HomeMy WebLinkAbout067 - Microcomputer and Software Policies • ADMINISTRATIVE ORDER NO. 67
March 1 , 2000
TO: All Departme t
FROM: Gary Crutchfi Manager
RE: Microcomputer Software Policies
I. GOALS:
Cost-effectively introduce automation into the department environment.
• Define the scope of need/use of automation, particularly microcomputers.
• Minimize the training cost associated with automation start-up and new employees.
• Optimize relevant information sharing, such as database format, forms and hardware.
• • Optimize information and data handling and minimize software expenditure by
networking compatible systems.
• Minimize reliance on central computer and Information Services (IS) staff.
• Maintain an updated plan to guide departments in goals, policies, and procedures.
• Formalize policies on Internet and e-mail use.
II. GENERAL GUIDELINES :
A. Approval Criteria
1 . The microcomputer is recognized by the City of Pasco as an effective productivity
tool and is promoted within the department environment. To receive authorization
to purchase equipment hardware and software, request forms (see Appendix A
request forms) must be completed and submitted to the IS division. Criteria for
technical review of microcomputer requests have been developed to address the
Automation Goals. The IS division will review these request forms using these
criteria and submit a report to the City Manager. The City Mari it
all microcomputer acquisitions. These criteria are outlined below:
• Hardware/Software compatibility.
• Hardware acquisition is driven by software application and productivity
improvement.
• There should be one or more applications identified. Specific productivity
improvements should be both identifiable and quantifiable. Microcomputers
will not be purchased against the promise of unspecified benefits.
i
• • The application needs should be capable of being met through the use of a
pre-packaged application or user-friendly software. If possible, the specific
software to be used in implementing the application should have been
identified. Any original programming effort required should be extremely
limited.
•
Any additional personnel, software, or security requirements should be
identified and justified before the microcomputer proposal is requested.
• Applications requiring massive data entry, data storage, or data processing
operations, are not normally considered appropriate for microcomputers. These
applications should be carefully evaluated with the IS division, since it may be
that some other form of processing support would better serve the user
department needs.
B. Restrictions
The flexibility and portability of microcomputers creates a special environment in
which certain restrictions should be observed. These include the following:
• Offsite Use: Since microcomputers are purchased for specific business needs,
they should not be transported from their approved business location. This
restriction is applicable to data, data media, programs and documentation, as
• well as equipment. A portable microcomputer can be checked out by exempt
employees from the IS division, following approval by division manager.
• Development Software Ownership: Any software or application developed on a
city-owned microcomputer is the property of the city and shall not be sold or
given to anyone without written consent of the City Manager. Any willful
destruction or damage to city data or files shall be subject to disciplinary action
or criminal prosecution.
• Copyright Protection: The city is treated the same as any other purchaser of
software and is subject to the provisions of the copyright laws. These laws are
normally contained in equipment and software manuals and must be adhered to.
As a practical matter, these laws generally prohibit the copying of programs for
use on microcomputers other than the one for which they are purchased. (See
Section 6.3)
• IS Support: IS division is not obligated to provide assistance or support for
"non-standard" equipment and software.
III. USER DEPARTMENTAL RESPONSIBILITIES:
While functions have been established in the IS division for microcomputer consulting,
training, and technical support, the justification, operation, maintenance, and management
of microcomputers falls under the responsibility of the user department. These and other
• responsibilities for the user departments are provided below.
ADMINISTRATIVE ORDER NO. 67 — PAGE 2
• Application Software Selection
Within the guidelines established, select the application software to meet the identified
business requirements, and justify the software desired.
• Business Needs Identification
Identify the business system needs requiring computerization and justify the hardware
desired. All significant changes to existing hardware or software systems must also be
justified. The Information Systems Division may require written requests for systems
acquisition or alterations which require significant resources to implement.
• Applications Systems Documentation
Prepare and maintain appropriate application documentation, for applications including
documentation on security and backup procedures.
• Microsystem Operation
Responsible for the total operation of microcomputers, networks, and peripheral
equipment.
• Local Security Program Administration
Within the guidelines established, implement an operational, data, and personnel
• security program (for further information, see Section 8.0 of this executive order).
• Problem Reporting
Establish a help environment where employees do not abandon or damage the system,
but rather one where they routinely report problems to the IS.
• Personnel Training
Provide time for training key personnel and assure that basic training on the equipment
and software is available and that provisions for continuity and backup are made.
• Microsystem Maintenance
Responsible for maintenance activity that will avert disruptions/breakdown such as
cleaning of keyboards and printers, securing diskettes, and routine backups.
IV. INFORMATION SYSTEM DIVISION RESPONSIBILITIES :
A. General Functions
The IS division user will assist department personnel to become familiar with the
changing aspects of microcomputers in their day-to-day operations. The Division has
four principal functions: 1 ) User support and training; 2) Budgetary and inventory
• control; 3) Consulting and technical support; 4) Network control and operations.
ADMINISTRATIVE ORDER NO. 67 — PAGE 3
• B. User Support and Training Function
This function offers training in "standard" hardware and software operations as well as
access to a microcomputer by users who either cannot justify a microcomputer system
or are undecided about requesting one of their own.
For the occasional user, this is a convenient way to gain access to and familiarity with a
microcomputer. No justification or cost is involved and users are encouraged to use
this facility. Some typical uses of the training services are as follows:
• Training on hardware and/or software. Demonstrating hardware and/or software.
• Use by city personnel who cannot justify their own microcomputer system.
• Use by city personnel who need to learn more about what a microcomputer system
can do.
• Research or evaluate hardware and software. Testing of software prior to making
final purchase decision.
• Testing of communication linkages, networks, and procedures for interacting with
the host computer, departmental systems, other microcomputers, and other facilities
which may become a part of the city's overall data processing and data
communication environments.
• C. Budgetary and Inventory Control
The IS Division assumes budgetary responsibility for hardware, software, operations,
and maintenance for departmental microcomputers and systems. This division also
maintains a departmental inventory of software, applications and other peripherals.
D. Consulting/Technical Support
The IS division provides, as one of its major functions, assistance in micro-based
system development. This assistance takes the form of help and advice, but stops short
of developing, operating, maintaining, or managing the system. Assistance usually
takes the form of:
• Up front assistance with planning to include applications software identification.
• Acquisition advice with regard to hardware and software.
• Vendor identification. Assistance with "Fourth Generation" application
development.
• Tool or other user-friendly tool selection, training, and use.
• Troubleshooting and maintenance requests.
E. Network Control and Operation
• The IS Division is responsible for network operation including design and
configuration and assignment of passwords.
ADMINISTRATIVE ORDER NO. 67 — PAGE 4
• V. HARDWARE:
Significant benefits may be attained from microcomputers being integrated into city
operations. Additionally, if after meeting the user department's microcomputer system
P Y
requirements, each hardware and software component is also capable of interfacing with
other microcomputers as well as with larger mini systems, then the ideal information
management environment can be achieved. Ultimately, if careful attention is given to their
selection, data processing and office automation systems will be capable of sharing data by
using compatible communications systems and protocols.
A. Standard Microcomputer
Recognizing that technological developments in computer design cause changes in
capability and cost of microcomputer, the IS division will maintain an updated list of
approved hardware. All hardware purchases will be based on this "standard system" as
defined by the City Manager.
• Internal hardware upgrades must be reviewed and installed by IS staff. Peripheral
hardware must be reviewed and approved by the City Manager. Microcomputers
other than the standard must be approved by the City Manager.
• B. Maintenance
Maintenance contracts will not be purchased for microcomputers. Maintenance
contracts for peripherals will be considered on a case-by-case basis. All repairs and
technical maintenance will be performed by the IS staff or referred to a local repair
shop by the IS staff. When a microcomputer has been taken off line, a "loaner" from
the IS division will be used until the original equipment can be repaired. Data will be
retrieved from the most recent backup. Regular maintenance is the responsibility of the
individual user in each department. Disk drives, keyboards, and each mouse must be
kept clean and safe from abuse or misuse. Equipment that fails due to lack of
maintenance, misuse, or abuse, will be replaced with used equipment.
VI. SOFTWARE :
A. Software - General
Standard software products are selected to facilitate cross training, user sunnort, data
and experience sharing, and to insure that the city's general needs fos
software services are properly met. Software adopted as standard for the city includes
both operating system and general purpose, user-friendly programs. These include
spreadsheet, graphics, database, and word processing.
•
ADMINISTRATIVE ORDER NO. 67 — PAGE 5
B. Software - Standard
Because new software products are continually being developed and existing programs
are upgraded, the IS division will maintain the list of standard system software.
Software products will be reviewed and tested on a regular basis. The goal of this
process is to identify powerful, user friendly, software that meets user needs and
maintains existing data and format integrity.
C. Copying Software
• The City of Pasco purchases or licenses the use of copies of computer software
from a variety of outside companies. The city does not own the copyright to this
software or its related documentation and, unless authorized by the software
developer, does not have the right to reproduce it for use on more than one
computer.
• With regard to use on local area networks or on multiple machines, City of Pasco
employees shall use the software only in accordance with the license agreement.
• City of Pasco employees learning of any misuse of software or related
documentation within the workplace shall notify the department manager.
• According to the U. S . Copyright Law, illegal reproduction of software can be
• subject to civil damages of as much as $ 100,000 per work copied, and criminal
penalties, including fines and imprisonment. City of Pasco employees who make,
acquire or use unauthorized copies of computer software shall be disciplined as
appropriate under the circumstances. Such discipline may include termination. The
City of Pasco does not condone the illegal duplication of software.
D. Software Integrity
IS must be informed of all software installation and may require installation by IS staff.
A virus-detecting computer will check all software obtained from a non-commercial
source.
All disks that come from a computer other than a city computer are required to be
checked by using virus-detecting software that is available on all city computers. For
example: Diskettes from home computers, another business, a local agency, or any type
of shareware.
VII. DISTRIBUTION GUIDELINES:
A. Hardware & Software Acquisition
Each department may submit a request form for acquisition of hardware, software or
• telephones. All acquisitions must be submitted per Appendix A to the IS division for
technical review.
ADMINISTRATIVE ORDER NO. 67 — PAGE 6
• B. Hardware Distribution
When approved, equipment will be purchased through the IS Capital budget. However,
that department will not necessarily receive a new computer. To further
implementation of the city's automation goals, new computers will be distributed to the
most intensive users. These users will be ranked according to the type of programs they
run and the number of hours per week they work with the microcomputer. Those
employees with the highest ranking will be placed highest on the list for replacement.
Once an employee receives a new computer, they are taken off this "up-date" list. Once
intensive users have all been provided with new computers, emphasis will shift to
providing new microcomputers to the departments that purchased a new system but
received a hand-me-down. The used computer will be transferred to the department
purchasing the new computer. If there is cost differential due to an approved upgrade
from the standard the fund that supports the benefiting department pays the difference.
VIII. DATA ACCESS AND SECURITY:
A. Logical and Data Access Controls
• Except for public users of information resources where such access is authorized,
• or for situations where risk analysis demonstrates no need for individual
accountability of users, each user of a multiple-user information resource shall be
assigned a unique personal identifier or user identification. User identification
shall be authenticated before access is granted.
• A user's access authorization shall be removed when the user's employment is
terminated or the user transfers to a position where access to the information
resource is no longer required.
• Controls shall ensure that users of information resources shall access stored
software or system control data only if they have been authorized to do so.
B. Data and System Integrity
• Controls shall be established to maximize the accuracy and completeness of data.
• For tasks that are susceptible to fraudulent or other unauthorized activity,
departments should ensure adequate separation of functions.
• Test functions shall be kept either physically or logically separate from production
functions. Copies of production data shall not be used for testing
has been desensitized or unless all personnel involved in testing are
authorized access to the data.
• After a new system has been placed in operation, all program changes shall be
approved before implementation to determine whether they have been authorized,
tested, and documented.
•
ADMINISTRATIVE ORDER NO. 67 — PAGE 7
• C. Security Controls
Every employee shall be held responsible for information resource security to the
degree that his or her job requires the use of information resources. Fulfillment of
security responsibilities shall be mandatory, and departments are authorized to enforce
compliance with security responsibilities through disciplinary actions, up to and
including dismissal, civil penalties, or criminal penalties.
The placement of a microcomputer system in a user area and the portability of 1c
equipment and associated data media creates a need for special user concerns, as
follows:
• Microcomputers and related equipment are easily transportable; therefore, users
should insure that all such equipment is located in a secure area and that the
opportunities for theft are minimized.
• Caution should be exercised that only authorized personnel have access to the
microcomputer system and that only legitimate city business is processed
thereon.
• User department data files should be safeguarded from unauthorized access;
control procedures for data input and modification should be implemented in
the user department to insure data integrity. Data files of questionable accuracy
. can seriously impair the ability to exercise proper business judgments or make
informed, reliable decisions.
• Because large amounts of data can be stored on portable media which can be
removed from the premises without being noticed, it is important that
operational data handling procedures be in place. It is imperative that
confidential data be carefully controlled and safeguarded.
IX. ELECTRONIC COMMUNICATIONS, INTERNET AND E-MAIL USE :
With the widespread use of the Internet and E-mail as an information exchange media,
employees are able to access data that exists on the World Wide Web and elsewhere.
Along with this access comes the potential for abuse. The intention of this policy is to
outline issues regarding access, and to set out the rules to be followed for Internet access
and E-mail usage. Since many of the concerns surrounding internet access and E-mail
usage are the same this policy shall refer to both internet and E-mail as "electronic
communication" where both are included.
A. Internet Access Approval
Access to the Internet should be approved by the appropriate Department Head after
consultation with the Information Services Division Manager.
•
ADMINISTRATIVE ORDER NO. 67 — PAGE 8
• B. Access Monitoring
It is the responsibility of the Department Head to monitor and audit use of electronic
communications within the department. Much like the city telephone system, there is
the potential for employee abuse of the system. Information Services will monitor and
record use of electronic communications and provide the Department Head with
information that can be used to track use of electronic communications as needed.
C. Responses to Requests for Information
E-mail inquiries from the public must be treated similar to inquiries received via a
letter, phone call or a personal visit. A reply to the E-mail sender acknowledging
receipt of the message and an approximate reply time frame would be appropriate.
D. Privacy
An employee's rights while using electronic communications by use of city property
do not include the right to privacy. The city reserves the express right to monitor, in
any way, the activities of the employee while using electronic communications.
Violations of city policy regarding electronic communication use may result in
•
disciplinary action up to and including dismissal. Court cases have upheld an
employer's right to monitor and discipline employees based upon electronic activities
which are prohibited by the employer' s policy.
E. Prohibited Uses of the Internet and E-mail
• Commercial use: Any form of personal or non-city commercial use of electronic
communication is prohibited on city equipment.
• Copyright violations: Any use of electronic communication that violates copyright
laws is prohibited.
• Solicitation: the purchase or sale of personal items through advertising via
electronic communication is prohibited on city equipment.
• Harassment: The use of electronic communication to harass employees, vendors,
customers, or others is prohibited. Harassment includes messages or derogatory
comments based on race, sex, religion, or creed.
• Political: The use of electronic communications for political purposes is prohibited
on city equipment.
• Aliases: The use of aliases while using electronic communication i^ _^ th
Anonymous messages are not to be sent. Also, the misrepresentation ul an
employee's job title, job description, or position in the city is prohibited.
• Misinformation/Confidential Information: The release of untrue, distorted, or
confidential information regarding city business is prohibited.
• • Viewing/Downloading of Non-Business Related Information: The accessing,
viewing, downloading, or any other method for retrieving non-city-related
information is prohibited. This includes, but is not limited to, entertainment sites or
pornographic sites.
ADMINISTRATIVE ORDER NO. 67 — PAGE 9
• It is the Department Head's responsibility to ensure that employees do not engage in
prohibited activities while using electronic communication on city equipment.
Violations of discrimination laws can lead to criminal prosecution.
F. Security
• Downloading Files: Files are not to be downloaded from the Intemet without
express consent by the Department Head. The possibility of downloading a file
with a computer virus is great and care must be taken not to contaminate any
computers in the city. Files downloaded from the Internet, or any other outside
service, must be scanned by a virus checking software prior to being used on a city
computer. Department Heads can contact Information Services for options
available for virus checking of downloaded files.
• Uploading Files: Files are not to be uploaded to the Internet without express
consent by the Department Head. Files uploaded to the Internet have the possibility
of being intercepted by others and used against the city's interest.
Employees should keep personal log-ons and passwords confidential as instructed by
Information Services. Failure to adhere to this policy jeopardizes network security and
puts users at the risk of potential misuse of the system by other individuals. Internet
users may be held responsible for all actions taken using their personal access
passwords.
G. Electronic Records
Electronic records, including E-mail messages, are public records subject to
Washington State's Public Disclosure Act (ch. 42. 17 RCW).
E-mail is not a public records storage system, and generally public record information
should be retained on E-mail only as long as it is being worked on or distributed, as
outlined in the Local Government General Records Retention Schedule and Records
Management Manual by the Washington State Archives.
According to the State of Washington's "General Records Retention Schedules for
Local Government Agencies," E-mail with no retention value, such as appointment
messages and copies of documents that do not relate directly to the functional
responsibility of the agency or office that receives them, should be dam' r ' - el
possible after the information has been received and examined. For
constitutes a public record, a printout should be filed with the approp, iaie
series, and then the message should be deleted. E-mail public records include official
correspondence, original reports, original policy and procedure directives, official
minutes, official documentation related to legal issues or audit issues, and original
messages documenting agency actions and responsibilities.
•
ADMINISTRATIVE ORDER NO. 67 — PAGE 10
There are also legal issues related to E-mail communications. In general, E-mail is
subject to discovery in litigation, and even deleted E-mail is not necessarily removed
from the system. E-mail is not recommended as an appropriate form of
communication with legal counsel when seeking legal advice or transmitting
information related to litigation or disputes that may result in litigation.
H. User Agreement
All employees with electronic communications access will be required to sign the
City's Electronic Communication Usage Agreement as attached to this policy.
•
•
ADMINISTRATIVE ORDER NO. 67 — PAGE 11
•
Attachment "A"
ELECTRONIC COMMUNICATIONS USAGE AGREEMENT
This is to acknowledge that I have read and understand the City of Pasco 's Electronic
Communications Policy. I understand that failure to follow the provisions of the policies and
procedures could lead to the loss of my computer system privilege and/or disciplinary action.
By signing below, I agree to abide by this city policy.
Employee Name (please print)
Title
Signature
Date
• THIS DOCUMENT WILL BE PLACED IN YOUR PERSONNEL FILE
•
ADMINISTRATIVE ORDER NO. 67 — PAGE 12
APPENDIX A
REQUEST FOR MICRO=COMPUTER, SOFTWARE & TELEPHONE
OPARTMENT DATE
DIVISION POSITION
To justify purchase of computer hardware, software or phones, each department must identify the
user, the types of software applications to be used on each machine and the expected increase in
employee productivity or reduced demand for additional staff. Please address each of the
following questions in as much detail as possible:
Is this request for? _Hardware _Software _Hardware & Software _Upgrade of
Hardware _Upgrade of Software _Fax/Modem Line _Telephone _Telephone Line
Questions for Phone equipment:
Street address and descriptive location of the phone or phone lines:
Reason for new service:
Number of lines or phones required :
Questions for hardware/software :
Item(s) requested :
. What department operational task(s) will be made more efficient by the requested item?
2 Please describe what types of software will be used to perform each task listed above:
Spreadsheet, word processor, database, graphics programs or describe what you want the
computer to do.
3 How often is each task performed? (hours/day, daily, monthly, quarterly, annually)
4 What are the steps taken to perform each task presently?
5 What position(s) perform each task? If different from the one listed above.
6 Is there a need for additional staff to computerize this application?
7 Are there any unique personnel, hardware, software or security requirements for this activity?
8 What is the estimated productivity improvements (hours, days) from ei ` E~ ` ^
9 Are you aware of any software programs that will meet your needs? Are there other programs
that can perform this task?
10 Does your department have the hardware necessary to run the proposed software?