The URL can be used to link to this page

Browse Search

Home My WebLink About20182036.tiffNOTICE OF FINAL READING OF ORDINANCE Pursuant to the Weld County Home Rule Charter, Ordinance Number 2018-06 was introduced on first reading on July 2, 2018, and a public hearing and second reading was held on July 23, 2018. A public hearing and final reading was completed on August 13, 2018, with changes being made as listed below, and on motion duly made and seconded, was adopted. Effective date of said Ordinance is listed below. Any backup material, exhibits or information previously submitted to the Board of County Commissioners concerning this matter may be examined in the office of the Clerk to the Board of County Commissioners, located within the Weld County Administration Building, 1150 O Street, Greeley, Colorado, between the hours of 8:00 a.m. and 5:00 p.m., Monday thru Friday, or may be accessed through the Weld County Web Page (www.co.weld.co.us). E -Mail messages sent to an individual Commissioner may not be included in the case file. To ensure inclusion of your E -Mail correspondence into the case file, please send a copy to egesick@co.weld.co.us. ORDINANCE NO. 2018-06 ORDINANCE TITLE: IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMATION TECHOLOGY, OF THE WELD COUNTY CODE EFFECTIVE DATE: August 27, 2018 BOARD OF COUNTY COMMISSIONERS WELD COUNTY, COLORADO DATED: August 17, 2018 PUBLISHED: August 22, 2018, in the Greeley Tribune ******* CHANGES MADE TO CODE ORDINANCE 2018-06 ON FINAL READING Change made in the title of this ordinance, as follows: IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMATION TECHNOLOGY, OF THE WELD COUNTY CODE CHAPTER 9 INFORMATION TECHNOLOGY Affidavit of Publication NOTICE OF FINAL, READING Pursuant to the Weld �CF ORDINANCE yRHoome Rule eChharter, Ordinance Number 2018-06 was introduced on first reading on July 2, 2018, and a public hearing and second reading was held on July 23, 2018. A public hearing and final reading was completed on Au- gust 13, 2018, with changes being made as listed below, and on motion duly made and seconded, was adopted. Effective date of said Ordinance is listed below. Any backup material, exhibits or information previously submitted to the Board of County Com- missioners concerning this matter may be examined in the office of the Clerk to the Board of County Commissioners, located within the Weld County Administration Building, 1150 O Street, Greeley, Colorado, between the hours of 8:00 a.m. and 5:00 p.m., Monday thru Friday, or may be accessed through the Weld County Web Page (www.co.wetd.co.us;: E -Mail messages sent to an individual Commissioner may not/be included in the case tile. To ensure inclusion of your E -Mail correspondence in- to the case file, please send a copy to egeslck@co.weld.co. us. ORDINANCE NO. 2018.06 ORDINANCE TITLE: IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMA- TION TECHOLOGY, OF THE WELD COUNTY CODE EFFECTIVE DATE: August 27, 2018 BOARD OF COUNTY COMMISSIONERS WELD COUNTY, COLORADO DATED: August 17, 2018 CHANGES MADE TO CODE ORDINANCE 2018.06 ON FINAL READING Change made in the title of this ordinance, as follows: IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMATION TECHNOLOGY, OF THE WELD COUNTY CODE CHAPTER 9 INFORMATION TECHNOLOGY The Tribune August 22, 2018 STATE OF COLORADO County of Weld, I Vickie Garretts of said County of Weld, being duly sworn, that I am an advertising clerk of THE GREELEY TRIBUNE, ss. say that the same is a daily newspaper of general circulation and printed and published in the City of Greeley, in said county and state; that the notice or advertisement, of which the annexed is a true copy, has been published in said daily newspaper for consecutive (days): that the notice was published in the regular and entire issue of every number of said newspaper during the period and time of publication of said notice, and in the newspaper proper and not in a supplement thereof; that the first publication of said notice was contained in the Twenty -Second day of August A.D. 2018 and the last publication thereof: in the issue of said newspaper bearing the date of the Twenty -Second day of August A.D. 2018 that said The Greeley Tribune has been published continuously and uninterruptedly during the period of at least six months next prior to the first issue thereof contained said notice or advertisement above referred to; that said newspaper has been admitted to the United States mails as second-class matter under the provisions of the Act of March 3,1879, or any amendments thereof; and that said newspaper is a daily newspaper duly qualified for publishing legal notices and advertisements within the meaning of the laws of the State of Colorado. August 22, 2018 Total Charges: $13.16 22th day of August2018 My Commission Expires 09/28/2021 KELLY ASH NOTARY PUBLIC STATE OF COLORADO NOTARY ID 2O'174O4O535 MY COMMISSION EXPIRES SEPTEMBCR 28, 2021 NOTICE OF SECOND READING OF ORDINANCE Pursuant to the Weld County Home Rule Charter, Ordinance Number 2018-06 was introduced on first reading on July 2, 2018, and a public hearing and second reading was held on July 23, 2018, with no change being made to the text of said Ordinance. A public hearing and third reading is scheduled to be held in the Chambers of the Board, located within the Weld County Administration Building, 1150 O Street, Greeley, Colorado 80631, on August 13, 2018. All persons in any manner interested in the next reading of said Ordinance are requested to attend and may be heard. Please contact the Clerk to the Board's Office at phone (970) 400-4225, or fax (970) 336-7233, prior to the day of the hearing if, as a result of a disability, you require reasonable accommodations in order to participate in this hearing. Any backup material, exhibits or information previously submitted to the Board of County Commissioners concerning this matter may be examined in the office of the Clerk to the Board of County Commissioners, located within the Weld County Administration Building, 1150 O Street, Greeley, Colorado, between the hours of 8:00 a.m. and 5:00 p.m., Monday thru Friday, or may be accessed through the Weld County Web Page (www.co.weld.co.us). E -Mail messages sent to an individual Commissioner may not be included in the case file. To ensure inclusion of your E -Mail correspondence into the case file, please send a copy to egesick@co.weld.co.us. ORDINANCE NO. 2018-06 ORDINANCE TITLE: IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMATION SERVICES, OF THE WELD COUNTY CODE DATE OF NEXT READING: August 13, 2018, at 9:00 a.m. BOARD OF COUNTY COMMISSIONERS WELD COUNTY, COLORADO DATED: July 27, 2018 PUBLISHED: August 1, 2018, in the Greeley Tribune o2O/� aza,3 6 Affidavit. of Publication NOTICE OF SECOND READING OF ORDINANCE Pursuant to the Weld County Home Rule Charter, Ordinance Number 2018.06 was introduced on first reading on July 2, 2018, and a public hearing and second reading was herd on July 23, 2018, with no chance being made to the text of said Ordinance. A public hearing and third reading is scheduled to be held in the Chambers of the Board, located within the Weld County Admin- istration Building, 1150 O Street, Greeley, Colorado 80631, on August 13, 2018. All persons in any manner interested in the :next reading of said Ordinance are requested to attend and may be heard. Please contact the Clerk to the Board's Office at phone (970) 400-4225, or fax (970) 336 7233, prior to the day of the hearing if, as a result of a disability, you require reasonable accommodations in order to participate in this hearing, Any backup material, exhibits or information previously submitted to the Board of County Commissioners concerning this matter may be examined in the office of the Clerk to the Board of County Commissioners, located within the Weld County Administration Building, 1 150 O Street, Greeley, Colorado, between the hours of 8:00 a.m. and 5:00 p.m., Monday thru Friday, or may be ac- cessed through the Weld County Web Page (www.co.weld.co.us ). E -Mail messages sent to an individual Commissioner may not be included in the case file, To ensure inclusion of your 8- -Mail correspondence into the case file, please send a copy toegesick@coryeid.co.us. ORDINANCE NO. 2018-06 ORDINANCE TITLE•: W THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMA- TION SERVICES, OF THE WELD COUNTY CODE DATE OF NEXT READING: August 13, 2018, at 9:00 a.m. BOARD OF COUNTY COMMISSIONERS WELD COUNTY, COLORADO DATED: July 27. 2018 The Tribune August 1, 2018 STATE OF COLORADO County of Weld, I Vickie Garretts ss. of said County of Weld, being duly sworn, say that I am an advertising clerk of THE GREELEY TRIBUNE, that the same is a daily newspaper of general circulation and printed and published in the City of Greeley, in said county and state; that the notice or advertisement, of which the annexed is a true copy, has been published in said daily newspaper for consecutive (days): that the notice was published in the regular and entire issue of every number of said newspaper during the period and time of publication of said notice, and in the newspaper proper and not in a supplement thereof; that the first publication of said notice was contained in the First day of August A.D. 2018 and the last publication thereof: in the issue of said newspaper bearing the date of the First day of August A.D. 2018 that said The Greeley Tribune has been published continuously and uninterruptedly during the period of at least six months next prior to the first issue thereof contained said notice or advertisement above referred to; that said newspaper has been admitted to the United States mails as second-class matter under the provisions of the Act of March 3,1879, or any amendments thereof; and that said newspaper is a daily newspaper duly qualified for publishing legal notices and advertisements within the meaning of the laws of the State of Colorado. August 1, 2018 Total Charges: $11.62 1st day of August 2018 My Commission Expires 09/28/2021 KELLY ASH NOTARY PUBLIC STATE OF COLORADO NOTARY ID 20174040535 MY COMMISSION EXPIRES SEPTEMBI!R 28, 2021 NOTICE OF FIRST READING OF ORDINANCE Pursuant to the Weld County Home Rule Charter, Ordinance Number 2018-06 published below, was introduced and, on motion duly made and seconded, approved upon first reading on July 2, 2018. A public hearing and second reading is scheduled to be held in the Chambers of the Board, located within the Weld County Administration Building, 1150 O Street, Greeley, Colorado 80631, on July 23, 2018. All persons in any manner interested in the reading of said Ordinance are requested to attend and may be heard. Please contact the Clerk to the Board's office at phone (970) 400-4225, or fax (970) 336-7233, prior to the day of the hearing if, as the result of a disability, you require reasonable accommodations in order to participate in this hearing. Any backup material, exhibits or information previously submitted to the Board of County Commissioners concerning this matter may be examined in the office of the Clerk to the Board of County Commissioners, located within the Weld County Administration Building, 1150 O Street, Greeley, Colorado, between the hours of 8:00 a.m. and 5:00 p.m., Monday thru Friday, or may be accessed through the Weld County Web Page (www.co.weld.co.us). E -Mail messages sent to an individual Commissioner may not be included in the case file. To ensure inclusion of your E -Mail correspondence into the case file, please send a copy to egesick@co.weld.co.us. ORDINANCE NO. 2018-06 ORDINANCE TITLE: IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMATION SERVICES, OF THE WELD COUNTY CODE DATE OF NEXT READING: July 23, 2018, at 9:00 a.m. BOARD OF COUNTY COMMISSIONERS WELD COUNTY, COLORADO DATED: July 6, 2018 PUBLISHED: July 11, 2018, in the Greeley Tribune WELD COUNTY CODE ORDINANCE 2018-06 IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMATION SERVICES, OF THE WELD COUNTY CODE BE IT ORDAINED BY THE BOARD OF COUNTY COMMISSIONERS OF THE COUNTY OF WELD, STATE OF COLORADO: WHEREAS, the Board of County Commissioners of the County of Weld, State of Colorado, pursuant to Colorado statute and the Weld County Home Rule Charter, is vested with the authority of administering the affairs of Weld County, Colorado, and WHEREAS, the Board of County Commissioners, on December 28, 2000, adopted Weld County Code Ordinance 2000-1, enacting a comprehensive Code for the County of Weld, 2018-2036 including the codification of all previously adopted ordinances of a general and permanent nature enacted on or before said date of adoption, and WHEREAS, the Weld County Code is in need of revision and clarification with regard to procedures, terms, and requirements therein. NOW, THEREFORE, BE IT ORDAINED by the Board of County Commissioners of the County of Weld, State of Colorado, that certain existing Chapters of the Weld County Code be, and hereby are, repealed and re-enacted, with amendments, and the various Chapters are revised to read as follows. CHAPTER 9 INFORMATION SERVICES Repeal and Replace Article I — Information Technology, in its entirety, as follows: Article I Weld County Information Technology Acceptable Use Policy Sec. 9-1-10. General Provisions. A. The Information Technology Acceptable Use Policy is to be followed by ALL employees (full time, part time, seasonal, temporary, interns), elected officials, contractors, vendors, and other authorized individuals ("Users") who utilize any information technology (IT), electronic, or other communication device owned and provided by Weld County, or who are granted access to any Local Area Networks and/or Wide Area Networks or other technology services maintained and provided by Weld County. B. This policy applies to any activity performed from a County -owned computing device or personally owned computing device that is connected to, or has access to, the County computing network. Additional policies related to information technology must be approved by Information Technology and the Board of County Commissioners, based on internal business needs. Responding to security incidents. All security incidents shall be reported to the Information Technology Technical Support Center for immediate review and response. Information Technology employees will follow the Computer Incident Response Plan to address any IT security related events. ANY USER FOUND VIOLATING THIS POLICY MAY FACE SANCTIONS WHICH SHALL INCLUDE, BUT ARE NOT LIMITED TO, DISCIPLINARY ACTION BASED ON PROVISIONS OF HUMAN RESOURCE RULES, DEVICE REVOCATION OR SERVICE ACCESS TERMINATION, AND/OR LEGAL ACTION. Sec. 9-1-20. Ownership of Devices and Services. A. All IT and communication devices and services, including, but not limited to, computers, peripherals, cell phones, pagers, software, files, e-mail messages, internet activity logs, remote access, and any other data or records stored on devices or other media provided by Weld County regardless of their physical location, or the form in which they are maintained, are considered property of Weld County and are owned exclusively by Weld County. B. USERS HAVE NO EXPECTATION OF PRIVACY WHEN USING ANY INFORMATION TECHNOLOGY OR COMMUNICATION DEVICE, SERVICE, SYSTEM, NETWORK, FILE, OR ANY OTHER DATA OWNED BY WELD COUNTY. The County, as directed by the Board of County Commissioners, reserves the right to access, review, delete, and/or disclose any files, records, e-mail messages, or other data without notice to, or authorization from, a User, and to seize any IT or communication devices provided by Weld County. This right continues after the User ceases to have access to a device or service provided by Weld County. Sec. 9-1-30. Organizations Affected. A. The scope of this policy defines the obligations of Users, as defined in Section 9-1-10, in using County Information Technology resources owned, managed, supported, maintained or operated by Weld County Information Technology. While this policy contains specific information regarding expected use of Weld IT resources, Users must follow and stay current on all additional requirements stated in Weld County Cyber-Security guidelines and standard operating procedures which are available on the County Intranet. Sec. 9-1-40. Authorized County Network Access. A. Authorized access to the County network for new Users must be approved by the department head, elected official, or designated person in the department. Requests for new employee security, or changes to existing security, must be submitted using the online IT Security Request Form. 1. All documentation authorizing User access to controlled computing and information resources must be archived and retrievable upon request for all accounts. Requests will be retained for a period of seven (7) years. 2. Login passwords must meet the County required standard as set forth in Section 9-1-50. 3. Generic and shared accounts are strictly prohibited. All User IDs must uniquely identify Users to the system, unless specified by the Chief Information Officer and/or the IT Security Manager. B. All IT security requests for user terminations within the County's operations must be submitted to the Department of Human Resources who will then coordinate with Information Technology. Upon the termination of an employee, the employee's access to all accounts, including remote access and e-mail, will be immediately suspended. All devices must be gathered and returned to IT immediately. The department head or elected official must coordinate with Human Resources, IT, and Legal Counsel prior to destruction or reassignment of any hardware, device, or electronic information. Sec. 9-1-50. Guidelines A. Responding to security incidents. All security incidents shall be reported to the Information Technology Technical Support Center for immediate review and response. Information Technology employees will follow the Computer Incident Response Plan to address any IT security related events. B. Responding to violations. All Users must play an active role in helping to assure the security and quality of all County applications by reporting any violations of this policy. In doing so, Users help to assure the optimum performance and availability of County systems. C. User obligation to report security and policy violations. Any User who observes violations of the IT Acceptable Use Policy should report the violation to his or her supervisor or Information Technology. D. User responsibility. The security, protection, and integrity of County information assets are the responsibility of all Users. It is each User's responsibility to fully understand the information security policies contained in this Article and to apply these policies effectively to his or her daily practices and routines. E. Manager responsibility. It is the responsibility of all managers to ensure all Users under their supervision fully understand and follow these information security policies. Managers are responsible for keeping their Users informed on any changes regarding these policies. Should any User consistently not adhere to County policy, the manager shall take appropriate remedial steps. It is the responsibility of all managers to ensure all information assets under their purview are secured and managed to ensure compliance with relevant policies and procedures. F. Use of information systems and resources. Any User who is allowed to use County computing systems to perform the necessary functions identified with his or her position must not misuse or abuse computing systems and resources. G. Compliance with software copyrights and licenses. All Users must comply with, and respect, the copyright laws and license agreements of the software licensed to the County for use on business computing systems. 1. Use of illegal software. Users must not download and/or install pirated or illegal software or software that violates existing copyright or license agreements. 2. Use of nonapproved software. The County strictly forbids the downloading or installation of non -County -owned, non -County -licensed, or other unapproved software on County computing systems without prior consent from Information Technology. Applications which are no cost and do not threaten security of the computing system may be installed unless IT objects. H. Acceptable use of passwords. Each password owner is required to safeguard and protect each password he or she has created or that is entrusted to him or her. Password sharing and account sharing is strictly prohibited. Writing down passwords is not an acceptable practice. I. Security of the computer through locking practices and mechanisms. All Users of a computing system must either lock the computing device, or logoff the system, when away from a computer device for any length of time. J. HIPAA systems. Computing systems covered by HIPAA must employ the use of a locking screensaver or similar mechanism to automatically enable after a minimum usage lapse of five (5) minutes. All other County systems will be fifteen (15) minutes, unless specified by Information Technology. K. Transmission of sensitive information over unsecured networks. Users must not send sensitive information over unsecured networks without the use of encryption technologies to secure the transmission. Such examples would be, but are not limited to: 1. Sending credit card information over the Internet. 2. Sending confidential business information over unsecured, non -County networks. 3. Sending information via e-mail without applying the appropriate security protocols. Any questions about whether information should be encrypted or secured should be referred to Information Technology. L. Tampering with security mechanisms. All County computing systems are equipped with security mechanisms to protect the information and resources of each system. Users shall not tamper with, reconfigure or disable such mechanisms. Such mechanisms would include, but not be limited to, anti -virus software, encryption and access controls. M. Prohibited Activity. The following are prohibited: 1. Introduction of malicious programs into the network or server (e.g. viruses, worms, Trojan horses, e-mail phishing, etc.). 2. Circumventing User authentication or security of any host, network or account. 3. Introducing honeypots, honeynets, or similar technology on the network is prohibited. 4. Providing access to another individual, either deliberately, or through failure, to secure access. 5. Accessing a server or an administrative account for any purpose other than conducting County business, even with authorized access. N. Illegal access of computer systems. County computing systems must not be used to obtain illegal access to computer systems, to interfere with the normal operations of computer systems, or to perform malicious acts against a computer system. O. Unauthorized testing of computing system security. Users shall never test the security of computer systems, whether physical or logic based, without written permission from the Information Technology Security Manager and the senior management of both the facility from where the test is being launched, and the facility where the system resides. P. Disclosure of Attorney -Client privilege information. Users must never disclose information that could be considered classified or proprietary to unauthorized persons. Q. Disclosure of classified information. Users must never disclose information that could be considered sensitive, classified, or proprietary to unauthorized persons. R. Use of system. Data is intended to be accessed, used, and shared only to the extent that it is authorized and necessary to fulfill a User's assigned job duties. S. System changes. Any software that allows configuration changes to networks, computers and other hardware or software, should only be installed by members of Information Technology. T. Workstation reallocation. Information Technology is responsible for maintaining all computing hardware on the County network. A User may not remove or retain hardware or software without County IT permission. The procedure for the reallocation of a workstation is as follows: 1. Remove PC from location. 2. Re -format hard drive and re -image for new User. 3. Redeploy to new location. U. Security breaches and disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient, or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular assigned duties. Disruption includes, but is not limited to, network sniffing, ping floods, packet spoofing, denial of service, and forged routing information for malicious purposes. V. Use of e-mail systems and resources. Users with legitimate business needs for a County e-mail account may have the use of the County e-mail system. Such usage is for enhancing productivity and communication. Users shall not misuse or abuse e-mail systems and resources. 1. Electronic mail (e-mail) is defined as any message that is transmitted electronically between two (2) or more computers or terminals, whether stored digitally or converted to hard (paper) copy. 2. Under Part 2, Article 72, Title 24, C.R.S., e-mail messages may be considered public record and may be subject to public inspection. Users must be aware of the potential public release of their emails. All computer -related information, including e-mail messages and/or digitally stored documents, are the property of the County and are considered the County's records, even if the information resides on privately owned devices. County e- mail should remain within the County e-mail system until archived or deleted. 3. E-mail messages that concern policies, decision -making, specific case files, contracts or other information that should be kept as part of the official records of County business, shall be retained within the County's e-mail archiving system by the recipients of such e-mail. 4. E-mail messages will be automatically deleted by the e-mail system on the 90th day following receipt, unless stored within the County's e-mail archiving system. 5. The Board of County Commissioners retain ultimate authority over all electronically and digitally stored e -mails, except for emails containing criminal justice information. 6. For purposes of open records requests, either the department head or designated data/records steward is the custodian. Information Technology will assist in retrieving any data and information. 7. Users must cooperate in the preservation and retention of any hardware, information, or documentation related to potential litigation. This includes maintaining any hardware, e-mail, electronic files or other information. 8. As with any County property or equipment, e-mail is intended to be used for official County business only. Strictly forbidden e-mail usage includes transmission of political messages, solicitation of funds for political or other purposes, or sending of harassing messages. a. Users must refrain from sending e-mail messages that are considered lewd, offensive or harassing. b. Users must not participate in sending, forwarding or responding to e -mails that are of a disruptive or coercive nature; such as, the distribution of spam or chain letters. c. The County identifies passwords as highly sensitive information. Account owners shall never divulge their e-mail account passwords and login information. 9. Users must never share e-mail accounts. 10. E-mail is County property. The County has the right to inspect and review any e-mail or other data stored on County computers and equipment or on privately owned devices if used for County business. Additionally, County officials may inspect and copy e-mail and computer records when there are indications of impropriety by a User, when substantive information must be located and no other means are readily available, or when necessary for conducting County business. Supervisors may review the contents of an employee's electronic mail, without the employee's consent, with the approval of the Department Head, the Director of Human Resources and/or County Legal Counsel. W. Use of Internet systems and resources. Users shall not misuse or abuse County Internet resources, which could result in disciplinary action by the County. 1. Acceptable Internet connectivity. Users access to the Internet is intended for County business, through authorized County gateways. 2. Personal use of Internet connectivity. Use of County computing resources to access the Internet is intended for legitimate County business purposes only. 3. Affiliation with the County. Users may make public their affiliation with the County in work - related mailing lists and other work -related communication resources on the Internet. 4. Inappropriate use of Internet resources. Users initiating or participating in communications of an inappropriate nature, or in an unprofessional way are strictly prohibited. Users must refrain from the use of lewd, offensive or hostile language when communicating using County resources. Likewise, all Internet messages that are intended to harass, annoy or alarm persons are prohibited. 5. Inappropriate use of Internet resources for illegal access. Users are strictly prohibited from contacting or probing information systems with the intent to gain unauthorized access. Users must not attempt to disrupt, or interfere with, the operation or function of any information systems. X. Use of networked systems and network related resources. Users must not misuse or abuse networked systems and network related resources. This could result in disciplinary action by the County, pursuant to Chapter 3 of the Weld County Code. 1. Disregard for security mechanisms. Users must not attempt to bypass security mechanisms. 2. Use of encryption for highly sensitive information. It is the responsibility of all Users to take the necessary precautions to encrypt highly sensitive information. 3. Network privacy. All communications using County resources may be monitored for statistical, legal and investigative purposes. Users should expect no right of privacy to communications made using County equipment and resources. The County retains the right to preserve, catalogue, and distribute any County -owned information or resource. Y. Use of remote access (VPN). Remote access into County networks is only permissible through an Information Technology -administered VPN (Virtual Private Network) solution. Z. Compliance with software licenses. Each department is responsible to ensure that all software licenses are complied with. Sec. 9-1-50. Password Policy. A. All passwords must conform to the requirements described below. This includes County - owned systems that are managed outside of IT, as well as IT -managed systems. Any User found to have violated this policy may be subject to disciplinary action, pursuant to Chapter 3 of the Weld County Code. 1. Password Creation Requirements. a. Must be a minimum of nine (9) characters in length. b. Must possess a minimum of three (3) of these four (4) characteristics: 1) One lower case letter. 2) One upper case letter. 3) One number. 4) One special character. 2. Password must be changed every 90 days. Sec. 9-1-60. County network and Internet security. A. Access to inappropriate and malicious websites for Users is prohibited. B. The Board of County Commissioners is the only authority that can approve changes to the default filter restrictions applied to Users Internet access. C. All remote access must follow the guidelines of the Acceptable Use Policy. D. Users shall not access malicious websites, files or other potentially malicious content. Such activity is a direct violation of this policy and may result in disciplinary action. Sec. 9-1-70. Physical and Environmental Security Policy. A. Internal security operations. All County facilities must be secured, as appropriate, to prevent unauthorized access to County information computing systems, resources and networks, including the wireless network. 1. All information technology equipment must be purchased by Information Technology. (See Section 9-9-10.) a. Only County devices with approved wireless adaptors are allowed on the wireless network. b. Approved devices will be configured by Information Technology for secure access to the County wireless network. c. Guest wireless access is permissible in certain areas of the County wireless network. Guest wireless is restricted to web browsing only and is provided on a limited basis. d. All policies and procedures for accessing the County network apply for wireless access. B. Computing in public and untrusted zones. The County operates several computing systems. There are computing systems in public access areas. There are also computing systems within the County jail for inmate use. C. Public computing systems. The County operates several public access computers which are available for use by the public, within County facilities. These systems, due to the uncontrolled nature of their use, must be segregated to an isolated or physically separate segment of the County network. All access to internal County resources must be tightly controlled and limited, to prevent any misuse of these systems. Auditing must be enabled on these systems. D. Inmate computing systems. The County provides several computers for the use of inmates within the County jail. Due to the uncontrolled use of these systems, all inmate computing systems must only maintain a minimal set of computer resources to prevent abuse of such systems and resources. This would include: 1. Computers must not maintain any unnecessary ports or peripherals, including a CD-ROM drive, floppy drive, serial ports, USB ports, modems or other nonessential interfaces. 2. Computers must not have access to other computing systems or servers, except to accomplish the specific purpose for the inmate computing systems. 3. Computers must not have Internet access. 4. Network access must be segregated from the other County network segments. E. Security zones. Specified areas within a facility that are designated as performing critical functions, or that contain sensitive information or systems, must make use of security mechanisms and procedures. These zones must be isolated by security controls of reduced permission from the general facility population. Permission must be based on the need to physically access the area for a job function. Such security zones would include server rooms and the communications closets. Access to these areas is controlled by the Department of Buildings and Grounds, in conjunction with Information Technology. Information Technology monitors all access. Access is limited to the following Information Technology employees via proximity card security: 1. Chief Information Officer. 2. Information Technology Security Manager. 3. Technical Director. 4. System Administrators. 5. Network Specialist. 6. Vendors working with Information Technology who require access to server rooms will be escorted by one (1) of the above authorized employees, and will be required to sign and date the access log located outside of the secured area. F. Equipment security. All information -computing equipment, and any information contained or processed by the equipment, must be reasonably protected from damage, interruption and interception. G. Secure disposal of computing equipment. All County computing equipment, including phones, and peripherals, must be disposed of securely by IT personnel to prevent unauthorized access to any residual company information. 1. Hard drives. Prior to the disposal of any hard drive or disk drive, the device must either be physically destroyed or formatted to current Department of Defense standards. This is to be performed only by Information Technology. 2. Optical media. Prior to the disposal of any optical media, such as CD-ROMs or DVDs, these devices must be physically destroyed. This may be accomplished using shredding or incineration. 3. RAM. Prior to disposal, all Random -Access Memory modules must be destroyed. This includes all memory devices; such as, memory from computers, memory from printers and FAX machines, or other memory devices. This is to be performed only by Information Technology. 4. Secure disposal of computing equipment. All County computing equipment, including phones and peripherals, must be disposed of securely by IT personnel to prevent unauthorized access to any residual company information. H. Data security and protection guidelines. 1. Information Technology is responsible for ensuring that all County data on the network is backed up. 2. Backup retention is as follows: a. Incremental daily backups: one (1) week on site. b. Weekly full backups: one (1) month on site. c. Monthly full backups: one (1) year. d. Annual full backups: seven (7) years. 3. Backup storage will be as follows: a. Weekly and monthly backups will be retained on site up to three (3) months. b. All other monthly and annual backups will be stored off site. 4. For any major changes to a server or application, a full backup is run prior to changes being completed. Section 9-1-80. Definitions. A. LAN - A Local Area Network (LAN) is a computer network within a small geographical area such as a home, school, computer laboratory, office building or group of buildings. A LAN is composed of inter -connected workstations and personal computers which are each capable of accessing and sharing data and devices; such as, printers, scanners and data storage devices, anywhere on the LAN. LANs are characterized by higher communication and data transfer rates and the lack of any need for leased communication lines. B. WAN - A Wide Area Network (WAN) is a network that exists over a large-scale geographical area. A WAN connects different smaller networks, including local area networks (LANs). This ensures that computers and Users in one location can communicate with computers and users in other locations. WAN implementation can be done either with the help of the public transmission system or a private network. C. Encryption - the process of converting information or data into a code, especially to prevent unauthorized access. D. Computing Device - a unit of hardware, outside or inside the case or housing for the essential computer (processor, memory, and data paths) that can provide input to the essential computer, or of receiving output, or of both. E. Computing Network - a set of computers connected for sharing resources. The most common resource shared is connection to LAN and WAN. Other shared resources can include a printer, a file server, or database server. F. Honeypot — a computer security mechanism set to detect, deflect, or in some manner, counteract attempts at unauthorized use of computing networks. Generally, a honeypot consists of data which appears to be a legitimate part of the site, but is isolated and monitored, and that seems to contain information, or a resource of value to attackers, who are then blocked. G. Phishing - the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information; such as, passwords and credit card numbers. H. Security Incident - An information security incident is a suspected, attempted, successful, or imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of information, interference with information technology operations, or significant violation of responsible use policy. BE IT FURTHER ORDAINED by the Board that the Clerk to the Board be, and hereby is, directed to arrange for Municode to supplement the Weld County Code with the amendments contained herein, to coincide with chapters, articles, divisions, sections, and subsections as they currently exist within said Code; and to resolve any inconsistencies regarding capitalization, grammar, and numbering or placement of chapters, articles, divisions, sections, and subsections in said Code. BE IT FURTHER ORDAINED by the Board, if any section, subsection, paragraph, sentence, clause, or phrase of this Ordinance is for any reason held or decided to be unconstitutional, such decision shall not affect the validity of the remaining portions hereof. The Board of County Commissioners hereby declares that it would have enacted this Ordinance in each and every section, subsection, paragraph, sentence, clause, and phrase thereof irrespective of the fact that any one or more sections, subsections, paragraphs, sentences, clauses, or phrases might be declared to be unconstitutional or invalid. Affidavit of Publication STATE OF COLORADO County of Weld, I Vickie Garretts of said County of Weld, being duly sworn, say that I am an advertising clerk of THE GREELEY TRIBUNE, SS. that the same is a daily newspaper of general circulation and printed and published in the City of Greeley, in said county and state; that the notice or advertisement, of which the annexed is a true copy, has been published in said daily newspaper for consecutive (days): that the notice was published in the regular and entire issue of every number of said newspaper during the period and time of publication of said notice, and in the newspaper proper and not in a supplement thereof; that the first publication of said notice was contained in the Eleventh day of July A.D. 2018 and the last publication thereof: in the issue of said newspaper bearing the date of the Eleventh day of July A.D. 2018 that said The Greeley Tribune has been published continuously and uninterruptedly during the period of at least six months next prior to the first issue thereof contained said notice or advertisement above referred to; that said newspaper has been admitted to the United States mails as second-class matter under the provisions of the Act of March 3,1879, or any amendments thereof; and that said newspaper is a daily newspaper duly qualified for publishing legal notices and advertisements within the meaning of the laws of the State of Colorado. July 11, 2018 Total Charges: $292.44 l lth day of July 2018 My Commission Expires 09/28/2021 NOTARASH Y PUBLIC STATE OF COLORADO NOTARY ID 20174040535 MY COMMISSION DARES SEPTEMBER 26,2021 1 1 NOTIt#t Oh FIRST READING OF ORDINANCE Pursuant to the Weld County Home Rule Charter. Ordinance Number 2018-06 published below, was introduced and, on motion duly made and seconded, approved upon first reading on July 2, 2018. A public hearing and second reading is scheduled to be held In the Chambers of the Board, located within the Weld County Administration Building, 1150 O Street, Greeley, Colorado 80631, on July 23, 2018. All persons in any manner interested in the reading of said Ordinance are requested to attend and may be heard. Please contact the Clerk to the Board's office at phone (970) 400-4225, or fax (970) 336-7233, prior to the day of the hearing If, as the result of a disability, you require reasonable accommodations in order to participate In this hearing. Any backup material. exhibits or information previously submitted to the Board of County Commissioners concerning this matter may be examined in the office of the Clerk to the Board of County Commissioners, located within the Weld County Administration Building, 1150 0 Street, Greeley, Colorado, between the hours of 8:00 a.m. and 5:00 p.m.. Monday thru Friday, or may be accessed through the Weld County Web Page (vnvw.co.weld.co.us). E -Mail messages sent to an individual Commissioner may not be included in the case fie. To ensure Inclusion of your E -Mall correspondence into the case file, please send a copy to egesickiEco.weld.co.us. ORDINANCE NO. 2018-06 ORDINANCE TITLE: IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMATION SERVICES, OF THE WELD COUNTY CODE DATE OF NEXT READING: July 23, 2018, at 9:00 a.m. BOARD OF COUNTY COMMISSIONERS WELD COUNTY. COLORADO DATED: July 6, 2018 WELD COUNTY CODE ORDINANCE 2018-06 IN THE MATTER OF REPEALING AND REENACTING, WITH AMENDMENTS, CHAPTER 9 INFORMATION SERVICES, OF THE WELD COUNTY CODE BE IT ORDAINED BY THE BOARD OF COUNTY COMMISSIONERS OF THE COUNTY OF WELD, STATE OF COLOBADO: WHEREAS, the Board.of County Commissioners of the County of Weld, State of Colorado, pursuant to Colorado statute and the Weld County Home Rule Charter, Is vested with the authority of administering the affairs of Weld County, Colorado, end WHEREAS, the Board of County Commissioners, on December 28, 2000, adopted Weld County Code Ordinance 2000-1, enacting a comprehensive Code for the County of Weld, Including the codification of all previously adopted ordinances of a general and permanent nature enacted on or before said date of adoption, and WHEREAS, the Weld County Code Is in need of revision and clarification with regard to procedures. terms, and requirements therein. . NOW, THEREFORE, BE IT ORDAINED by the Board of County Commissioners of the County of Weld, State of Colorado, that'cer- tain existing Chapters of the Weld County Code be, and hereby are,repealed and re-enacted, with amendments, and the various Chapters are revised to read as follows. CHAPTER 9 INFORMATION SERVICES Repeal and Replace Article I - Information Technology, in Its entirety, as follows: Article I Weld County Information Technology Acceptable Use Policy Sec. 9-1-10. General Provisions. A. The Information Technology Acceptable Use Policy is to be followed.y ALL employees (full time, part time, seasonal, temporary, interns), elected officials, contractors, vendors, and other authorized individuals ("User?) who utilize any information technology Networks and/or Wideor r Area Networks oommunication r other technology evice owned and services mrovided aintained ed and eld rovid d by or who are Weld County. anted access to any Local Area B. This policy applies to any activity perlurmed from a County-ovmed computing device or personally owned computing device that Is connected to. or has access to, the County computing network. Additional policies related to Information technology must be approved by Information Technology and the Board of County Commissioners, based on internal business needs. Responding to security Incidents. All security incidents shall be reported to the Information Technology Technical Support Center for immediate review and response. Information Technology employees wilt follow the Computer Incident Response Plan to address any tT security related events. ANY USER FOUND VIOLATING THIS POLICY MAY FACE SANCTIONS WHICH SHALL INCLUDE, BUT ARE NOT LIMITED TO, DISCIPUNARY ACTION EASED ON PROVISIONS OF HUMAN RESOURCE RULES, DEVICE REVOCATION OR SERVICE ACCESS TERMINATION, AND/OR LEGAL ACTION. Sec. 9-1-20. Ownership of Devices and Services. cell phones, pagers, A. All IT and communication devices and services, including, but not limited to, computers, peripherals,p 9 soft- ware, files, e-mail messages, Internet activity logs, remote access, and any other data or records stored on devices or other media provided by Wald County regardless of their physical location, or the form in which they are Maintained, are considered property of Weld County and are owned exclusively by Weld County. B. USERS HAVE NO EXPECTATION OF PRIVACY WHEN USING ANY INFORMATION TECHNOLOGY OR COMMUNICATION DE- VICE, SERVICE. SYSTEM, NETWORK, FILE, OR ANY OTHER DATA OWNED BY WELD COUNTY. The County, as directed by the Board of County Commissioners, reserves the right to access, review; delete, and/or disclose any files, records, e-mail messages. or other data without notice to, or authorization from, a User, and to seize any -IT or communication devices provided by Weld County. This right continues after the User ceases to have access to a device or service provided by Weld County. Sec. 9-1-30. Organizations Affected. A. The scope of this policy defines the obligations of Users, as defined in Section 9-1-10, in using County Information Technology resources owned, managed, supported. maintained or operated by Weld County Information Technology. While this policy contains specific Information regarding expected use of Weld IT resources, Users must follow and stay current on all additional requirements stated in Weld County Cyber-Security guidelines and standard operating procedures which are available on the County Intranet. Sec. 9-1-40. Authorized County Network Access. A. Authorized access to the County network for new Users must be approved by the department head, elected official, or desig- nated person in the department. Requests for new employee security, or changes to existing security, must be submitted using the online IT Security Request Form. 1. All documentation authorizing User access to controlled computing and information resources must be archived and retrievable upon request for all accounts. Requests will be retained for a period of seven (7) years. . 2. Login passwords must meet the County required standard as set forth In Section 9-1.50. - 3. Generic and shared accounts are strictly prohibited. All User IDs must uniquely Identify Users to the system, unless specified by the Chief Information Officer and/or the IT Security Manager. R. Alt IT security requests for user terminations within the County's operations must be submitted to the Department of Human 2. Sending confidential business information over unsecureo, non-i,.ounry 3. Sending information via e-mail without applying the appropriate security protocols. Any questions about whether information should be encrypted or secured should be referred to Information Technology. L. Tampering with security mechanisms. All County computing systems are equipped with security mechanisms to protect the in- formation and resources of each system. Users shall not tamper with, reconfigure or disable such mechanisms. Such mechanisms would include, but not be limited to, anti -virus software, encryption and access controls. M. Prohibited Activity. The following are prohibited: 1. Introduction of malicious programs Into the network or server (e.g. viruses, worms, Trojan horses, e-mail phishing. etc.). 2. Circumventing User authentication or security of any host, network or account. 3. Introducing honeypols, honeynets, or similar technology on the network is prohibited. 4. Providing access to another individual, either deliberately, or through failure, to secure access. S. Accessing a server or an administrative account for any purpose other than conducting County business, even with authorized access. N. illegal access of computer systems. County computing systems must not be used to obtain illegal access to computer sys- tems, to interfere with the normal operations of computer systems, or to perform malicious acts against a computer system. O. Unauthorized testing of computing system security. Users shall never test the security of computer systems, whether physical tor he logic based, where the written tepermissionis bf from the d the Information facility where gyhe Secsystum ras. Manager and the senior management of both fromP. Disclosure of Attorney -Client privilege information. Users must never disclose information that could be considered classified or proprietary to unauthorized persons. . 0, Disclosure of classified information. Users must never disclose information that could be considered sensitive, classified, or proprietary to unauthorized persons. R. Use of system. Data is intended to be accessed, used, and shared only to the extent that it is authorized and necessary to fulfill a User' assigned job duties. S. Systemm changes. Any software that allows configuration changes to networks, computers and other hardware or software, should only be installed by members of Information Technology. T. Workstation reallocation. Information Technology is responsible for maintaining all computing hardware on the County network. A User may not remove or retain hardware or software without County IT permission. The procedure for the reallocation of a work- station is as follows: I , Remove PC from location. ,. 2. Re -format hard drive and re -image for new User. 3. Redeploy to new location. U. Security breaches and disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient, or logging eInto a server or account that the employee is not expressly authorized to access, network sniffing, ping flood ,these packet spoofi g, denial of service,ies are within the e fand forgedgular sroutng informationned dutles. iorr malicioution s purposes t limited to, V. Use of e-mail systems and resources. Users with legitimate business needs fora County e mail account may have the use of (he County e-mail system. Such usage is for enhancing productivity and communication. Users shall not misuse or abuse email' Systems and resources. 1. \` Electronic mail (e-mail) is defined as any message that is transmitted electronically between two (2) or more computers or ter₹ninals, whether stored digitally or converted to hard (paper) copy. 2. Under Part 2, Article 72, Title 24, C.R.S., e-mail messages may be considered public record and may be subject to public inspection. Users must be aware of thepotential public release of their emails. All computer -related Information, including e-mail messages and/or digitally stored documents, are the properly of the Countyand are considered the County's records, even if the information resides on privately owned devices, County e-mail should remain within the County e-mail system until archived or deleted. 3. E-mail as part of the sofficial records of Coes tharconcern unty Ies, business,shalbdecision-making, iwiithin thfiles, eCounty�s e-mail archiving system bythat the recipients kept f such e-mail. . 4. E-mail messages will be automatically deleted by the e-mail system on the 90th day following receipt, unless stored within the County's e-mail archiving system. 5. The Board of County Commissioners retain ultimate authority over all electronically and digitally stored e -mails, except for emails containing criminal justice information. 6. For purposes of open records requests, either the department head or designated data/records steward Is the custodian. Information Technology will assist in retrieving any data and information. 7. Users must cooperate in the preservation and retention of any hardware, information, or documentation related to potential litigation. This includes maintaining any hardware, a mail, electronic files or other Information. 8. As with any County property or equipment, e-mail is intended to be used for official County business only. Strictly forbidden e-mail usage includes transmission of political messages, solicitation of funds for political or other purposes, or sending of harass- ing messages. a. Users must retrain from sending e-mail messages that are considered lewd, offensive or harassing. b. Users must not participate in sending, forwarding or responding toe -mails that are of a disruptive or coercive nature; such as. the distribution of spam or chain letters. c. The County identifies passwords as highly sensitive Information. Account owners shall never divulge their e-mail account passwords and ogin information. 9. Users must never share e-mail accounts. Sec. 9-1-30. Organizations Affected. A, The scope of this policy defines the obligations of Users, as defined fn Section 9.1-10, in using County Information Technology resources owned, managed, supported, maintained or operated by Weld County Information Technology. While this policy contains specific infomiation regarding expected use of Weld IT resources, Users must follow and stay currant on all additional requirements stated In Weld County Cyber-Security guidelines and standard operating procedures which are available on the County Intranet. Sec. 9-1-40. Authorized County Network Access. A. Authorized access to the County network for new Users must be approved by the department head, elected official, or desig- nated person in the department. Requests for new employee security, or changes to existing security, must be submitted using the online IT Security Request Form. 1. All documentation authorizing User access to controlled computing and information resources must be archived and retrievable upon request for all accounts. Requests will be retained for a period of seven (7) years. 2. Login passwords must meet the County required standard as set forth in Section 9-1-50. 3. Generic and shared accounts are strictly prbhibited. All User tDs must uniquely identify Users to the system, unless specified by the Chief Information Officer and/or the ST Security Manager. B. All IT security requests for user terminations within the County's operations must be submitted to the Department of Human Resources who will then coordinate with Information Technology. Upon the termination of an employee, the employee's access to all accounts, Including remote access and e-mail, will be immediately suspended. All devices must be gathered and returned to IT Immediately. The department head or elected official must coordinate with Human Resources, IT, and Legal Counsel prior to destruction or reassignment of any hardware, device, or electronic information. Sec. 9-1-50. Guidelines A. Responding to security incidents. All security incidents shall be reported to the Information Technology Technical Support Center for immediate review and response. Information Technology employees will follow the Computer Incident Response Plan to address any IT security related events. B. Responding to violations. All Users must play an active role in helping to assure the security and quality of all County appli- cations by reporting any violations of this policy. In doing so. Users help to assure the optimum performance and availability of County systems. C. User obligation to report security and policy violations. Any User who observes violations of the IT Acceptable Use Policy should report the violation to his or her supervisor or Information Technology. D. User responsibility. The security, protection, and Integrity of County information assets are the responsibility of all Users. It is each User's responsibility to fu0y understand the information security policies contained in this Article and to apply these policies effectively to his or her daily practices and routines. E. Manager responsibility. It is the responsibility of all managers to ensure all Users under their supervision fully understand and follow these Information security policies. Managers are responsible for keeping their Users Informed on any changes regarding these policies. Should any User consistently not adhere to County policy, the manager shell take appropriate remedial steps. It is the responsibility of all managers to ensure ail information assets under their purview are secured and managed to ensure compli- ance with relevant policies and procedures. F. Use of information systems and resources. Any User who is allowed to use County computing systems to perform the neces- sary functions identified with his or her position must not misuse or abuse computing systems and resources. G. Compliance with software copyrights and licenses. All Users must comply with, and respect. the copyright laws and license agreements of the software licensed to the County for use on business computing systems. 1, Use of Illegal software, Users must not download and/or Install pirated or illegal software or software that violates existing copyright or license agreements. 2. Use of nonapproved software. The County strictly forbids the downloading or Installation ofnon-County-owned, non -Coun- ty -licensed, or other unapproved software on County computing systems without prior consent from Information Technology. Applications which are no cost and do not threaten security of the computing system may be installed unless IT objects. H. Acceptable use of passwords. Each password owner is required to safeguard and protect each password he or she has creat- ed or that is entrusted to him or her. Password sharing and account sharing is strictly prohibited. Writing down passwords is not an acceptable practice. I. Security of the computer through locking practices and mechanisms. All Users of a computing system must either lock the computing device, or logoff the system, when away from a computer device for any length of time. J. HIPAA systems. Computing systems covered by HIPAA must employ the use of a locking screensaver or similar mechanism to automatically enable after a minimum usage lapse of five (5) minutes. All other County systems will be fifteen (15) minutes, unless specified by Information Technology. K. Transmission of sensitive information over unsecured networks. Users must not send sensitive information over unsecured networks without the use of encryption technologies to secure the transmission. Such examples would be, but are not limited to: I. Sending credit card information over the Internet. awaits containing criminal justice Intormation. 6. For purposes of open records requests, either the department head or designated data/records steward Is the custodian. Information Technology will assist in retrieving any data and information. 7. Users must cooperate in the preservation and retention of any hardware, information, or documentation related to potential litigation. This includes maintaining any hardware, a mail, electronic files or other information. 8. As with any County property or equipment, e-mail is intended to be used for official County business only. Strictly forbidden e-mail usage includes transmission of political messages, solicitation of funds for political or other purposes, or sending of harass- ing messages. a. Users must refrain kern sending e-mail messages that are considered lewd, offensive or harassing. b. Users must not participate in sending, forwarding or responding to a -mails that are of a disruptive or coercive nature: such as, the distribution of spem or chain letters. e. The County identifies passwords as highly sensitive information. Account owners shall never divulge their e-mail account passwords and login information. 9. Users must never share e-mail accounts. 10. E-mail is County property. The County hes the right to inspect and review any e-mail or other data stored on County computers and equipment or on privately owned devices if used for County business. Additionally, County officials may inspect and copy e mail and computer records when there are indications:of impropriety by a User, when substantive information must be located and no other means are readily available, or when necessary for conducting County business. Supervisors may review the contents of an employee's electronic mail, without the employee's consent, with the approval of the Department Head, the Director of Human Resources and/or County Legal Counsel. W. Use of Internet systems and resources. Users shall not misuse or abuse County Internet resources, which could result in disciplinary action by the County. 1. Acceptable Internet connectivity. Users access to the Internet is intended for County business, through authorized County gateways. 2. Personal use of Internet connectivity. Use of County computing resources to access the Internet is intended for legitimate County business purposes only. 3. Affiliation with the County. Users may make public their affiliation with the County in work -related mailing lists and other work -related communication resources on the Internet. 4. Inappropriate use of Internet resources. Users initiating or participating in communications of an inappropriate nature, or in an unprofessional way are strictly prohibited. Users must refrain from the use of lewd, offensive or hostile language when communi- cating using County resources. Likewise, all Internet messages that are intended to harass, annoy or alarm persons are prohibited. 5. Inappropriate use of Internet resources for illegal access. Users are strictly prohibited from contacting or probing information systems with the intent to gain unauthorized access. Users must not attempt to disrupt. or Interfere with, the operation or function of any information systems. X. Use of networked systems and network related resources. Users must not misuse or abuse networked systems and network related resources. This could result in disciplinary action by the County, pursuant to Chapter 3 of the Weld County Code. 1. Disregard for security mechanisms. Users must not attempt to bypass security mechanisms. 2. Use of encryption for highly sensitive information. It is the responsibility of all Users to take the necessary precautions to encrypt highly sensitive information. 3. Network privacy. All communications using County resources may be monitored for statistical, legal and investigative purposes. Users should expect no right of privacy to communications made using County equipment and resources. The County retains the right to preserve, catalogue, and distribute any County -owned information or resource, Y. LVse of remote access (VPN). Remote access into County networks is only permissible through an Information Technology-ad- ministbred VPN (Virtual Private Network) solution. Z. Compliance with software licenses. Each department is responsible to ensure that all software licenses am complied with. Sec. 9-1.50. Password Policy. A. All passwords must conform to the requirements described below. This includes County -owned systems that are managed outside of IT, as well as IT -managed systems. Any User found to have violated this policy may be subject to disciplinary action, pursuant to Chapter 3 of the Weld County Code. 1. Password Creation Requirements. a. Must be a minimum of nine (9) characters in length. b Must possess a minimum of three (3) of these four (4) characteristics: B10 TRIBUNE Wednesday, July 11, 2018 1) One lower case letter. 2) One upper case letter 3) One number. ' 4) One special character. 2. Password must be changed every 90 days. Seo. 9-1-6D. County network and Internet security. A. Access to inappropriate and malicious websites for Users is prohibited. B. The Board of County Commissioners is the only authority that can approve changes to the default filter restrictions applied to Users Internet access. C. All remote access must follow the guidelines of the Acceptable Use Policy. D. Users shall not access malicious websites, files or other potentially malicious content. Such activity Is a direct violation of this policy and May result in disciplinary action. Sec. 9-1-70, Physical and Environmental Security Policy. A. Internal security operations. Al County facilities must be secured, as appropriate, to prevent unauthorized access to County information computing systems, resources and networks, including the wireless network. 1. All information technology equipment must be purchased by Information Technology. (See Section 9-9-10.) a. Only County devices with approved wireless adaptors are allowed on the wireless network. b. Approved devices will be configured by Information Technology for secure access to the County wireless network. c. Guest wireless access is permissible in certain areas of the County wireless network, Guest wireless is restricted to web browsing only and is provided on a limited basis. d. All policies and procedures for accessing the County network apply for wireless access. 8. Computing in public and untrusted zones. The County operates several computing systems. There are computing systems in public access areas. There are also computing systems within the County jail for inmate use. C. Public computing systems. The County operates several public access computers which are available for use by the public. within County facilities. These systems, due to the uncontrolled nature of their use, must be segregated to an isolated or physically separate segment of the County network. All access to internal County resources must be tightly controlled and limited, to prevent any misuse of these systems. Auditing must be enabled on these systems. D. Inmate computing systems. The County provides several computers for the use of inmates within the County jail. Due to the uncontrolled use of these systems, all inmate computing systems must only maintain a minimal set of computer resources to prevent abuse of such systems and resources. This would include: 1. Computers must not maintain any unnecessary ports or peripherals, Including a CD-ROM drive, floppy drive, serial ports, USB ports, modems or other nonessential interfaces. 2. Computers must riot have access to other computing systems or servers, except to accomplish the specific purpose for the Inmate computing systems. 3. Computers must not have Internet access. 4. Network access must be segregated from the other County network segments. E. Security zones. Specified areas within a facility that are designated as performing critical functions, or that contain sensitive in- formation or systems, must make use of security mechanisms and procedures. These zones must be isolated by security controls of reduced permission from the general facility population. Permission must be based on the need to physically access the area for a job function. Such security zones would include server rooms and the communications closets. Access to these areas is con- trolled by the Department of Buildings and Grounds, in conjunction with Information Technology. Information Technology monitors all access. Access is limited to the following Information Technology employees via proximity card security: t. Chief Information Officer. 2. Infornatloti Technology Security Manager. 3. Technical Director. 4. System Administrators. 5. Network Specialist. 6. Vendors working with Information Technology who require access to server rooms will be escorted by one (1) of the above authorized employees, and will be required to sign and date the access log located outside of the secured area, F. Equipment security. All Information -computing equipment, and any information contained or processed by the equipment, must be reasonably protested from damage, interruption and Interception. G. Secure disposal of computing equipment. All County computing equipment, including phones, and peripherals, must ba disposed of securely by IT personnel to prevent unauthorized access to any residual company information. 1. Hard drives. Prior to the disposal of any hard drive or disk drive, the device must either be physically destroyed or formatted to current Department of Defense standards. This is to be performed only by Information Technology. 2. Optical media. Prior to the disposal of any optical media, such as CD-ROMs or OVDs, these devices must be physically de- stroyed. This may be accomplished using shredding or incineration. 3, RAM. Prior to disposal, all Random -Access Memory modules must be destroyed. This includes ail memory devices; such as, memory from computers, Memory from printers and FAX machines. or other memory devices. This is to be performed only by Information Technology. • 4. Secure disposal of computing equipment. All County computing equipment, including phones and peripherals, must be dis- posed of securely by IT personnel to prevent unauthorized access to any residual company information_ H. Data security and protection guidelines. 1, Information Technology is responsible for ensuring that all County data on the network is backed up. 2. Backup retention is as follows: a. Incremental daily backups: one (1) week on site. b. Weekly full backups: one (1) month on site. c. Monthly full backups: one (1) year. d. Annual fullbackups: seven (7) years. 3. Backup' storage will be as follows: a. Weekly and monthly backups will be•retained on site up to three (3) months. b. All other monthly and annual backups will be stored off site. 4. For any major changes to a server or application, a full backup is run prior to changes being completed. Section 9-1-80. Definitions. A. LAN - A Local Area Network (LAN) is a computer network within a smelt geographical area such as a home, school, computer laboratory, office building or group of buildings. A LAN Is composed of inter -connected workstations and personal computers which are each capable of accessing and sharing data and devices; such as, printers, scanners and data storage devices, anywhere on the IAN. LANs are characterized by higher communication and data transfer rates and the lack of any need for leased communication lines. B. WAN - A Wide Area Network (WAN) is a network that exists over a large-scale geographical area. A WAN connects different smaller networks, including local area networks (LANs). This ensures that computers end Users in one location can communicate with computers and users in other locations. WAN implementation can be dons eitherwith the help of the public transmission system or a private network. C. %tcryption - the process of converting information Or data into a code, especially to prevent unauthorized access. D. Computing Device - a unit of hardware, outside or inside the case or housing for the essential computer (processor, memory, and data paths) that can provide input to the essential computer, or of receiving output, or of both. E. Computing Network - a set of computers connected for sharing resources. The most common resource shared is connection to LAN and WAN. Other shared resources can include a printer, a fife server, or database server. F. Honeypot - a computer security mechanism set to detect, deflect, or in some manner, counteract attempts at unauthorized use of computing networks. Generally, a honeypot consists of data which appears to be a legitimate part of the site, but is isolated and monitored, and that seems to contain information, or a resource of value to attackers, who are then blocked. G. Phishing - the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information; such as, passwords and credit card numbers. H. Security Incident - An information security incident is a suspected, attempted, successful, or imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of information, Interference with information technology operations, or significant violation of responsible use policy. BE IT FURTHER ORDAINED by the Board that the Clerk to the Board be, and hereby Is, directed to arrange for Municode to supplement the Weld County Code with the amendments contained herein, to coincide with chapters, articles, divisions, sections, and subsections as they currently exist within said Code; and to resolve any inconsistencies regarding capitalization, grammar, and numbering or placement of chapters, articles, divisions, sections, and subsections in said Code. BE IT FURTHER ORDAINED by the Board, if any section, subsection, paragraph, sentence, clause, or phrase of this Ordinance is for any reason held or decided to be unconstitutional, such decision shall not affect the validity of the remaining portions hereof. The Board of County Commissioners hereby declares that it would have enacted this Ordinance in each and every section, subsection, paragraph, sentence, clause, and phrase thereof irrespective of the fact that any one or more sections, subsections, paragraphs, sentences. clauses, or phrases might be declared. to be unconstitutional or invalid. _ The Tribune July 11; 2018 Hello