The URL can be used to link to this page

Home My WebLink AboutN-800 - Microcomputer & Software PoliciesCITY OF PASCO ADMINISTRATIVE ORDERS Administrative Order No. 800 Information Services Subject: Microcomputer &Software Policies Initial Effective Date: March 1, 2000 Revised 4/2 4 Approved This Administrative Order is effective April 21, 2014 and supersedes Administrative Order No. 67 dated 3/1/00. I. PURPOSE: This Administrative Order is issued to cost - effectively introduce automation into the department environment. • Define the scope of need/use of automation, particularly microcomputers. • Minimize the training cost associated with automation start-up and new employees. • Optimize relevant information sharing, such as database format, forms and hardware. • Optimize information and data handling and minimize software expenditure by networking compatible systems. • Minimize reliance on central computer and Information Services (IS) staff. • Maintain an updated plan to guide departments in goals, policies, and procedures. II. DEPARTMENTS AFFECTED: All III. ATTACHMENTS: Attachment 1 - Technology Request/Review Form IV. GENERAL GUIDELINES: A. Approval Criteria The microcomputer is recognized by the City of Pasco as an effective productivity tool and is promoted within the department environment. To receive authorization to purchase equipment hardware and software, request forms (see Attachment 1 Technology Request/Review Form) must be completed and submitted to the IS division. Criteria for technical review of microcomputer requests have been developed to address the Automation Goals. The IS division will review these request forms using these criteria and submit a report to the City Manager. The City Manager will authorize all microcomputer acquisitions. These criteria are outlined below: • Hardware /Software compatibility. • Hardware acquisition is driven by software application and productivity improvement. • There should be one or more applications identified. Specific productivity improvements should be both identifiable and quantifiable. Microcomputers will not be purchased against the promise of unspecified benefits. • The application needs should be capable of being met through the use of a pre - packaged application or user- fiiendly software. If possible, the specific software to be used in implementing the application should have been identified. Any original programming effort required should be extremely limited. • Any additional personnel, software, or security requirements should be identified and justified before the microcomputer proposal is requested. • Applications requiring massive data entry, data storage, or data processing operations, are not normally considered appropriate for microcomputers. These applications should be carefully evaluated with the IS division, since it may be that some other form of processing support would better serve the user department needs. B. Restrictions The flexibility and portability of microcomputers creates a special environment in which certain restrictions should be observed. These include the following: • Offsite Use: since microcomputers are purchased for specific business needs, they should not be transported from their approved business location. This restriction is applicable to data, data media, programs and documentation, as well as equipment. A portable microcomputer can be checked out by exempt employees from the IS division, following approval by division manager. • Development Software Ownership: any software or application developed on a city-owned microcomputer is the property of the city and shall not be sold or given to anyone without written consent of the City Manager. Any willful destruction or damage to city data or files shall be subject to disciplinary action or criminal prosecution. • Copyright Protection: the city is treated the same as any other purchaser of software and is subject to the provisions of the copyright laws. These laws are normally contained in equipment and software manuals and must be adhered to. As a practical matter, these laws generally prohibit the copying of programs for use on microcomputers other than the one for which they are purchased (see Section VIII.C). • IS Support: IS division is not obligated to provide assistance or support for "non- standard" equipment and software. Administrative Order No. 800 — Microcomputer & Software Policies Page 2 V. USER DEPARTMENTAL RESPONSIBILITIES: While functions have been established in the IS division for microcomputer consulting, training, and technical support, the justification, operation, maintenance, and management of microcomputers falls under the responsibility of the user department. These and other responsibilities for the user departments are provided below. A. Application Software Selection Within the guidelines established, select the application software to meet the identified business requirements, and justify the software desired. B. Business Needs Identification Identify the business system needs requiring computerization and justify the hardware desired. All significant changes to existing hardware or software systems must also be justified. The Information Systems Division may require written requests for systems acquisition or alterations which require significant resources to implement. C. Applications Systems Documentation Prepare and maintain appropriate application documentation, for applications including documentation on security and backup procedures. D. Microsystem Operation Responsible for the total operation of microcomputers, networks, and peripheral equipment. E. Local Security Program Administration Within the guidelines established, implement an operational, data, and personnel security program (for further information, see Section X of this executive order). F. Problem Reporting Establish a help environment where employees do not abandon or damage the system, but rather one where they routinely report problems to the IS. G. Personnel Training Provide time for training key personnel and assure that basic training on the equipment and software is available and that provisions for continuity and backup are made. H. Microsystem Maintenance Responsible for maintenance activity that will avert disruptions/breakdown such as cleaning of keyboards and printers, securing diskettes, and routine backups. Administrative Order No. 800 — Microcomputer & Software Policies Page 3 VI. INFORMATION SYSTEM DIVISION RESPONSIBILITIES: A. General Functions The IS division user will assist department personnel to become familiar with the changing aspects of microcomputers in their day -to -day operations. The Division has four principal functions: 1) user support and training; 2) budgetary and inventory control; 3) consulting and technical support; 4) network control and operations. B. User Support and Training Function This function offers training in "standard" hardware and software operations as well as access to a microcomputer by users who either cannot justify a microcomputer system or are undecided about requesting one of their own. For the occasional user, this is a convenient way to gain access to and familiarity with a microcomputer. No justification or cost is involved and users are encouraged to use this facility. Some typical uses of the training services are as follows: • Training on hardware and/or software. Demonstrating hardware and/or software. • Use by city personnel who cannot justify their own microcomputer system. • Use by city personnel who need to learn more about what a microcomputer system can do. • Research or evaluate hardware and software. Testing of software prior to making final purchase decision. • Testing of communication linkages, networks, and procedures for interacting with the host computer, departmental systems, other microcomputers, and other facilities which may become a part of the city's overall data processing and data communication environments. C. Budgetary and Inventory Control The IS Division assumes budgetary responsibility for hardware, software, operations, and maintenance for departmental microcomputers and systems. This division also maintains a departmental inventory of software, applications and other peripherals. D. Consulting/Technical Support The IS division provides, as one of its major functions, assistance in micro -based system development. This assistance takes the form of help and advice, but stops short of developing, operating, maintaining, or managing the system. Assistance usually takes the form of • Up front assistance with planning to include applications software identification. • Acquisition advice with regard to hardware and software. • Vendor identification. Assistance with "Fourth Generation" application development. • Tool or other user - friendly tool selection, training, and use. • Troubleshooting and maintenance requests. Administrative Order No. 800 — Microcomputer & Software Policies Page 4 E. Network Control and Operation The IS Division is responsible for network operation including design and configuration and assignment of passwords. VII. HARDWARE: Significant benefits may be attained from microcomputers being integrated into city operations. Additionally, if after meeting the user department's microcomputer system requirements, each hardware and software component is also capable of interfacing with other microcomputers as well as with larger mini systems, then the ideal information management environment can be achieved. Ultimately, if careful attention is given to their selection, data processing and office automation systems will be capable of sharing data by using compatible communications systems and protocols. A. Standard Microcomputer Recognizing that technological developments in computer design cause changes in capability and cost of microcomputer, the IS division will maintain an updated list of approved hardware. All hardware purchases will be based on this "standard system" as defined by the City Manager. • Internal hardware upgrades must be reviewed and installed by IS staff. Peripheral hardware must be reviewed and approved by the City Manager. Microcomputers other than the standard must be approved by the City Manager. B. Maintenance Maintenance contracts will not be purchased for microcomputers. Maintenance contracts for peripherals will be considered on a case -by -case basis. All repairs and technical maintenance will be performed by the IS staff or referred to a local repair shop by the IS staff. When a microcomputer has been taken off line, a "loaner" from the IS division will be used until the original equipment can be repaired. Data will be retrieved from the most recent backup. Regular maintenance is the responsibility of the individual user in each department. Disk drives, keyboards, and each mouse must be kept clean and safe from abuse or misuse. Equipment that fails due to lack of maintenance, misuse, or abuse, will be replaced with used equipment. VIII. SOFTWARE: A. Software -General Standard software products are selected to facilitate cross training, user support, data and experience sharing, and to insure that the city's general needs for microcomputer software services are properly met. Software adopted as standard for the city includes both operating system and general purpose, user - friendly programs. These include spreadsheet, graphics, database, and word processing. Administrative Order No. 800 — Microcomputer & Software Policies Page 5 16.110 B. Software - Standard Because new software products are continually being developed and existing programs are upgraded, the IS division will maintain the list of standard system software. Software products will be reviewed and tested on a regular basis. The goal of this process is to identify powerful, user friendly, software that meets user needs and maintains existing data and format integrity. C. Copying Software • The City of Pasco purchases or licenses the use of copies of computer software from a variety of outside companies. The city does not own the copyright to this software or its related documentation and, unless authorized by the software developer, does not have the right to reproduce it for use on more than one computer. • With regard to use on local area networks or on multiple machines, City of Pasco employees shall use the software only in accordance with the license agreement. • City of Pasco employees learning of any misuse of software or related documentation within the workplace shall notify the department manager. • According to the U. S. Copyright Law, illegal reproduction of software can be subject to civil damages of as much as $100,000 per work copied, and criminal penalties, including fines and imprisonment. City of Pasco employees who make, acquire or use unauthorized copies of computer software shall be disciplined as appropriate under the circumstances. Such discipline may include termination. The City of Pasco does not condone the illegal duplication of software. D. Software Integrity IS must be informed of all software installation and may require installation by IS staff. A virus- detecting computer will check all software obtained from a non - commercial source. All disks that come from a computer other than a city computer are required to be checked by using virus- detecting software that is available on all city computers. For example: diskettes from home computers, another business, a local agency, or any type of shareware. DISTRIBUTION A. Hardware & Software Acquisition Each department may submit a request form for acquisition of hardware, software or telephones. All acquisitions must be submitted per Appendix A to the IS division for technical review. B. Hardware Distribution When approved, equipment will be purchased through the IS Capital budget. However, that department will not necessarily receive a new computer. To further implementation of the city's automation goals, new computers will be distributed to the most intensive users. These users will be ranked according to the type of programs they run and the number of hours per week they work with the microcomputer. Those employees with the highest ranking will be placed highest on Administrative Order No. 800 — Microcomputer & Software Policies Page 6 the list for replacement. Once an employee receives a new computer, they are taken off this "up- date" list. Once intensive users have all been provided with new computers, emphasis will shift to providing new microcomputers to the departments that purchased a new system but received a hand -me -down. The used computer will be transferred to the department purchasing the new computer. If there is cost differential due to an approved upgrade from the standard the fund that supports the benefiting department pays the difference. X. DATA ACCESS AND SECURITY: A. Logical and Data Access Controls • Except for public users of information resources where such access is authorized, or for situations where risk analysis demonstrates no need for individual accountability of users, each user of a multiple -user information resource shall be assigned a unique personal identifier or user identification. User identification shall be authenticated before access is granted. • A user's access authorization shall be removed when the user's employment is terminated or the user transfers to a position where access to the information resource is no longer required. • Controls shall ensure that users of information resources shall access stored software or system control data only if they have been authorized to do so. B. Data and System Integrity • Controls shall be established to maximize the accuracy and completeness of data. • For tasks that are susceptible to fraudulent or other unauthorized activity, departments should ensure adequate separation of functions. • Test functions shall be kept either physically or logically separate from production functions. Copies of production data shall not be used for testing unless the data has been desensitized or unless all personnel involved in testing are otherwise authorized access to the data. • After a new system has been placed in operation, all program changes shall be approved before implementation to determine whether they have been authorized, tested, and documented. C. Security Controls Every employee shall be held responsible for information resource security to the degree that his or her job requires the use of information resources. Fulfillment of security responsibilities shall be mandatory, and departments are authorized to enforce compliance with security responsibilities through disciplinary actions, up to and including dismissal, civil penalties, or criminal penalties. The placement of a microcomputer system in a user area and the portability of the equipment and associated data media creates a need for special user concerns, as follows: • Microcomputers and related equipment are easily transportable; therefore, users should insure that all such equipment is located in a secure area and that the opportunities for theft are minimized. Administrative Order No. 800 — Microcomputer & Software Policies Page 7 • Caution should be exercised that only authorized personnel have access to the microcomputer system and that only legitimate city business is processed thereon. • User department data files should be safeguarded from unauthorized access; control procedures for data input and modification should be implemented in the user department to insure data integrity. Data files of questionable accuracy can seriously impair the ability to exercise proper business judgments or make informed, reliable decisions. • Because large amounts of data can be stored on portable media which can be removed from the premises without being noticed, it is important that operational data handling procedures be in place. It is imperative that confidential data be carefully controlled and safeguarded. Administrative Order No. 800 — Microcomputer & Software Policies Page 8 City of Pasco Technology Request/Review Form Requested By: Manager Approval: Reviewed By IS: Department/Division: Director Approval: Add to IS or Department Budget: ATTACHMENT Requested Item Cost: Implementation Costs: Annual Costs: This form must be used to request or review the budget/purchase of items requiring any technology support. This includes direct technology and "indirect" technology purchases. Direct technology purchases would include computers, monitors, printers, copiers, software, and phones. "Indirect" technology purchases would include any item that requires the use of or needs, IS support or implementation, computer or server installation, network connectivity, phone service, user accounts, or remote vendor access. Requestors should minimally complete the first page of this form. Information Services will help complete page two if necessary. Please send requests /reviews to Jesse, in Information Services, no later than . This will allow time for Information Services to review the requests and work with departments so items can be included in the budget. Please attach any additional information, such as models, brands, or prices. If you have any questions please contact Jesse Rice, 545 -3417. Managers and Directors must acknowledge /approve all requests. The City Manager reviews all requested items for final inclusion in the budget. Position/Person item requested for: _ Computer (additional laptop or desktop; new function, new position) _ Printer (b &w, color, multifunction, large format) _ Copier (new, replacement, features needed) Hardware (scanner, DVD writer, monitor, external storage, anything requiring network connectivity) _ Software Application (Adobe, AutoCad, Photoshop) Phone (new position, new location, new building) Details of Requested Item: (may attach on separate sheet) Justification for Requested Item: (may attach on separate sheet) Attachment 1— "Microcomputer & Software Policies Page 1 ATTACHMENT Computer Requirements (Will the item use an existing computer or is a dedicated computer required ?) Server Requirements [Does the item need to run or store data on a server? Can it share space on an existing server (if available), or does it require dedicated server(s)? ] Software Licensing (Additional users, computers, or servers require adding additional licensing for operating systems, office products, antivirus, email accounts, spam protection.) Network Connectivity [Is sufficient cabling (both onsite and offsite) and network switch port space available.] Network Access/Bandwidth (Does the item require additional network access speed, or will it affect current processes. Does it require internet connectivity or public access ?) Storage Capacity and Backups (How much data will be created and stored. How often and how long will data need to be backed up to tape or disk ?) Records Retention (Will the new item collect/store /process data that is required to meet the Washington State Record Retention Laws, including search, retrieval, metadata, backups, and future capability.) Attachment 1— "Microcomputer & Software Policies Page 2 ATTACHMENT Department Staffing (Will the department's existing staff be able to implement, maintain, and support the item at a "user" level? This includes resolving "user" based issues with the vendor tech support?) IS Staffing (Does the existing IS staff have the time, ability, or expertise to support and implement the new item.) Training (Does the new item require department or IS staff training? Is it included, does it require annual training, onsite, offsite, remote? Is it budgeted? Will existing department staff train new users ?) Annual Maintenance /Tech Support/Vendor Access Requirements Attachment 1- "Microcomputer <& Software Policies Page 3