IS Policies and ProceduresInformation Systems Policies and Procedures
User Account Policies and Procedures:
Purpose:
To establish guidelines for the end user and the Information Systems staff to handle user
accounts.
New user request:
When a new employee is hired, he or she must fill out a new user request form. This form will
consist of all users' information, such as, first name, last name, department, and supervisor's
name. The new user will then be able to request access to email, Internet, shared network drives,
and network printers.
Disabling user accounts:
When an employee of the Village of North Palm Beach retires, resigns or is terminated his or her
account will be disabled (not deleted) by the Information Systems department. The reasoning
behind disabling and not deleting the users account is to retain and secure any mission critical
data the users account contained. It is the user's immediate supervisor's responsibility to notify
the Information Systems group that a user has left the organization. This task can be completed
by filling out a disabled user account form.
Retention of disabled user accounts:
After a user's account is disabled it will be kept and stored for one year. The purpose behind this
is to determine whether the data associated with the disabled user is needed. If this is
determined the Information Systems group will store the needed information or grant access to
another user. After one year of storage, the Information Systems group will delete the users
account to free up valuable system resources.
Use of Internet Policy and Procedures:
Purpose:
To establish guidelines for the appropriate use of Internet provided by the Village of North Palm
Beach.
Internet Usage
All employees use of the Internet must be for Village of North Palm Beach business only. Any
personal or recreational use of the Internet is prohibited, even after normal business hours.
Anyone found to be using the Internet for anything other than Village business will lose their
Internet access and their supervisor will be contacted.
Any download of data, files, graphics, software, freeware, shareware, etc., made from the Internet
must be approved through the IT Department first. All users will submit a request form to the IT
Department for review and if the download is approved the IT Department will sign off and give a
copy to the user.
Employees must conduct themselves in a professional manner at all times while using the
Internet. The user is ultimately responsible for his/her own actions on the Internet. City
employees must not:
a) Use the Internet for personal gain.
b) Commit any crime using the Internet
c) Make any threats against another person, company or government entity
d) Hack or attempt to hack into another system.
e) Download or upload material containing the following:
Sexual content
Derogatory racial content
Political statements
Offensive language
Material which would negatively reflect on the Village of North Palm Beach
Material prohibited by law
Improper humor that is derogatory or insulting to
religious, ethnic, or racial groups or disparages
persons based on age, sex, sexual preference, or
physical or mental handicaps.
Commit any violation of the copyright laws of the United States or infringe on copyrights,
trademarks or patents held by an individual, corporation or government entity.
Promote the endorsement of any commercial product.
Participate in the use of CHAT lines/rooms.
Participate in any action which causes embarrassment to and/or discredits the Village of North
Palm Beach.
Employees will be given an Internet E-Mail address. Casual business correspondence is
encouraged over the Internet. Messages must be related to the employees' professional
responsibilities and positively reflect on the Village of North Palm Beach. Be discrete about the
information you send over the Internet about yourself or you may be subject to unwanted material
being sent to you. Keep in mind that the Internet is an unsecured network. All information sent
over the Internet MUST be public information as defined by the Public Records Act, Section 119,
Florida Statutes. Procedures for accessing E-Mail, both internal and external can be obtained
from the Data Processing Division, Department of Finance.
Employees accessing the Internet through the Village of North Palm Beach' network must not
make any purchases using the Internet or process any chargeable downloads. Employees
should be aware that shareware can only be used for a limited period before charges will be
incurred. The Village of North Palm Beach will not be responsible for any bills improperly
generated by employees' activity on the Internet.
The use of the Internet is a privilege, not a right and may be revoked at any time for abusive
conduct.
If information is developed indicating that employee(s) has (have) violated a federal, state, or
local law, it will result in the information being furnished to the Department of Public Safety for
further investigation and possible criminal prosecution.
Use of Electronic Mail (email) Policy and Procedures:
Purpose: To establish guidelines for the appropriate use of electronic mail both internal and
external.
Email Usage:
Permissible Uses of Village Email Services
The following are examples of appropriate use of Village electronic mail services.
a. The conducting of official Village business, except in instances where use of email has
been specifically discouraged.
b. Electronic dissemination of information, including the distribution of bulletins,
memoranda, newsletters, and reports.
c. Electronic publications.
Prohibited Uses of Village Email Services:
The following uses of Village electronic mail services are specifically prohibited.
Village electronic mail services may not be used for:
Violations of federal, state, and local laws.
Commercial purposes not under the auspices of the Village.
Personal financial gain (except as permitted under applicable policies).
Constructing electronic communication so it appears to be from someone else.
Obtaining access to the files or communications of others, unless expressly authorized to do so.
Electronic mail may not be used to represent, give opinions, or otherwise make statements on
behalf of the Village or any unit of the Village unless the sender is authorized to do so by the
Village.
Email may not be used to interfere with the normal conduct of Village business or the operation of
Village information technology services.
Email may not be used to transmit unsolicited material such as repetitive mass mailings,
advertising, or chain messages.
Attempting unauthorized access to any portion of the email service or attempting to intercept any
electronic communication transmission without proper authorization is prohibited.
Email should not be used in lieu of contracts or for formal agreements because of the ease of
forgery or misrepresentation.
Personal Use:
The Village email system exists primarily to accomplish the work of the Village; therefore, using it
for personal communication should be done in a prudent and responsible manner. Furthermore,
such use should not (1) directly or indirectly interfere with the Village's operation of computing
facilities or electronic mail services; (2) burden the Village with noticeable incremental costs; or
(3) interfere with the email user's employment or other obligations to the Village. However,
because of the difficulty of determining whether an email message pertains to Village business or
is a personal record, email users should be aware that an email message is a public record if it
resides on Village information technology facilities.
Encryption:
This policy does not forbid the use of encryption by individuals; however, these individuals should
recognize that the encrypted information, if determined to be a public record under the Florida
Public Records Law, must be provided in accordance with the Florida sunshine law. Furthermore,
under the Florida Public Records Law, if the information is in encrypted format, the requester
must be provided with the software and key to read such data.
Email Etiquette:
The use of email works best when everyone is considerate of others on the network. Therefore,
email etiquette and appropriate techniques are described in Appendix B.
Interception and Retrieving of Messages:
Users are not authorized to intercept or retrieve any email that is not sent to them unless
expressly authorized to do so. An exception is the Network Administrator who may need to see
the mail when rerouting or disposing of undeliverable mail.
Users of electronic mail should be aware of the following cautions:
Electronic mail may have been modified before forwarding.
Although electronic mail is often used in place of a phone call or voice mail message, it is closer
in nature to a letter, lacking both the visual and auditory content that comprises face-to-face
communication. Thus, great care should be taken in crafting the "tone" of an email message, and
in providing the recipient with the information needed to appropriately interpret the emotional
nature of the contents.
Village-provided electronic mail addresses and other Internet designations remain the property of
the Village. Such information constitutes directory information for employees of the Village and
may be disclosed or listed as directory information by the Village.
PRIVACY, REQUIRED ACCESS AND MONITORING PRIVACY:
Employees should have no expectation of privacy in email. The Attorney General has determined
that email is a public record, Section AGO 96-34. Therefore, the privacy of email cannot be
assured; it may be compromised by applicability of policy (including this policy) or law, by
unintended redistribution, or inadequacy of current technologies to protect against unauthorized
access. Extreme caution should be exercised when using email to communicate confidential or
sensitive items. Therefore, a good rule of thumb regarding email messages is "not to put anything
in an email message that you wouldn't want posted on a bulletin board."
Users should keep in mind that email messages can be easily printed, forwarded to others, or
could even be delivered to the wrong address. Additionally, users of electronic mail services
should be aware that although the sender and recipient have deleted their copies of an email
record, backup copies may exist on the server or elsewhere.
Occasionally, network and computer personnel may, during the performance of their duties,
inadvertently see the contents of an email message. They are not permitted to do so intentionally
or disclose or otherwise use what they have seen. One exception is system's personnel (i.e., a
"postmaster") who may need to see the mail when rerouting or disposing of undeliverable mail.
Chapters 119 of the Florida Statutes exempt certain categories of documents from disclosure
under the public records law, including but not limited to certain employee records or potential
trade secrets or patentable material relative to ongoing research at the Village. Before any email
is released pursuant to a public records request, any exempt information will be deleted from the
email.
ACCESS:
To further its mission, the Village supports the sharing of information and the exchange of ideas.
The Village supports free speech, and privacy of information. As such, the Village discourages
the retrieval, inspection, monitoring, or disclosure of electronic mail messages without the prior
consent of the user in possession of such messages except when: 1) required by and consistent
with law, 2) there is a substantial reason to believe that violations of Village policy or law have
occurred, or 3) in exceptional cases, when required to meet time-dependent, critical operational
needs determined by the Network Administrator.
Consent When appropriate, consent from the email holder should be sought by the Village
before any inspection, monitoring, or disclosure of Village email records in the holder's
possession. Employees and students are, however, expected to comply with Village requests for
copies of email records in their possession that pertain to the Village's official business, or whose
disclosure is required to comply with applicable laws, regardless of whether such records reside
on a computer housed or owned by the Village. Failure to comply can lead to disciplinary actions
up to and including dismissal, the loss of information systems usage privileges, and/or legal
action.
Access Without Consent When access is obtained without the holder's consent, the following
will apply:
Except in emergency situations, such actions must be authorized in advance and in writing by the
authority specified by the law or policy under which the action is taken. If the authority is not
specified, authorization must be sought from the Village Manager; this authority may not be
further delegated downward. Village counsel's advice should normally be sought prior to
authorization because of changing interpretations by the courts of laws affecting the privacy of
electronic mail. Authorization shall be limited to the least perusal of contents and the least action
necessary to resolve the situation.
In emergency situations (e.g., when the community or its members are endangered or when
access to email records must be secured to ensure the preservation of evidence), the least
perusal of the contents and the least action necessary to resolve the emergency may be taken
immediately without authorization. However, the appropriate authorization must be sought without
delay following the procedures of Section III above. If the action taken is not subsequently
authorized, the responsible authority shall seek to have the situation restored as closely as
possible to that which existed before action was taken.
In either case, the responsible authorities or their designee should, at the earliest possible
opportunity consistent with law and other Village policy, notify the affected individual of the
action(s) taken and the reasons for the action taken.
Actions taken in paragraphs one (1) and two (2) above shall be in full compliance with
law or other applicable Village policy. This has particular significance for email residing
on computers not owned or housed by the Village, and advice of village legal counsel
must be sought prior to any action taken under such circumstances.
MONITORING:
The Village will not monitor electronic messages. However, the Village, in the course of an
investigation triggered by indications of misconduct, may examine email to insure that the laws
and rules of the state and federal government are complied with. The Village will respond to legal
process and fulfill its obligations to third parties.
RETENTION, DISPOSITION AND PUBLIC ACCESS RETENTION AND DISPOSITION:
Retention schedules are based on a record's informational content, not its format. Before deletion
of an email message, the user must determine if the email is considered a "public record" (see
Appendix A for definition). If the email is not a public record, it may be disposed of without
consideration for retention and disposition requirements. Users with questions regarding public
records issues and record retention requirements should seek answers to these questions prior to
deleting email messages.
Email is often used as a modern substitute for telephonic and printed communications, as well as
a substitute for direct oral communications. The Florida Department of State has defined such
messages as "transitory records" (see Appendix A). While these messages constitute public
records, they are not required to be retained after the communication value is lost. They may be
deleted at will, once the user determines that the communication value is obsolete, superseded,
or administrative value is lost.
All other email which constitutes a "public record" (see Appendix A for definition) must be retained
for the required period of time according to Village records retention schedules.
While methods for reviewing, storing or deleting email vary, compliance with the retention
requirements of the public records law can be achieved by doing one of the following:
Electronically store the public record email according to the conventions of your email system and
retain it electronically pursuant to the Village retention schedules. The technical details and
methods of storing, retrieving and printing your email depends on the email system you use.
Consult with your Network Administrator.
Print the email and store the hard copy in the relevant subject matter file, as you would any other
hard-copy communication.
PUBLIC ACCESS:
Access to public records, regardless of form, is required by law. The only exclusions are
those public records specifically exempted by Florida statute (i.e., "limited access public
records", see Appendix A for definition).
VIOLATIONS:
Violations of any of the above guidelines are certainly unethical and may be violations of Village
policy or criminal offenses. Violations of this policy will be dealt with in the same manner as
violations of other Village policies, laws, or contracts, and may result in disciplinary review/action.
In such cases, the full range of disciplinary sanctions is available, including the loss of information
systems usage privileges, dismissal from the Village, and legal action.
While it is impractical to delineate all violations in the use of the Village email services, it is
possible to identify some examples.
Minor violations: e.g., first offense for personal campaigning, solicitation, sending chain letters
(congesting the email system), directly or indirectly interfering with the Village's operation of
computing facilities or electronic mail services
Major violations: e.g., violations of federal, state, or local laws, attempted security breaches,
intercepting another's email, constructing electronic communication so it appears to be from
someone else, and commercial use.
Reporting Incidents:
For employees, such suspected violations shall be reported to the appropriate supervisor. For
serious violations and/or suspected breaking of the laws, these items should be reported by the
supervisor immediately to the Network Administrator.
Sanctions:
Sanctions will be in compliance with the established disciplinary policies and procedures
employed by the Village. Grievances emanating from application of these policies and procedures
will be processed using established policies and procedures. In the event of an investigation, files
may be locked or copied to prevent destruction or loss of information.
Password Policy and Procedures:
Purpose:
To establish guidelines for user's password on the Village network
User's responsibility:
It is the user's responsibility to retain all password information and protect it from unauthorized
use. End users are not allowed to distribute their password information to other users. If a
security breach is found, the end user's account will be disabled and the supervisor will be
contacted. If a user is suspicious of a password security breach, they are to contact the
Information Systems group immediately to change user's password information.
Administrative password changes:
For security purposes every user will be forced to change their login password every 90 days.
Every 90 days the user will be advised by the system that their password has expired and needs
to be renewed. Users also have the opportunity to change their password at any time. If the user
chooses not to change their password, they will be allowed one grace login attempt, after that, the
account will be expired from the network and will need to be reactivated by the Information
Systems group.
Reuse of old passwords:
When changing your password you must use a unique password. The system is setup to
remember old passwords up to 320 days. Unique passwords are a requirement to avoid any
security risks. Passwords are also required to be 7 characters or more in length. Any characters
can be used to meet the requirements. Longer passwords make the account less vulnerable to
be misused.
Network and Personal Computer Policies and Procedures:
Purpose: To establish guidelines for the appropriate use of the computer and network equipment
owned and operated by the Village of a North Palm Beach.
Ownership of equipment:
The network and computer equipment is sole property of the Village of North Palm Beach and is
intended to be used to conduct Village business only.
Appropriate Usage of equipment
The computers and all related hardware are provided to the end user to perform duties related to
their job function. For example: to relay through email important information regarding a Village
meeting or other related Village information.
Inappropriate Usage:
To use the computers and network for any use other than Village business, installation of
unapproved software, this includes but not limited to, software obtained through the Internet or
from other outside sources. For example: Screen Savers, Games, calendars, calculators, etc.
Installing any unauthorized software can lead to many issues and conflicts with the installed
software and hardware, Also the downloading or electronic distribution, displaying, or printing of
any material that may be deemed offensive to other employees.
Reporting of IT related issues Policy and Procedures:
Purpose:
To establish guidelines for the reporting of all IT related issues by the Village of North Palm
Beach employees.
Policy:
All IT related incidents must be submitted via electronic form to the Information Systems group
using the incident request form provided by the IT department.
Procedures for reporting Incidents to the Information Systems Group:
Obtain and completely fill out electronic incident request form, (found on the village informant)
have supervisor sign, and deliver to Information Systems group.
All Incidents will be answered within 24 hours of the time incident was received.
Emergency Reporting Procedures:
When immediate assistance is needed, complete electronic incident form (found on the village
informant) and mark it as a High priority and deliver it to the Information Systems group and they
will call you immediately.
After Hours Emergency reporting:
When immediate assistance is needed during non business hours call the Information Systems
Coordinator, and they will respond shortly. If after 15 minutes your call is not answered, please
phone the Information Systems Manager immediately.
Emergency Examples:
Unable to connect to the network and are unable to perform essential job duties, your computer
has been infected by a virus or worm while surfing the Internet or checking electronic mail, your
computer crashes (freezes, hangs, screen goes black) while working on an important document
or application, unable to send and receive emails, phone system in dispatch area is down, radio
issues in Public Safety that pose a potential safety issue.
Non-Emergency Examples:
Changing of toner or ink cartridges in printers or copiers, unable to surf the Internet or pull up web
pages not pertaining to job function, Installation of new software.
Networking Backup Policy and Procedures:
Purpose:
To establish guidelines for the backing up and security of applications, user data, emails and
other critical data utilized by the Village of North Palm Beach.
End users responsibility:
Each user on the Village of North Bay Village network is responsible for saving all their
documents and critical data to their shared network drive. Every user will have access to a
network drive. All data that is housed in these directories will be backed up and stored on a daily
basis. All backups will be conducted after normal business hours to avoid any end user
bandwidth issues. Any data that is stored directly to the user's hard drive will not be backed up
and could possible lose all data if system were to crash.
Backup Schedule:
The backups will be scheduled by the Information Systems Manager and this schedule will be
placed in the server room and also kept in a remote location. All servers will be backed up on a
nightly basis. A full backup of all servers will be conducted every Monday, Wednesday, and
Friday at approximately 1100pm. An incremental backup will be run every Tuesday and
Thursday. An incremental backup will backup any data changed or updated since the last full
backup. The backup tapes will be on a bi-weekly rotation and stored offsite. Quarterly backups
will be conducted every four months and stored in a remote location. The quarterly backups will
be full backups. This system is designed to maximize the prevention of data loss in case of any
system failure.
Backup Tape storage:
The normal backups will run on a bi weekly schedule. The tapes are on a 2 week rotating
schedule. The tapes not being utilized that week will be stored offsite to the next rotation. The
tapes will be overwritten every 2 weeks. In the event of a system failure the backup operator will
have to pickup the tapes from the offsite location. Backup tapes are stored offsite to prevent data
loss in case of fire, flood, etc.
Backup Operator Responsibilities:
The backup operator is assigned by the Information Systems group. The administrator will be
tasked with checked daily logs on the backup server to clarify the backups were correct and
complete. A database log will be kept and maintained by the backup administrator to keep
sufficient records of backup activity. The Backup operator will also insure that the backup tapes
test ok, and the hardware is running sufficiently.
Emergency Operation Procedures:
In the event of a natural emergency, the Information Systems group will conduct a full backup of
all servers and store in a disaster safe location. This location will be designated by the Village
Manager.