and elected offices means all agencies, offices and departments of the County, other than GIS. Participant me Subscrib System means the Geographical Information System (GIS) and such other systems as may from time to time be designated by the Administrator. S. Unless the context specifically indicates otherwise, the following technical terms, as used in this Article, shall have the meanings hereinafter designated. 1 1 7 Standard system products means paper products generated from the system for internal use and for the purpose of meeting requests submitted under Colorado's Open Records Act for copies of system records. (Weld County Code Ordinance 2005-13) pUion of ales and regulations. system. Sec. 9-6-30. System financing. The responsi-bility for annually funding the continued development, operations and maintenanc tern subscribers, customers I ‘asof other participants shall be deposited to a General Fund revenue accoun-t A. _ n participating custodians. provided by the Administrator. rig its to digita data are hereby reserved by t ie county. support of the County. (Weld County Code Ordinance 2005-13) public. E. F offices. general public. (Weld County Codification Ordinance 2000-1) Sec. 9-6-60. - Service products and services. A. Products and services include all standard system (e.g., Colorado Open Records Act products), standard and custom products (e.g. maps, reports and analytical products) generated from system data; nondigital source documents such as aerial photography; regular, ongoing system services including but not limited to licensing and/or subscription to open record products, standard products, custom products and services, digital data and conversion services; and technical assistance. B. The following identify the products and services that are proposed for availability to the public as the GIS system is developed: 1 Subscription services will be made available for GIS products. The decision to provide such subscription services is solely at the discretion of the County. Such service is not required to be provided under the Colorado Open Records Act. 2. Arc Macro Language (AML) products (programs, menus, computer programs, forms and written procedures) developed for the administration of the system may be made available to customers and other County agencies, departments and appointed and elected offices. No maintenance of the products is planned to be furnished by the County. Such products are to be furnished as is, and the decision to release such products is solely at the discretion of the County. Such products are available to customers by license agreement and to other County agencies, departments and appointed and elected offices. It is not intended that custom programs, etc., required for the sole use of the customer will be developed by GIS. 3. Digital data in the form of graphics, annotation and attributes to graphics are available to individuals and other County agencies, departments and appointed and elected offices. The decision to release such data is solely at the discretion of GIS. Digital data is available to customers by license agreement and to other County agencies, departments and appointed and elected offices. C. Complete system data shall be made available only after the conversion and verification of each such type of data has been completed. Because a partial offering of system data is being made before the complete conversion and verification of all system data, the County reserves the right at a later date to withdraw the preliminary offering. D. Access to digital data shall be provided by a nontransferable, nonexclusive license only, and access shall be authorized for internal use of the licensee only. (Weld County Code Ordinance 2005-13) Sec. 9-6-70. - Rates and charges. A. Rates and charges for copies of standard products. A fee shall be collected from customers for copies they are furnished of routinely developed standard system products. The fee shall be the amount the Board of County Commissioners has approved for each standard product. B. Rates and charges for custom products, regular, ongoing system services and technical assistance. 1. access to GIS digital base maps, but this f. 3. The rates to be charged for GIS products, subscription services, AML products and digital data are set forth in the Products and Rate Schedule set out at Appendix 5-F of this Code. 4 5. All charges are due and payable and shall be collected at the time the order for products and services is taken, except as otherwise might be established by contract or license agreement. 6. Pa shipping charge. b. County Clerk and Recorder. c. County Treasurer. h. Department of Public Works. d Environment. (Weld County Codification Ordinance 2000-1; Weld County Code Ordinance 200543) as determined by the Administrator. Sec. 9-6-90. - Review of rates. Resource rates shall be established for different categories of staff, equipment, communications, a review of those -costs having a bearing on resourc Sec. 9-6-100. - Approval of rates. and changes thereto. adjustments thereto. By resolution, the Board of County Commissioners shall establish System rates and charges thereto. Sec. 9-6-120. - System completeness and accuracy. This[JM1] product has been developed solely for internal use only by Weld County. The GIS database, applications, and data in the product is subject to constant change and the accuracy and completeness cannot be and is not guaranteed. The designation of lots or parcels or land uses in the database does not imply that the lots or parcels were legally created or that the land uses comply with applicable State or Local law. UNDER NO CIRCUMSTANCE SHALL ANY PART THE PRODUCT BE USED FOR FINAL DESIGN PURPOSES. WELD COUNTY MAKES NO WARRANTIES OR GUARANTEES, EITHER EXPRESSED OR IMPLIED AS TO THE COMPLETENESS, ACCURACY, OR CORRECTNESS OF SUCH PRODUCT, NOR ACCEPTS ANY LIABILITY, ARISING FROM ANY INCORRECT, INCOMPLETE OR MISLEADING INFORMATION CONTAINED THEREIN.[JM2] determined that A. The System constitut �6�e�ranf is a (for participants). understanding County. produc agre theu S a r I nished any cus oad S communicating such data, information or Droc ucts. (Weld County Code Ordinance 2005-13) Sec. 9-5-15©. Compliance with Open Records Act. 1. Customers requesting to inspect system data shau the a ti -on by any customer at J documents. r 2 No customer s remove origina of au i-c records from the offices of t le Administrator la C sole discretion of the County. 3 the products and services rec uested on a form (Weld County Code Ordinance 2005-13) ores-cri Dec by the Administrator. Further, such 7 aws of the Un-i-tec States; kos it i legal for the .purchaser or ative aro-d-usts, distribute or display such system products without the specific written approval of the County. C. The use of nonstandard products that the County provides requires that customers' use be restricted with updates to the product f E. GIS incorporates data from many sources, incl F my shall not release such proprietary data to the public �e County by the users of the data. County resolution concert g and procedures contained in this Article. FL are and service tides and procedures. (Weld County Code Ordinance 2005-13) C Sec. 9-7 20. - Definitions, 1p Desk remote control software s ses shall have the meanings stated below: ice is being serviced in some fashion. Remote control software means any software used that enables remote workstations (a second workstation. port computer software and hardware. (Weld County Code O to help C the screen of the remote PC wor-.station v a objectives U -n 0 e-ss authorized in writing b ted in Subsection D below). y uplicating information in any manner crime is being planned or committed, the Director of Information Services will be notified anc the matter ref All support staff that have a need to use re �p'e s to tie -a'o B' Yea nYy t e iTrt� roof n fr'0 rrn ton -set- config oration ref t e rad by the Director of Information Services Fie config-t irc�rd to ii e or to allow the r rt _ion is initiates to access another nt-I i icar ref thn &,nriestotinn If tho ®nr'l i Isar user and the support s -t successfully implemented. f -end users must tra a ti -me that the remote control session can be proceeding. # A� I h i e sm of �o r� f eras ire s e s c i r-0 ►°� o a� n, is terminating the remote control session. R��trol SE s -do e 1 staff is t_ _ will be scheduled or employee discipline C later date. C. To avoid--d- ass E actkve. f the po 0-u C C 3 window is closed message. Sec. 9 7-50. Exceptions. Services. oyt �e ene (Weld County Code Ordinance 2001-8) t user, the cem-ote contro , session is terminated 6 ARTICLE VIII - Personal Computing Devices Sec. 9-8-10. - Need for policy. This policy is intended to provide guidance to departments who are utilizing personal computing device technology and to help minimize the risk to business functions and government -owned assets. This policy also extends the County's right to data ownership and its right to review data on computing devices to areas of new technology. (Weld County Code Ordinance 2002-12) The following words, when used herein, shall have the definitions contained below: activities related to County business. PDAs, Palm phones, Smart phones, wearable computers, e-mail devices, etc. hardware. (Weld County Code Ordinance 2002-12) Sec. 9-8-30. - Statement of policy. A. With the growing need for instantaneous communication and data access, the County recognizes the need to incorporate new technology to facilitate business -related functions by allowing personal computing devices to share data or communicate with the County network. Employees using any form of mobile computing or personal computing technology that synchronizes information, transfers information or communicates with the County Government's network infrastructure or data must be knowledgeable of and operate within these guidelines. B. This policy applies to any activity performed from a County -owned asset and to all County employees or contracted agents of the County performing work activities on behalf of the County. Work activities conducted from remote devices or even personally owned devices are subject to this policy. However, this policy does not apply to an employee performing activities solely as a member of the public and without the use of County -owned assets. C. Guidelines. 1. This policy applies to any County -owned device or any personally owned device the owner wants to link to or communicate with the County's network or data. 2. The personal computing device is not considered a secure computing device. Being a small and very mobile device, it has a higher chance of being misplaced or stolen. Under no circumstances should lists of passwords be maintained on a personal computing device, and the password protection feature should be enabled. 3. Data transferred to, created or updated on the personal computing device is not backed up by the County's normal data backup procedures. It is the user's responsibility to ensure a recoverable version of any data that is the property of the County. 4. To be considered for approval of linking or communicating with the County network, the personal computing device must meet County hardware and software standards, as well as wireless standards, established by the Information Services Governance Committee. Requests failing to meet County standards will result in denial of access to the County network. 5. If the device is used to synchronize or communicate with the County network or its data, the County business -related information remains the property of the County. The County reserves the right to inspect the device and its contents at any time and/or request the removal of the data or software. Failure to comply with the request will be in violation of this policy. 6. Even though the personal computing device is a mobile device, by using the device in association with the County network, the employee agrees that the use of the device and its contents is still governed by the County's Internet Acceptable Use Policy. 7. The elected official or department head must ensure there is a justified business need to approve the employee's use of the personal computing device that links with the County network. The elected official or department head is responsible for the type of data that will be contained on the personal computing device. 8. At the end of employment with the County, the County -owned device will be returned to Information Services with any personal information removed. If the employee was using a personally owned device, the employee promises to ensure all County -related information is copied back to the County network and the elected official or department head is informed as to where it is stored on the network. The information and all backups of the information will then be deleted from the personally owned device. 9. All software on County -owned devices must be legally licensed for the device on which it is installed. Requests for new hardware or software (synchronization software or regular application software) may be made through the normal governance approval process. 10. All personally owned devices must be in full operational order prior to requesting the installation of synchronization software on the user's desktop personal computer. 11. If an employee is planning to purchase a personal computing device and wants to synchronize or link it with the County network, it is the employee's responsibility to meet County standards, receive approval from the elected official or department head and confirm any County funding of any additional required hardware and/or synchronization software. Approvals should be obtained prior to any purchase. 12. The County reserves the right to discontinue authorization for linking personal computing devices to the network at any time because of any perceived threat to the stability of the County network infrastructure. In addition, the County may, at any time, require additional and/or different software be used on the desktop or the personal computing device to safeguard the network or to maintain compatibility with other applications. 13. For an employee to synchronize or link personal computing devices with the County network, the user and personal computing device must be registered as a user with Information Services. 14. The County does not guarantee continued compatibility with any hardware device or software being utilized in this environment and is not liable for personal expenses incurred. 15. The County or Information Services is not responsible for any damage to personally owned hardware or software that may be incurred while supporting the personal computing device or related software. 16. Abuse of this policy can result in removal of authorization to have a personal computing device link or communicate with the County network. Continued abuse of this policy could lead to employee disciplinary actions, including termination of employment. B. Any County employee wishing to synch-ronize a pers official or 1. The requesting user must be an authorized user of the County network. 2 Governance Committee. The requesting user m-ust sign the Personal Computing Device Request Form explaining the Information S g -D.) V I 9 equipment. Prior to any ourciase, tie recuesting department siou c ootain nformation Services approval on any digital device that will link or communicate with personal computers or the nformation Services will ensure compatibiFity with existing standards and b. The r approved. to or ensure that it is copied back to his or her computing devices and ou The authority to approve exceptions to this Policy is delega (Weld County Code Ordinance 2002-12) ARTICLE IX - Information Technology Procurement Policy Sec. 9-9-10. - Purpose. The purpose of this policy is to promote good management practices with regard to information technology resources ("IT Resource" or "IT Resources") and investment in technology. This policy provides the requirements and guidelines necessary for the procurement of electronic hardware, software and services (collectively referred to as "IT Resources") within the County. It is imperative that the assessment and procurement of IT Resources be coordinated through the Weld County Information Technology Department ("Weld IT"). The goal of this coordination would be to validate any IT Resource brought into the County to meet the following criteria: A. The hardware or software requested meets the minimum specifications for use within the County. B. The hardware or software requested would not provide a security risk to the customers, their clients or the County as a whole. C. The hardware or software requested would be able to be supported by Weld IT or a support agreement is included as part of the procurement. The procurement of IT Resources must be coordinated and managed to obtain the benefits of scale, interoperability and interchangeability to promote maximum benefits and returns on investments in Weld IT. (Weld County Code Ordinance 2014-9 ) Sec. 9-9-20. - Requirements for purchases of IT Resources. All requests to purchase IT Resources will be reviewed by Weld IT prior to purchase. The purpose of this review is to accomplish the following tasks: A. To verify that the IT Resource meets current standards within the County. If it does not, a justification, provided by the requesting entity will be needed to weigh the merits of brining non - supported IT Resources into the County. B. To verify that current IT Resources will be able to support the purchased item or that a support component is included in the procurement. C. To ensure that all contracts, purchases or renewals of IT Resources are approved by Weld IT. D. If the request is from an entity outside of Weld IT, then Weld IT will complete the review of the procurement request and submit a recommendation of approval or denial to the requesting entity. If approved, the requesting entity will send written authorization to Weld IT to proceed with the order. Any denial by the Weld IT Director may be appealed to the Board of County Commissioners pursuant to the procedures set forth in Section 2-4-10 of this Code. E. In addition to an approval or denial, Weld IT may provide recommendations to the requesting entity that may provide additional benefit to them during the procurement process. Such things as brand reviews, applicable use elsewhere in County government and cost comparisons are examples of the possible recommendations that could be sent back to the requesting entity. F. For the purchase of IT Resources for the Weld County Public Safety IT function, the Director of Communications Public Safety shall independently perform the above review and, where appropriate, coordinate with the Weld IT Director. (Weld County Code Ordinance 2014-9) Sec. 9-9-30. - Weld IT purchasing functions. Weld IT shall perform the purchasing function for the County for all IT Resources by performing the following tasks: A. Represent the County to vendors of computer and data communications equipment, systems and services. B. Provide for the acquisition and administration of personnel, hardware, software, contracts and related services necessary to support the Weld IT requirements of any user or the County in general. C. Design, development or requisition of the same, for all computer systems. D. Provide a centralized clearing house for all computer hardware, software and service acquisition and purchases. E. For the purchase of IT Resources for the Weld County Public Safety IT function, the Director of Communications Public Safety shall independently perform the above functions and, where appropriate, coordinate with the Weld IT Director. (Weld County Code Ordinance 2014-9) Sec. 9-9-40. - Procedures for purchasing IT Resources. All purchases made by Weld IT will follow the procedures in the purchasing policy outlined in Chapter 5, Article IV of this Code; however, the following also applies: A. Given a unique and limited number of vendors for certain software and other IT -related products, Weld IT shall develop requests for proposals (RFPs) from user requirements and send them to known vendors who provide such solutions. Weld IT should consider the use of the Rocky Mountain E -Purchasing application when it is in the best interest of the County. B. Recommendations for purchase of IT Resources must be presented to the Board of County Commissioners for approval. C. Annual requests for hardware, such as PC and laptop replacements, must go through a bid process. A request for quote must include hardware specifications and verbiage so that the quote may be used throughout the year approved. Vendor responses must be presented to the Board of County Commissioners for selection and approval. D. For the purchase of IT Resources for the Weld County Public Safety IT function, the Director of Communications Public Safety shall independently follow the same procedures and, where appropriate, coordinate with the Weld IT Director. E. The Board of County Commissioners has delegated to the Weld IT Director the authority to sign on behalf of the County any IT license agreements or IT maintenance agreements under the amount established by Appendix 5-L of this Code. F. Weld IT shall use Weld County Purchasing for all non -IT Resource purchases, such as furniture, office supplies, etc. G. All IT Resources must be disposed of in accordance with the County surplus property policy and procedures set forth in Section 5-4-160 of this Code after IT approval is obtained to ensure appropriate removal of any data contained on the device. This includes IT Resources to be traded or returned at the time of a new equipment purchase. (Weld County Code Ordinance 2014-9) • Accounting Finance Human Resources Communications Coroner District Attorney Office of Emergency Management Sheriff Social Services Extension Paramedic Services PROPERTY: Assessor Public Works Treasurer CLERK AND► RECORDER: Motor Vehicle Recording Elections APPENDIX 9-B COMPUTER SECURITY REQUEST 'w• -Y11 ion bp ado,. Moira +I-n.w--f.—' •14 Nl —r', vs w •• ...ma le al COMPUTER `EC ITY REQUEST (Please Print) Requestor: Dept: NEW EMPLOYEE U EMPLOYEE TERMINATION U Extension: CHANGE ❑ Date: Save the HOME DIRECTORY of this user to: Users Name: 1 Extension: Dept: Provide access similar to (name of employee) ACCESS NOTE E -Mail Account , ❑ Internet — Web Filter ❑ Wvebsense Banner Contact Barb Eurich — x4445 PepleSof`t ❑ Contact Barb Eurich -- x4445 KRIS O C & R Signature ' VPN — Add U Delete E , User must have broadband at remote location GI0I e — Assessor Clerk Other Li to the Board v U L oil e ices r ❑ State Cats User General Name - Qualifier - Special instructions: (Specify any additional application security. Department Head security must be obtained to access department owned applications.) Department Head Approval: Date: Technical Director Approval: Date: Implemented by: Date: O Accounting General Services Board of County Commissioners Clerk to the Board County Attorney Finance Human Resources Coroner District Attorney Office of Emergency Management Sheriff Public Health and Environment Human Services Social Services Extension Paramedic Services ASSESSOR: Assessor Treasurer Motor Vehicle Recording Elections Road and Bridge Engineering PLANNING: Planning and Zoning Building Inspection By signing below, I acknowledge that I have reviewed Weld County's "Computing Device Request ,Form". I understand that it is my responsibility to adhere to the established policies and practices for authorization to communicate, link, synchronize, copy, or transfer data between my personal computing device and any device linked to the Weld County network, All devices must meet stated Weld County standards. Employee must obtain the department head or elected official approval. Employee Name: Department Name: rovide information on the Computing Device you will be using; Device Manufacturer: Device Make & Model: Device Serial Number: Device Operating System: (Include Version#) (must be a version of either Palm OS or Windows CE) Device owned by (circle one): Weld County or Weld Employee Employee's Signature: Date: Director's Signature: (RequestingDepartment's Authorizing Signa'ure) Date: Note: Synchronization software must be legally licensed by wield County. If required, the requesting department is responsible for obtaining funding approval and requesting Information Services to purchase the necessary software. Approved by: Director: (Information Services Department) Date: This document is not intended as an express or implied employment contract between Weld County and any of its employees. STATUS Blocked ' /ebsense Internet Filter Removal Request CATEGORY - (ACCESS 1 Select access by entire category or by subcategory Abortion - Sites with neutral or balanced presentation of the issue. r-� Pro-Choice -- Sites that provide information about or are sponsored by organizations that support legal abortion or that offer • support or encouragement to those seeking the procedure. Pro -Life - Sites that provide information about or are sponsored by organizations that oppose legal abortion or that seek increased restriction of abortion. niazzattawnsroamessecourr Blocked lAdult Material - Parent category that contains the categories: Adult Content, Lingerie and Swimsuit, Nudity, Sex, Sex Education 'ttlt Adult Content -- Sites that display full or partial nudity in a sexual context, but not sexual activity; erotica; sexual paraphernalia; sex-orienied businesses as clubs, nightclubs, escort services; and sites supporting online purchase of such goods and services. Lingerie and Swimsuit -- Sites that offer images of models in suggestive but not lewd costume, with serninudity permitted. Includes classic 'cheese -cake,' calendar, and pinup art and photography. includes also sites offering lingerie or swimwear for sale. Nudity -- Sites that offer depictions of nude or seminude human forms, singly or in groups, not overtly sexual in intent or effect Sox -- Sites that depict OF graphically describe sexual acts or activity, including exhibitionism: also sites offering direct links to such sites. Sex Education -- Sites that offer information about sex and sexuality, with no pornographic intent. Blocked Open Advocacy Groups - Sites that promote change or reform in public policy, public opinion, social practice e activities 1 1 economic activ arid relationships. ----Acr—r-ugbsosancmr:c=oteJ 'Business and Economy - Sites sponsored by or devoted to business firms, business associations, h,di..rtry yrvups, of business in general. Financial Data and Services -- Sites that offer news and quotations on stocks, bonds, and other investment vehicles, investment advice, but not online trading. Includes banks, credit unions, credit cards, and insurance, Blocked Drugs - Parent category that contains the categories: Abused Drugs, Prescribed Medications, Marijuana, Supplements/Unregulated Compounds Abused Drugs -- Sites that promote or provide information about the use of prohibited drugs, except marijuana, or the abuse or unsanctioned use- of controlled or regulated drugs; also, paraphernalia associated with such use or abuse. Marijuana -- Sites that provide information about or promote the cultivation, preparation, or use of marijuana. Prescribed Medications -- Sites that provide information about approved drugs and their medical use. Supplements and unregulated Compounds -- Sites that provide information about or promote the sale or use of chemicals not regulated by the FDA (such as naturally occurring compounds). Filtered P t !Education - Parent category that contains the categories: Cultural Institutions, Educational Institutions, 'Educational Materials 4111P43$0=074:111PSCIS00104.0 Cultural institutions — Sites sponsored by museums, galleries, theatres (but not movie theatres), libraries, and similar institutions; also, sites whose purpose is the display of artworks. Educational institutions-- Sites sponsored by schools and other educational facilities, by non-academic research institutions, or that relate to educational events and activities. Educational Materials — Sites that provide Information about or that sell or provide curriculum materials or direct instruction; also, learned journals and similar publications. 'Reference Materials - Sites that offer reference -shelf content such as atlases, dictionaries, encyclopedias, formularies, white land yellow pages, and public statistical data. r - - Filtered Entertainment - Sites that provide information about or promote motion pictures, non -news radio and television, books, humor, and magazines. l- MP3 -- Sites that support downloading of MP3 or other sound files or that serve as directories of such sites. X Websense Internet Ffl₹er Removal Regs'c Gambling - Sites that provide information about or promote gambling or support online gambling, involving a risk of losing money. Games - Sites that provide infonitaiion about or promote electronic games, video games, computer games, role-playing games, or online games. Includes sweepstakes and giveaways. vNuY..,. Government - Sites sponsored by branches, bureaus, or agencies of any level of government, except fo: the armed forces. Military -- Sites sponsored by branches or agencies of the armed services. Political Organizations -- Sites sponsored by or providing information about political parties and Interest groups focused elections or legislation. Blocked Filtered Health e Sites that provide Information or advice on personal health or medical services, procedures, or devices, but not drugs. Includes self-help groups. OttlYNIXer _ Slacked illegal or Questionable - Sites that provide instruction in or promote nonviolent crime or unethical or dishonest behavior or the avoidance of prosecution therefor. - Asc.m.xw. Information Technology s Sites sponsored by or providing Information about computers, software, the Filtered Internet, and related business firms, including sites supporting the sale of hardware, software, peripherals, and services. [Computer Security — Sites that provide information about or free downloadable tools for computer security. Hacking -- Sites that provide information about or promote illegal or questionable access to or use of computer or communication equipment, software, or databases. Proxy Avoidance-- Sites that provide information about how to bypass proxy server features or to gain access to URLs in any way that bypasses the proxy server. Search Engines and Portals -- Sites that support searching the Web, news groups, or indices or directories thereof. on URL Translation Sites — Sites that offer ontne translation of URLs. These sites access the URL to be translated in a way tha: bypasses the proxy server, potentially allowing unauthorized access. Web Hosting -- Sites of organizations that provide hosting services, or top-level domain pages of Web communities Blocked Internet Communication a Parent category that contains the categories: Email, Web Chat arrawroaAncormaypaowstae.s....radi Web Chat -- Sites that host Web chat services or that support or provide information about chat via HTTP or IRC. Web -based Email -- Sites that host Web -based email. • tri Blocked .3ob Search v Sites that offer information ablict or support the se&dng of ern loyment or employees. i 1 — ,(Ca...,. 3 f Open tionaawasinxes Militancy and Extremist - Sites that offer information about or promote or are sponsored by groups advocating antigovernment beliefs or action. ews and Media Sites that offer current news and opinion, including those sponsored by newspapers, general circulation magazines, or other media. Alternative Journals — Online equivalents to supermarket tabloids and other fringe publications. Racism and Hate - Sites that promote h Identification of ial groups, the denigration or subjection of Blocked groups; or the superiority] of any group. anesontal. Filtered Religion - Parent category that contains the Traditional .. Non -Traditional Religions!• averearseetast leaccovaisse 4' :3'a�T.v... 'N..1..✓. Non -Traditional Religions and Occult and Folklore -- Sites that provide information about or promote religions not specified in Traditional Religions or other unconventional, cultic, or folkloric beliefs and practices. Traditional Religions -- Sites that provide information about or promote Buddhism, Bahal, Christianity, Christian Science, !Hinduism, Islam, Judaism, Mormonism, Shinto, and Sikhism, as well as atheism. Filtered - Can access using quota time .4 Blocked Filtered Websense Internet Filter Removal Request Shopping - Sites that support the online purchase of consumer goods and services except: sexual Filtered materials, lingerie, swimwear, Investments, medications, educational materials, computer software or hardware, alcohol, tobacco, travel, vehicles and parts, weapons. Internet Auctions -- Sites that support the offering and purchasing of goods between individuals. Real Estate -- Sites that provide information about renting, buying, selling, or financing residential real estate. Filtered !Social Organizations - Parent category that contains the categories: Professional and Worker Organizations, Service and Philanthropic Organizations, Social and Affiliation Organizations ,7. ,..4,.M.® 'Professional and Worker Organizations -- Sites sponsored by or that support or offer information about organizations devoted to professional advancement or workers interests. Service and Philanthropic Organizations -- Sites sponsored by or that support or offer information about organizations devoted to doing good as their primary activity. Social and Affiliation Organizations -- Sites sponsored by or that support or offer information about organizations devoted chiefly to socializing or common interests other than philanthropy or professional advancement. Filtered Society and Lifestyles - Sites that provide information about matters of daily life, excluding entertainment, health, hobbles, Jobs, sex, and sports. Alcohol and Tobacco -- Sites that provide information about, promote, or support the sale of alcoholic beverages or tobacco products or associated paraphernalia. IGay or Lesbian or Bisexual Interest -- Sites that provide information about or cater to gay, lesbian, or bisexual lifestyles, including those that support online shopping, but excluding those that are sexually or issue -oriented. Hobbies -- Sites that provide information about or promote private and largely sedentary pastimes, but not electronic, video, or online games. I Personal Web Sites -- Sites published and maintained by individuals for their personal sel€-ex ression and ends. Personals and Dating -- Sites that assist users in establishing Interpersonal relationships, excluding those intended to arrange for sexual encounters and excluding those of exclusively gay or lesbian or bisexual interest. Restaurants and Dining -- Sites that list, review, advertise, or promote food, dining, or catering services. Special Events Sites devoted to a current event that requires separate categorization. Filtered Sports - Sites that provide information about or promote sports, active games, and recreation. Sport Hunting Gun Clubs — Sites provide information about or directories of gun clubs and similar groups, including Hunting r: and Gun Sites that P++, '.�.. information war-game and paintball facilities. Tasteless Sites with content that is gratuitously offensive or shocking, but not violent or frightening. Includes sites devoted in part or whole to scatology and similar topics or to improper language, humor, or behavior. en Travel." Sites that provide Information about or promote travel -related services and destinatinations. IntatasniatatraMMIMIVXClicia Filtered vasOcrUl Vehicles - Sites that provide information about or promote vehicles, including those that support online purchase of vehicles or parts. Violence - Sites that feature or promote violence or bodily harm inncluding self-inflicted harm; or that Blocked gratuitously display images of death, gore, or injury; or that feature images or descriptions that are grotesque or frightening and of no redeeming value. Blocked Weapons - Sites that provide information about, promote, or support the sale of weapons and related Items. Blocked - Can't access site Hello