ACCEPTABLE USE OF COUNTY
All county electronic information systems are to be used for County business
only, with minor exceptions, and use of these systems shall be conducted in
accordance with this policy. This policy applies to all county employees and
who have access (direct or through any type of remote access solution) to any
county electronic system.
means Douglas County acting through each of its department heads, boards, or
or systems means all County electronic information devices,
interconnections, and technical information related to them. Examples include
all computer devices (whether networked or standalone), software and hardware
memory devices, storage devices and storage media), telephones, personal digital
cellular-based communications devices that access the County network, voice mail
systems, fax machines, pagers, copiers, recorders, transmitters, printers,
scanners, and any similarly connected, or related, devices. For purposes of
this policy, an electronic record or communication includes any data or
information in any form processed or stored within the system whether generated
directly or indirectly.
Whenever the context allows, "department"
refers to the particular County department that owns or controls a system at
any person under the direction of the Information Technology Director, either
staffed within the Information Technology Department, or a designee outside of
the Information Technology Department approved by the respective department head
and the Information Technology Director.
means any person(s), County employee or not, acting on behalf of the County, who
has access to and makes use of any County electronic system referenced in this
means usage of any County electronic system, by general public or County
employee, that has been expressly designed and designated as a public accessible
means information of any kind used in any way in County systems, Examples
include messages, communication, e-mails, files, records, recordings, images,
graphics, transmissions, signals, programs, macros, software, and data.
means using systems to disseminate or spread information to the public or beyond
area of authority with the County. Examples include newsletters, web pages,
fliers, chain letters, and postings to Internet groups or to e-mail lists.
includes other systems accessed by or through those devices, such as the
Internet, e-mail, cable television, and phone services. Systems includes
designs, specifications, passwords, access codes, and encryption codes. Systems
also includes any identifiers for devices, users or accounts.
Uses, uses, used
means any use of County systems to affect information in any way by County
employees, officers, agents, or volunteers. Examples include using systems to
search, produce, calculate, extract, forward, print, publish, receive, send,
transmit, apply, run, control, download, upload, records, copy, rename, access,
alter, delete, erase, encrypt, or store any information.
21.1.2 Systems and information are County property. All systems
and information are, and shall remain, the property of the County, subject to
its sole control. No part of systems or information are, or shall become, the
private property of any system user. The County owns all legal rights to
control, transfer, or use of all or any part or product of its systems. All
uses must comply with this policy and with all other County policies and rules
that apply. Nothing in this policy shall be construed to abridge any rights of
County to control its systems, their uses, or information.
Systems are for County
business. Except as allowed under this policy, systems may be used only for the
business of the County as defined by the County.
21.1.3 The County reserves, and intends to exercise, all rights
relating to information used in its systems. The County reserves the right to
trace, review, audit, access, intercept, block, restrict, screen, delete,
recover, restore, publish, or disclose any information, at any time without
notice. The County does not intend to tap phone conversations without notice or
due process of law. However, it may authorize a party to any conversation to
record it, as permitted by State Law. The County may withdraw permission for
any or all personal or business uses of its systems at any time without cause or
explanation. No one shall grant access to systems without County authorization.
All Users should also be
aware that the use of a password does not give rise to any right of privacy and
that the use of the deletion keystroke, or a delete function, does not
necessarily mean that a record, communication, or document has been eliminated
from the System.
21.1.4 Desktop security mechanisms, including passwords,
scramblers, encryption methods, re-mailer services, proxies, anonymizers,
drop-boxes, or identity-stripping may not be used without County approval,
access, and control. No user may attempt to access, copy, forward, delete, or
alter the messages of any other user without County authorization. A County
system may not be used to attempt unauthorized access to any information or
21.1.5 Physical Security of County information systems is
important. Because of this, no member of the general public should be provided
access to any County system unless that system has been configured for public
access. Users are required to log out of the network and turn off personal
computers when not in use overnight and over weekend periods, unless there is a
business purpose (ie, backups, scheduled jobs, etc) for leaving the computer
on. Any computer left on in these situations must be locked with a password
protection system, such as a password enabled screensaver. To insure
appropriate security, departments are required to identify "high
locations to the Information Technology Director, A work area in which a
workstation cannot be effectively secured for County-only utilization, or is
expressly configured for access by the general public, is considered to be "high
21.1.6 Network passwords are utilized as a key element of the
System security strategy. Passwords are required of all Users. System defined
requirements for minimum password length, password renewal, and password reuse
applies to all Users of the System, and may be required by the Information
Technology Department. System users should protect their passwords, share only
as necessary, and change them immediately if the password is compromised.
Periodic password changes, with limitations on password reuse, are enforced as a
matter of network security. Information Technology may require passwords that
do not meet minimum security requirements to be changed immediately. Passwords
should never be written or posted in areas that are in visible sight, including
on or around a PC workstation. Devices designated as Public Access may be
excluded from these requirements where business practices deem it impractical.
21.1.7 Users assigned remote access rights (dialup, RAS, VPN, etc)
are to safeguard security information provided including phone numbers, security
codes, and passwords. Remote access capabilities are assigned to specific
individuals and are non-transferable between Users. Remote access to County
systems should be limited to only the minimum duration in which such access is
needed, and should be immediately removed when no longer needed for County
21.1.8 Many sophisticated system monitoring and diagnostic tools
are readily available through the Internet. Implementation of any of these
types of system monitoring and/or diagnostic tools, such as keyboard capture,
network diagnostic, scanning, "sniffing",
password cracking or testing , or port mapping tools by Users is prohibited,
unless pre-authorized by the Information Technology Department.
21.1.9 Careful control of access points to the network is vital to
System security. Unless pre-authorized by the Information Technology
Department, all Users shall adhere to the following: No user shall install, or
allow an outside service provider to install any software or hardware solution
that allows remote access or remote control of a device within the County
network. No User shall utilize any unauthorized software package of service to
gain access to a device outside the County network. A network connected PC
configured with remote access or remote control software, with or without a
modem represents a significant security exposure to the entire network. Users
are not allowed to set up desktop modems to provide dial-in capabilities. Modem
access is to be coordinated with Information Technology. Where business needs
dictate, dial-up modems may be with the User to assure that required needs are
met with a configuration that is consistent with System security requirements.
Users should contact Information Technology for a review of any existing modems
attached to networked PCs.
21.1.10 A firewall, (the computer system which isolates the County
from the Internet world), is maintained to separate the County network from the
Internet. Many web-based services offered by outside agencies, for
communicating and transferring data, require modifications to the firewall.
Every modification constitutes a compromise in network security. The County
will assess requests for access through the firewall on a case-by-case basis
through a formal request process. No adjustment or modifications to the
firewall will be made to accommodate any non-County related business needs.
21.1.11 No User should attempt to modify their desktop operating
system or software applications installed on the System. This includes the use
of registry editors, any type of disk management software, menu systems, screen
savers, music or video players or utilities, chat systems, or other software
utilities not included in the standard operating system. Users may not
experiment with their PC operating system configurations using "tips
type information found in magazines, bulletin boards, user groups, etc.
21.1.12 Users are prohibited from installing or downloading any
software or program onto their PC System, without first consulting with
Information Technology. In general, Information Technology is solely
responsible for installation and configuration of software on PCs and the
System. Some specialized circumstances warrant users installing and maintaining
their own PC provided they do so by specific pre-agreement with Information
Technology. Users should consult Information Technology prior to responding to
any prompt from an Internet-based source to upgrade standard components on a
County PC (ie Adobe Acrobat, Flash, Windows Update components, Internet Explorer
21.1.13 Users are not to install software that enables a workstation
to serve as a communications host for remote access. No User shall install or
download any software or activate any service that enables a PC or any component
of a User profile to communicate through the firewall to any outside service,
host, remote PC, etc. This includes "webshots"
type novelty programs, "cellular"
e-mail services, remote control software, streaming video and audio not related
to county business, and any of the emerging products that utilize ports
configured for standard browsing, file transfer, and Internet e-mail routing.
21.1.14 Information Technology relies on standard configurations when
restoring systems after component failures. Information Technology is not
responsible for restoring any custom configurations implemented by end users in
violation of this policy.
21.1.15 Users should not disable or modify the network security
software placed on their system, including anti-virus software. Users
connecting to the network are obligated to participate in distributed updates of
these software systems.
21.1.16 All programs, documents, and data generated, processed,
and/or stored on the System are County property, unless otherwise specified by a
license agreement. The County licenses the use of copies of computer software
from a variety of outside companies. The County does not own the copyright to
this software or its related documentation. The County, except for copies for
backup purposes or unless expressly authorized by the copyright owner(s), does
not have the right to reproduce software for use on more than one computer or
network. County employees learning of any misuse of software or related
documentation within the County, or with knowledge of the installation of
un-licensed software, are required to notify their department management
immediately, and if still unresolved, to the Information Technology Director.
21.1.17 A Users ability to send an e-mail message to a group of
people should only be conducted on a limited basis. All group e-mail messages
should identify the source by department and name. Responses to group messages
should be directed to the source. When determining whether a message should be
broadcast on a group wide or department-wide basis, make sure that you know your
audience. Avoid broadcasting messages to people with whom you do not ordinarily
have direct contact. Each department is responsible for group e-mails sent by
employees of their departments. Group or broadcast e-mails should never be used
to transmit non-County related information, including such things as jokes,
religious messages not pertaining to County business, or advertisements.
The prohibitions for
individual e-mail communications also apply to group e-mail communications. Any
departmental questions regarding a group message should be addressed to the
Information Technology Director.
21.1.18 Public records are controlled by the County. All system
administrators and users must comply with public records retention laws and
rules. The County reserves sole discretion to decide what information is a
public record. The County may disclose any public record without permission or
knowledge of any systems user. Except as noted in this policy, users may not
expect that any personal use of County systems is private.
21.1.19 Uses must reflect the County image, uses of County systems do
not all have to be formal, but they must be professional. For example, e-mail
must look like County e-mail, not the product of a pop culture. Authors must
not use CB handles or pen names, personal symbols, ornamental quotes , or news
group or chat room slang. This rule may not apply to some devices and services
designated as Public Access.
21.1.20 Uses of County systems must not be false, unlawful,
offensive, or disruptive. No use shall contain profanity, vulgarity, sexual
content, or character slurs. No use shall make rude or hostile reference to
race, age, gender, sexual orientation, religious or political beliefs, national
origin, health, or disability. Copyrighted or licensed information shall be
used only with full legal right to do so.
21.1.21 All publishing is restricted to County business as defined by
the County. All publishing requires County authorization. Employee events may
be internally published with County approval.
Many Internet or e-mail
groups exist to share useful information. The County may authorize a user to
post queries or to represent it by posting professional comments to useful
groups. Comments must conform to this policy. Content and frequency of posting
must reflect the County's
interests; not the user's.
Internal publishing of
employee events is mixed County and personal business and must conform to this
policy. Examples are charitable drives retirements, parties, or whatever the
County deems suitably related to County business.
21.1.22 The County often needs people to remain at work despite
personal needs and interests. The County also needs employees to continuously
develop their knowledge and skills. For those reasons, certain personal uses
are allowed. The County shall have sole discretion to decide whether a use is
personal or business. Any personal use must satisfy the following provisions.
Except as these provisions clearly state, all personal use must also comply with
the rest of this policy and any use will comply with the Employee Ethics Policy
(Personnel Rule 20). Personal use of County systems must be at virtually no
cost to the County.
of allowed personal uses include: a local call, a long distance call that is not
charged to the County, a brief e-mail message, a short toll-free Fax, and
limited use of a microcomputer.
of allowed mixed County and personal uses include: printing and photo copying a
County job application, a resume, personnel and benefits papers, and necessary
material for County-paid courses of study.
of personal uses not allowed include: toll calls, making or taking non-business
calls from a County cellular phone, copying or printing, and any service for
fee. The County may opt to allow any of these uses if it sets narrow limits and
requires users to repay full costs without County subsidy.
18.104.22.168 The degree
or extent of personal use must always be petty or insignificant compared to use
for assigned work. Simply having idle work time does not permit or condone
usage of the System or Internet for personal use.
personal use may be made by, or on behalf of, any organization or third party,
unless sanctioned by the County.
publishing is allowed if the content or purpose is personal. This bars personal
web pages. It bars personal postings to Internet groups, chat rooms, web pages,
or list services.
personal soliciting is allowed. Systems may not be used to lobby, solicit,
recruit, sell, or persuade for or against commercial ventures, products,
religious or political causes, outside organizations, or the like.
22.214.171.124 To ensure
network security, no User shall connect any device (PDA's,
wireless devices, modems) to the County network or PC Workstations without prior
approval by Information Technology. A user may not put to his or her personal
use any system device that the user does not employ in his or her assigned
work. No privately owned device may be connected to County systems without
Information Technology authorization. System devices taken home remain subject
to this policy.
may make limited personal use of their assigned microcomputers, software, and
Internet access. Example uses include brief web searches for personal research,
self-study, and preparing a resume or application for a County job. Personal
use must be done during meal and rest breaks, or before or after work. The
County may permit mixed County and personal work to be done at other times.
games and personally owned games may not be used at any time on County PC
equipment. Games that come with pre-loaded software (Operating System games,
PDA games, etc) may be used only with County permission. They may be permitted
only during normal lunch breaks, and before or after work, not during rest
breaks. They shall be used without sound and only where not visible to clients.
County owned or licensed games created to teach real, needed knowledge or skill
may be used as the County allows.
County PCs to listen to broadcast music or videos from the Internet is strictly
prohibited, except in specific instances where such material is being used for
official County business. These types of streaming broadcasts consume
considerable network resources, and have considerable impact upon production
usage of the network when operated.
126.96.36.199 Users are
prohibited from using the County email system for subscribing to news groups or
e-mail newsletters unrelated to County business.
188.8.131.52 Users are
prohibited from using County systems at any time for the buying, listing, or
selling of items via Internet auction sites, unless specifically related to
21.1.23 The County may choose to have any users sign statements
acknowledging all or parts of this policy. The County may adopt its written
policy to replace or amend this broad, County wide policy to its specific
needs. The terms of a Board policy or of a valid collective bargaining
agreement shall supersede any conflicting terms in this policy.
21.1.24 Although this rule allows de minimis use of county
systems and equipment for personal use, the same may not be true under ORS
Chapter 244, the Government Standard and Practices Act. Personal use of county
systems and equipment is at the user´s
risk. The County cannot indemnify nor defend a County employee accused of an