City of Brentwood
Home PageContact Us!Back

City Administration

2010 Council Goals and Strategic Plan | City Council Members | Calendar of Events | Elections
eNotification | Sub-Committees| Pledge of Allegiance Sign Ups | Invocation Sign Up
Live Streaming Council Meeting | Streaming PC Help |
Streaming Mac Help |

Current Council Agenda and Past Meeting Information

CITY COUNCIL AGENDA ITEM NO. 17

Meeting Date: August 26, 2008

Subject/Title: Adopt a Resolution amending City Council/Administrative Policy No. 10-10 Policy and Procedures for City Information Systems and Communications.

Prepared by: Yun Cho, Chief Information Systems Officer

Submitted by: Pamela Ehler, Director of Finance and Information Systems

RECOMMENDATION
Adopt a Resolution amending City Council/Administrative Policy No. 10-10 Policy and Procedures for City Information Systems and Communications.

PREVIOUS ACTION
On January 13, 2004, by Resolution No. 2004-05, City Council adopted Policy No. 10-10 Policy and Procedures for City Information Systems.

On October 26, 2004, by Resolution No. 2004-249, City Council amended Policy No. 10-10 Policy and Procedures for City Information Systems to electronically delete e-mail on the thirtieth (30th) day after receipt due to electronic storage capacity, records management issues, and changes in the Public Records Act.

On July 24, 2007, Resolution No. 2007-164, City Council amended Policy No. 10-10 Policy and Procedures for City Information Systems to remove wallpaper and logo attachments.

BACKGROUND
The Information Systems Communication Policy and Procedures sets forth the City’s policy for the use of electronic devices and systems. The policy was modified to clarify the policy terminology, to update outdated information and to ensure the integrity and security of the City’s electronic systems and devices. All changes to the policy are in line with the Strategic Technology Master Plan. In an effort to remain up-to-date with technology issues, adherence of Information Technology best practices, as well as incorporating the recommendations of the City’s external auditors, the Communication Policy has been amended in the following areas:

• Language has been added stating that users of City provided electronic systems and devices shall have no reasonable expectation of privacy for text messaging on any City provided electronic system or device.

• The City holds all copyrights to software and electronic written documentation created by employees in the course and scope of their employment.

• Users are prohibited from printing labels on adhesive-backed paper on laser printers in order to prevent damaging laser printers.


• Only Information Systems staff shall be allowed to install or modify City owned computer hardware.

• Only Information Systems staff shall install software on a City-owned computer in order to minimize security vulnerability and verify software compatibility.

• Maintain software interoperability by requiring utilization of the Software Request Purchase Form to ensure that software purchases are approved by the Chief Information Systems Officer or designee prior to purchase. This is consistent with the Strategic Technology Master Plan.

• All employees must create a "strong password”, which consists of alpha, numeric, and special characters. The system will force the password to be changed every six months.

• The maximum resolution when scanning documents or photos should be no higher than 300 DPI to keep the scanned files to a reasonable size,

• Information Systems staff will annually review users’ access rights on the first quarter of the calendar year to ensure users has the proper security level.

• The Communication Policy added a media destruction section to adhere to Information Technology best practices.

In order to facilitate your review, changes to the Policy have been displayed in red.

FISCAL IMPACT
None

Attachments:
Resolution
Amended Policy and Procedures for City Information Systems and Communications

RESOLUTION NO.

A RESOLUTION OF THE CITY COUNCIL OF THE CITY OF BRENTWOOD AMENDING CITY COUNCIL/ADMINISTRATIVE POLICY NO. 10-10 POLICY AND PROCEDURES FOR CITY INFORMATION SYSTEMS AND COMMUNICATIONS.

WHEREAS, the Information Systems Communication Policy and Procedures needs to be updated to ensure integrity and security, to be up-to-date with technology issues, adhere to Information Technology best practices and to implement the recommendations of the City’s external auditors; and

WHEREAS, the updated policy provides that employees shall have no reasonable expectation of privacy for text messaging on any City provided electronic system or device; and

WHEREAS, the updated policy provides that the City holds all copyrights to software and electronic written documentation created by employees in the course and scope of their employment; and

WHEREAS, the updated policy prohibits using laser printing on adhesive-backed labels; and

WHEREAS, to maintain the integrity of computers the updated policy provides that only the Information Systems staff may install or modify City-owned computer hardware; and

WHEREAS, for better software maintenance, only the Information Systems staff shall install software on a City-owned computer; and

WHEREAS, per the Strategic Technology Master Plan, maintain software interoperability the policy requires utilizing the Software Request Purchase Form for new software for the City; and

WHEREAS, at the recommendation of the City Auditor, all employees must create a “strong password”; and

WHEREAS, scanned documents or photos can create a large files therefore to keep the scanned files to a reasonable size, the maximum resolutions should be no higher than 300 DPI; and

WHEREAS, Information Systems staff will annually review users’ access rights on the first quarter of the calendar year; and

WHEREAS, a Media destruction section was added; and

WHEREAS, updates are necessary to maintain the integrity of the communication and computer systems.

NOW, THEREFORE BE IT RESOLVED by the City Council of the City of Brentwood that the City Council/Administrative Policy No. 10-10 Policy and Procedures for City Information Systems and Communications is hereby amended as shown in the attached updated policy.

PASSED, APPROVED AND ADOPTED by the Council of the City of Brentwood at a regular meeting held on the 26th day of August 2008 by the following vote:


1. PURPOSE

The City of Brentwood, (hereinafter “City”), is committed to providing employees with the business tools necessary in order to enhance efficiency in job performance and best serve the citizens of Brentwood.

This policy sets forth the City’s policy with respect to the use of electronic systems and devices including, but not limited to, cellular telephones, smart phones, computers, electronic mail (e-mail), intranet (internal City websites), mobile messaging systems, telephonic voice mail, Internet access, fax systems, Personal Digital Assistants (PDAs), Geographic Positioning System (GPS), event data recording (EDR) devices on vehicles and other electronic communications systems provided by the City of Brentwood (“electronic systems and devices”). Furthermore, this policy is intended to supplement other City personnel policies that govern rules of conduct and performance in the workplace.

2. GENERAL POLICY

2.1 Applicability

The provisions of this policy apply to all users employees of the City of Brentwood including, but not limited to, Council members, Board and Commission members, full-time, part-time and temporary employees, as well as volunteers, interns, agents and vendors (“users”).

2.2 General Provision

With the rapidly changing nature of electronic media and the etiquette which is developing among users of external on-line services and the Internet, this policy will not cover every situation. It does, instead, express the City’s philosophy and sets forth general principles to be applied to the use of electronic systems and devices cellular telephones, computers, e-mail, intranet (internal web based communication systems), mobile messaging systems, telephonic voice mail, Internet access, fax systems, PDAs and other electronic communications systems provided by the City of Brentwood.

As a general rule, users must comply with Federal and State laws and City Policies and the terms of applicable contracts, including software licenses, while using City Electronic resources. Examples of applicable laws, rules and policies include, but are not limited to, privacy, copyright, trademark, obscenity, the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act, which prohibit “hacking”, “cracking” and similar activities and the City of Brentwood Code of Conduct.

Access to networks and computer systems owned by the City imposes certain responsibilities and obligations on users and is granted subject to City policies. Appropriate use should always be legal, ethical, reflect honesty, reflect community standards, and show restraint in the consumption of shared resources. It should demonstrate respect for individual property, ownership of data, system security mechanisms; an individual’s right to privacy, and the freedom from intimidation, discrimination, harassment, and unwarranted annoyance. Appropriate use of computing and networking resources includes, but is not limited to, education, independent study, authorized research, communications and other official work of the City organization.

2.3 Authorized users are those who have been given specific permission to use a particular computing, communication or network resource owned or operated by the City. This document establishes rules and prohibitions that define acceptable use of these systems.

2.4 Expectation of Privacy

The City Information and communication Electronic systems and devices network is provided by the City to individual users employees based on Department Director authorization, and is are considered City property. All City employee communications including, but not limited to, transactions on use of the Internet from City computers including and/or cell and smart phone activities such as text messaging, e-mail, contact lists, task lists, GPS tracking logs - are considered public information and records of these transactions can be requested by anyone at any time, subject to certain Public Records Act exceptions and attorney-client privilege material. In that regard, the Internet all electronic systems and devices may be monitored for legitimate reasons. Therefore, users employees using the Internet any City-provided electronic systems and devices shall have no reasonable expectation of privacy when using this system the electronic systems and devices.
Messages that are transmitted via the Internet can be intercepted by anyone and the information contained in the message can be used for any purpose by anyone retrieving the message. Access to the web browser is being logged and these files can be subject to review.
Users should also be aware that their uses of City electronic systems and devices computing resources are not completely private. While the City does not routinely Information Systems staff will monitor individual usage of its computing resources. The normal operation and maintenance of the City’s computing resources require the backup and caching of data and communications, the logging of activity, the monitoring of general usage patterns and other such activities that are necessary for the rendition of service. The City may also specifically monitor the activity and accounts of individual users including, but not limited to, individual login sessions and the content of individual communications without notice when any one of the following occurs:
2.4.1 Approval has been received by the Department Director and/or City Manager. Information Systems staff will not review any activity unless directed by the appropriate individual(s).
2.4.2 It reasonably appears necessary to do so to protect the integrity, security or functionality of the City or other computing resources or to protect the City from liability;
2.4.3 There is reasonable cause to believe that the user has violated or is violating this policy;
2.4.4 An account appears to be engaged in unusual or unusually excessive activity;
2.4.5 It is otherwise required or permitted by law.

Since there is no expectation of privacy, no employees will not shall use any passwords or other means to prevent the monitoring process of their computer by the City Department Directors, supervisors, etc. In the event that the nature of an employees’ work requires use of a password, the employee will coordinate with their supervisor. For security reasons only, password control and other means may be used by an employee to secure a computer or computer data with written permission from the Department Director. The written permission shall contain the password or code necessary to unlock the computer or its data if deemed necessary by the Department Director.

2.5 Ownership, Copyrights, Accountability and User Responsibilities

Electronic systems and devices E-mail, fax, telephonic voice mail, cellular phones, internal City websites, Internet access and other electronic communications systems are provided only for the purpose of conducting City business. All electronic communications of any sort or type generated by employees with City equipment or stored on City equipment are the property of the City of Brentwood and, therefore, are not considered private. Upon termination of employment, no employee shall remove any software or data from City-owned computers and all City electronic systems and devices shall be returned to the City.

The City recognizes that there may be incidental occasional personal use of cellular telephones, e-mail, or voice mail or text messages, but these messages will be treated the same as other work related messages. There shall be no expectation of privacy and the City reserves the right to access and disclose as necessary all messages sent over its electronic systems and devices including, but not limited to, e-mail, or voice mail or cell phone messaging system, without regards to content. Since personal messages can be accessed by the City management without prior notice, employees should not use City electronic systems and devices including, but not limited to, e-mail, or voice mail or text messaging to transmit any messages that the employee would not want read, or listened to, by a third party.

For example, the employee should not use the City’s Internet, e-mail, or telephonic voice mail, text messaging, or any City owned communications systems for gossip, including personal information about the employee or others, for forwarding messages under circumstances likely to embarrass the sender, or for emotional responses to business correspondence or work situations.

In any event, the employee Users should not use these City electronic systems and devices for such purposes as soliciting or proselytizing for commercial ventures, political, religious or personal causes or outside organizations, viewing or sending sexually explicit information, or other non-job-related situations. If the City discovers that you are a user is misusing City electronic systems and devices the Internet, e-mail system, telephonic or telephonic voice mail systems, he or she you will be subject to disciplinary action up to and including termination.

All software programs, computer files, and other documents created by users City employees on City computers or other electronic systems are the property of the City and therefore exclusively owned by the City. The City holds all copyrights to software and electronic written documentation created by employees in the course and scope of their employment.

2.6 User Responsibilities All users have the following responsibilities:

2.6.1 Report Unauthorized Access. Report any discovered unauthorized access attempts or other improper usage of City electronic systems and devices computers, networks, or other information processing equipment. If a user observes or receives a report of a security or abuse problem with any City computer or network facilities, including violations of this policy, the user must take immediate steps as necessary to ensure the safety and well-being of information resources;. At a minimum, the users shall advise the Department Director, and the Chief Information Systems Officer and their supervisor.

2.6.2 Privacy. Routine computer behavior is for system users to respect the rights of individual privacy for all, including but not limited to, files of personal information and programs, no matter on what medium they are stored or transmitted. No user should look at, copy, alter, or destroy anyone else’s personal files without explicit permission (unless authorized or required to do so by law or regulation). Simply being able to access a file or other information does not imply permission to do so.

2.6.3 Ethical Behavior. To behave ethically, and comply with all legal restrictions regarding the use of information that is the property of others. No material or verbiage should be put into the City’s information technology systems that could not be displayed in an open public forum, with the exception of City sanctioned confidential material.

2.6.4 Information Integrity. To be aware of the potential for and possible effects of manipulating information, especially in electronic form, and to verify the integrity and completeness of information that is compiled or used.


2.6.5 Security and Backups. Due to the need to maintain appropriate backup of all City data, City data should NOT be stored on personal hard drives. All City data is required to be stored on the network drives and will be backed up by the Information Systems Division. Data stored on personal hard drives will not undergo proper and mandatory backup and therefore may be lost.

2.6.6 Outside Networks. Many of the City computing systems provide access to outside networks, both public and private, which furnish such services as electronic mail, information services, bulletin boards and conferences, etc. Users are advised that they may encounter material that may be considered offensive or objectionable in nature or content. Users are further advised that the City does not assume responsibility for the contents of any of these outside networks or services. The user agrees to comply with the acceptable use guidelines for whichever outside networks or services they may access through City systems.

2.6.7 Investigative Activities. If a user is contacted by a representative from an external organization law enforcement organization (e.g. District Attorney’s Office or the FBI, etc.) who is conducting an investigation of an alleged violation involving City computing and networking resources, the user must refer the requesting agency to their Department Director who will contact the City Attorney for guidance regarding the appropriate actions to be taken. The Department Director will simultaneously inform the City Clerk and City Manager. .

2.7 Prohibited Uses

2.7.1 Installing programs on the City's computer systems (including virus checking, screen savers and Internet downloads) without prior written consent of the Chief Information Systems Officer or designee;

2.7.2 Unauthorized copy of City software programs for personal use. No employee shall install Installing pirated, personal or non-licensed software on City electronic systems and devices City-owned or leased PCs, laptops, or PDAs, or violate violation of any copyright or license to software, information (including, but not limited to, text, images, icons and programs, etc.) whether created by the City or any other person or entity;

2.7.3 Use of another employee’s password to attempt to gain access to that employee’s computer, electronic mail (e-mail), intranet (internal City website), mobile messaging, telephonic voice mail, Internet access or other electronic communication systems or electronic systems and devices, without prior consent of their immediate Department Director, Supervisor and or Chief Information Systems Officer;

2.7.4 Connecting Connect computers (including laptops and personal computers) not owned or leased by the City to the City's information systems network without the prior written consent of the Chief Information Systems Officer. Further, any and all personal equipment connected to the City system, i.e., locally or via VPN is subject to being audited at the discretion of the City;

2.7.5 Disclose access codes, log-on or passwords or otherwise make the City electronic resources available to persons not authorized to have such access;

2.7.6 The use of City electronic systems and devices computer resources for private business or commercial activities;

2.7.7 Misrepresentation (including forgery) of the identity of the sender or source of an electronic communication;

2.7.8 Violation of any federal, state or local laws in the use of City electronic systems and devices information systems;

2.7.9 Infringe on others' access and use of the City's information systems, including, but not limited to:

2.7.9.1 Sending of excessive messages, either locally or off-site;

2.7.9.2 Interference with or disruption of the computer or network accounts, services, or equipment of others, including, but not limited to, the willing propagation of computer “worms” and “viruses”, the sending of electronic chain mail, and the inappropriate sending of “broadcast” messages to large numbers of individuals or hosts;

2.7.9.3.1 lteration of the content of a message originating from another person or computer with intent to deceive;

2.7.9.4 Unauthorized modification of system facilities, operating systems or disk partitions;

2.7.9.5 Attempting to crash or tie up a City computer or network;

2.7.9.6 Unauthorized scanning of networks for security vulnerabilities;

2.7.9.7 Unauthorized wiring, including attempts to create unauthorized network connections, or unauthorized extension or retransmission of any computer or network services;

2.7.9.8 Attempting or gaining unauthorized access to or damaging or vandalizing City computing facilities, equipment, software, or computer files;

2.7.9.9 Developing or using programs which disrupt other computer users, access private or restricted portions of the system, and/or damage software or hardware components of the system;

2.7.9.10 Install or use a modem on City owned or leased computers without the prior written consent of the Chief Information Systems Officer.

2.7.10 Printing labels that use adhesive paper to a laser printer.

2.8 Scanning

Scanning documents and photos can create large files that can quickly fill up a file server hard drive. To prevent this, the maximum resolution used for scanning should be no higher than 300 DPI. To scan at a resolution higher than 300 DPI, a written memo or an e-mail stating the reasons for the higher resolution from either a Department Director or designee must be sent to, and approved by, either the Chief Information Systems Officer or designee.

3. WEB (Internet / Intranet) USAGE / REQUIREMENTS

Web Internet resources are made available to City staff to improve communications and information exchange with citizens and others and to provide an information and research resource. As the Internet is a global electronic information infrastructure of networks used by educators, businesses, governments and other communications individuals, certain restrictions are necessary to avoid improprieties and ensure that established standards are met. To reduce potential liability, the risk of inappropriate use, and possible adverse public perceptions, City provided web internet resources are to be used for official City business purposes. City information network resources shall not be used for illegal, harassing, libelous, obscene or other purpose which could expose the City to liability or cause an adverse public perception of the City during or outside City business hours. All components of the City’s web Internet resources (hardware and software) are the property of the City and remain subject to the City’s control. Unnecessary and unauthorized web Internet usage causes network and server congestion, has an adverse impact on other users, is an ineffective use of City time and equipment, and ultimately may have an adverse impact on the public’s perception of City staff. This web Internet policy is designed to help employees understand the City’s expectation for the use of web Internet resources provided. The web Internet provided by the City is a business tool and should not be abused.

3.1 Internet Privacy

Since web Internet access and use are intended to be used for City business, users City employees shall have no right or expectation of privacy or confidentiality in any web Internet activity using City equipment or networks. This includes web Internet activity that occurs after business hours by an employee who has prior permission to use the Internet for personal use. The City has software and systems that monitor and record all web Internet usage. Each World Wide web site visit, chat room, and newsgroup, into and out of our internal networks is recorded. Department Directors, management and supervisors shall have the right to review any Internet activity of any employee supervised by them at any time for any reason. The City reserves the right to inspect any and all files stored in private areas of our network in order to assure compliance with this policy.

3.2 Purpose of the Web Internet

The purpose of the web Internet is to distribute information to public constituencies or to research various City related matters. The City understands that there may be a necessary occasion to use the web Internet for personal business use during business hours; however, these are exceptions and the general rule is that during business hours, a user’s an employees’ web Internet access is for business-related purposes. However, employees users may use the web Internet for non-business research or appropriate browsing during mealtime, break or outside of work hours. Employee Users uses the system at his/her own risk, with no right or expectation of privacy or confidentiality, provided the remaining provisions of this policy are not violated. City employees Users must conduct themselves honestly, appropriately, and in a professional manner on the web Internet. All existing City policies apply to an employee’s conduct on the web Internet, including, but not limited to, those that deal with privacy, misuse of City property, harassment, information and data security and confidentiality. This includes, but is not limited to, sexually explicit or offensive material accessed through or received through the web Internet. In addition, sexually explicit or offensive material may not be archived, stored, distributed, edited or recorded using City network or computing resources. If an employee finds him/herself inadvertently connected to a site that contains sexually explicit or offensive material, he/she shall immediately disconnect from that site and notify his/her immediate supervisor or the Chief Information Systems Officer or designee so they are aware that the connection was not intentional. Any software that is downloaded must be approved by the Department Director or Supervisor and inspected by the Chief Information Systems Officer or designee, prior to installation to ensure the software will not harm the computer or City network. Additionally, the software must be properly licensed and registered. Downloaded software must be used only under the terms of its license. Employees with Internet access may not use City Internet facilities to listen to Internet radio, or download images or videos or sound files unless there is an explicit business-related use for the material or with an approval of the Chief Information Systems Officer and Department Directors or designee Supervisor.

3.3 Uses

All Notwithstanding section 3.2, web Internet activities should be directly related to City business. Listed below are examples of permitted and prohibited uses of the City Internet system. This list is not exhaustive and common sense and good judgment should be used in determining whether the user is engaging in an activity that will violate this web Internet policy. If an employee has a question regarding whether an activity is permitted, he/she shall get the permission ask the question of his/her Department Director, Manager, or Supervisor before proceeding with the Internet activity.


3.3.1 Examples of Appropriate/Permitted Use

3.3.1.1 Obtaining information regarding City business (e.g. policy, legislation, public meetings or technical research, etc.).

3.3.1.2 General announcements within the scope of the sender’s job responsibilities (e.g. City sponsored events or professional user groups associations, etc.).

3.3.1.3 Providing information regarding City business to the public (e.g. City Council meeting agendas or minutes or key points of contact, etc.).


3.3.2 Examples of Inappropriate/Prohibited Use

3.3.2.1 Generating, sending, requesting, receiving or archiving any material in any form (e.g. text or graphics) which contains any comment or image that is discriminatory, offensive, defamatory or harassing in nature.

3.3.2.2 Displaying sensitive or offensive material, resulting in a perceived "hostile environment" to coworkers.

3.3.2.3 Violating software licensing laws by illegally downloading software.

3.3.2.4 Conducting personal business from the City’s server (e.g. placing or advertising items for sale), except in the designated Intranet site provided by the City for this purpose.

3.3.2.5 Visiting inappropriate sites allowing the City’s domain (e.g. johndoe@ci.brentwood.ca.us) to be captured, which could result in negative publicity or adverse public reaction.

3.3.2.6 Illegal activities (e.g. gambling, placing wagers or bets or buying drugs, etc.).

3.3.2.7 Copyright infringement (3rd Party Liability) - involves copyright or intellectual property violations for unauthorized downloading or forwarding of protected information.

3.3.2.8 Logging on to or leaving Internet running all day, unless necessary for a business-related purpose (e.g. using website as wallpaper, screen savers, or using instant messaging or audio/video streaming, etc.).

3.3.2.9. Creating acts of fraud, waste or abuse through Internet activities.

3.4 Web Postings

3.4.1 Department Directors should appoint a person or team to update content of departmental pages. All pages are subject to format and content guidelines determined by the City standards which are on file with the City Webmaster.

3.4.2 The established web page design templates, content suggestions and posting procedures must meet the City standards.

3.4.3 Departments may not create or contract for their own web sites, or acquire or use a domain name other than www.brentwoodca.gov, without prior approval of the City Manager.

3.4.4 Departments and other entities using space on the City’s Web site are responsible for content and accuracy of their pages. All new web content must come from the Department Director or department designee.


3.4.5 The web content must not disseminate information that violates the tenets of this policy.

4. ELECTRONIC MAIL (E-MAIL):

The purpose of this portion of the policy is to ensure the proper use of the City’s e-mail system and make users aware of what the City deems as acceptable and unacceptable use of its e-mail system. The City reserves the right to amend this policy at its discretion. In case of amendments, users will be informed appropriately.

4.1 Legal Risks / Legal Requirements

E-mail is a business communication tool and users are obliged to use this tool in a responsible, effective and lawful manner. Although by its nature e-mail seems to be less formal than other written communication, the same laws apply. Therefore, it is important that users are aware that any of the following scenarios could expose the City and/or the employee user to liability. It is prohibited to:

4.1.1 Send e-mails with any libelous, defamatory, offensive, racist or obscene remarks;

4.1.2 Forward e-mails with any libelous, defamatory, offensive, racist or obscene remarks;

4.1.3 Forward confidential information to persons outside the City without acquiring permission from the sender first;


4.1.4 Unlawfully forward or copy messages without permission (copyright infringement);

4.1.5 Knowingly send an attachment that contains a virus;

4.1.6 Forge or attempt to forge e-mail messages;

4.1.7 Disguise or attempt to disguise your identity when sending mail;

4.1.8 Send e-mail messages using another person’s e-mail account.

4.1.9 Except as may be permitted by section 4.2.1.11, send e-mail messages with logos or wallpaper unless a written memo permitting such use is sent by the City Manager or designee to the Director of Finance/Information Systems or designee.

By following the guidelines in this policy, the e-mail user can minimize the legal risks involved in the use of e-mail. If any user disregards the rules set out in this Policy, the user may be fully liable for all legal consequences and the City will disassociate itself from the user as far as legally possible.

4.2 Best Practices

The City considers e-mail as an important means of communication and recognizes the importance of proper e-mail content and speedy replies in conveying a professional image and delivering good customer service. Users should take the same care in drafting an e-mail as they would for any other communication. Therefore, the City wishes users to adhere to the following guidelines:

4.2.1 Writing e-mails

4.2.1.1 Write well-structured e-mails and use short, descriptive subjects.

4.2.1.2 The City’s e-mail style is informal. This means that sentences can be short and to the point. You can start your e-mail with ‘Hi’, or ‘Dear’, and the name of the person. Messages can be ended with ‘Best Regards’.

4.2.1.3 If you use a signature, it should include your name, job title, department name, and contact information. A disclaimer may be added underneath your signature (see Disclaimer, Section # 4.10 below), Page 13).

4.2.1.4 Users should spell check all e-mails prior to transmission.

4.2.1.5 Users should Do not send unnecessary attachments. Compress attachments larger than 200K before sending them. Contact any IS staff member should you need assistance in doing this procedure.

4.2.1.6 The use of links to common documents instead of attaching a copy of the document to a large number of users is encouraged.

4.2.1.7 Users should Do not write e-mails in all capitals.

4.2.1.8 If you forward e-mails, state user should clearly what action you expect the recipient to take.

4.2.1.9 Only send e-mails of which the content could be displayed on a public notice board. If they cannot be displayed publicly in their current state, consider rephrasing the e-mail, using other means of communication, or protecting information by using a password (see Confidential Information, see Section #4.6, page 13).

4.2.1.10 Users should only mark e-mails as important if they really are important.

4.2.1.11 Stationary background with sound can be used for special occasions (e.g. Birthday announcements, Holiday messages or employee anniversaries, etc.).

4.2.2 Replying to e-mails

4.2.2.1 E-mails should be answered within at least 8 business hours, but users must endeavor to answer priority e-mails within 4 business hours. This excludes weekends, holidays and vacations. During those times, Out Of Office Assistant should be used.

4.2.2.2 Priority e-mails are defined as e-mails from existing customers, internal or external, and business partners.

4.3 Newsgroups

4.3.1 Users need to request permission from their supervisor before subscribing to a newsletter or server news group that has a fee attached to the subscription.

4.4 Maintenance / E-Mail Retention

4.4.1 Routine e-mail messages are not intended to be retained as public records in the ordinary course of City business. Pursuant to Government Code Section 6254(a), preliminary drafts, notes, interagency, or intra-agency memoranda that are not retained by the City in the ordinary course of business are exempt from disclosure as public records, provided that the public interest in withholding those records outweighs the public interest in disclosure.

4.4.2 Due to electronic storage capacity, records management issues, and recent changes in Public Records Law and the California Public Records Act, e-mail messages will be electronically deleted by Information Systems from all computer devices and systems on the thirtieth (30th) day after receipt, whether deleted by the user or not. E-mail messages that are intended to be retained for long-term storage should be placed in the appropriate subject file (in e-record folders), either electronically or in hard copy. Such e-mail messages will be subject to the City’s Record Retention Schedule and may become public records unless exempt from disclosure under other applicable provisions of the Public Records Act (e.g. personnel files or attorney-client communications, etc.). Provisions will be made for extended absences lasting longer than 30 days. Users should complete an IS Service Request in order to put their e-mail account on hold during an extended absence.

4.4.3 Received e-mail messages are electronically deleted from the e-mail server Outlook on the 30th day after they are received, whether they have been read or not.

4.4.4 Sent e-mail messages are electronically deleted from the e-mail server Outlook on the 30th day after they are sent.

4.4.5 Unless automatic deletion default is selected, deleted e-mail messages are electronically deleted from the e-mail server Outlook on the 30th day after they are received or sent.

4.4.6 Voice mail messages are also electronically deleted from the e-mail server Outlook on the 30th day after they are received, whether they have been heard or not.

4.4.7 E-mail messages are limited to 10 megabytes in size for both sent or received messages and attachments, unless an increase has been approved by your supervisor or director and I.S. Information Systems staff has been notified. Files larger than 10 megabytes should be uploaded to the File Transfer Protocol (FTP) server (ftp://ftp.ci.brentwood.ca.us) for outside agencies, or dropped into the L:Drive for internal pick up. For storage capacity purpose, FTP uploads will be deleted seven (7) days after the date of the upload.

4.4.7.1 The common “L” Drive on the City server has two primary purposes:

Temporary – File transfer when a document is too large to e-mail, or to share with another department. Files are to be removed from the “L” drive when the project or transfer of document is completed. The recommended procedure is to use the FTP process.

Long-Term – Central location where certain documents can be accessed and transferred on a regular basis (such as policies, agendas, forms). The recommended procedure is to post such documents in the Intranet.

The “L” Drive will be audited regularly and purged of obsolete or outdated information. The department secretary shall regularly monitor the “L” drive to keep it streamlined.


4.4.8 Personal e-mails the user wishes to keep should be sent to the user’s home computer for storage.

4.4.9 Users are responsible for backing up their e-mails to Outlook PST files. However there is a 1GB system limitation on the size of a personal storage (PST) file. Users, however, may have multiple PST files. It is important to remember that even though e-mails are stored in personal folders, they are still considered a public record.

4.5 E-Mail Quota

E-mail Quota is implemented for all Mailboxes, the size is 150MB, users will receive warning when they reach a limit of 120MB. If a user ignores the warnings and the mailbox reaches a limit of 150MB, he/she will no longer be able to send or receive e-mail before clearing their Mailbox.

4.6 Confidential Information

It is recommended that confidential information not be sent via e-mail. However, if you are in doubt as to whether to send certain information via e-mail, check with your supervisor.

4.7 Encryption

Users may not encrypt any e-mails without obtaining written permission from their supervisor. If approved, the encryption key(s) must be made known to the City.

4.8 E-Mail Retention

The City is not implementing any retention policy for e-mail. Users are responsible to backup the messages they would like to retain to personal folders.

4.9 E-mail Accounts

All e-mail accounts maintained on our e-mail systems are property of The City. Passwords should not be given to unauthorized people.

4.10 Disclaimer

The following disclaimer may be added to each outgoing e-mail:

‘This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the system manager. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the City. Finally, the recipient should check this e-mail and any attachments for the presence of viruses. The City accepts no liability for any damage caused by any virus transmitted by this e-mail.’

4.11 “All Employee” or City Group(s) E-mails:

4.11.1 “All employee” or City Group(s) e-mails must be of a business nature and must affect the majority of City employees. The City's Intranet site provides an ideal means through which employees can advertise personal items for sale. Advertisements can be e-mailed to the City of Brentwood Webmaster and will be posted on the City’s internal website (Intranet). Advertisements can be posted only by City employees and that employee must be the contact for the advertisement.

4.11.2 Common sense should prevail when using the City’s e-mail system. If at any time you are unsure if the content of your e-mail is appropriate, DO NOT SEND. It is always best to check with your supervisor prior to sending an e-mail of a questionable nature.

4.12 Only a City-approved tag line is acceptable.

5. VOICE MAIL MESSAGING REQUIREMENTS

Voice mail is a rapidly developing technology that has a tremendous potential to improve internal communications within the City as well as enhance our ability to serve the public. Along with this goes a responsibility to understand the impact of this technology, on the way we do business and how the public perceives us, etc. The goal is to recognize that it is the public who should be primarily served by voice mail and that every decision made during the administration of this system should consider this fact.

5.1 Employees will keep their outgoing message(s) and/or announcements professional, timely and accurate. Outgoing messages should not contain jokes, jargon, offensive language or music, etc., in their announcements.

5.2 During periods of extended absence (vacations, conferences, trips, illness, etc.) employees should arrange to have mailbox coverage and/or an appropriate announcement directing the caller elsewhere.

5.3 Employees shall check messages regularly and an attempt should be made to promptly return calls within 24 business hours.

5.4 Employees will not use voice mail to screen calls.

5.5 The “City of Brentwood” shows up for those call recipients that have caller I.D. Therefore, any calls made from the City of Brentwood, represent the caller as being the City of Brentwood, and employees are thus held accountable for information transmitted via City phones.

5.6 The voice messaging system is part of the City of Brentwood’s unified messaging system (which includes e-mail); the user has no expectation of privacy; and the system is therefore subject to review and audit, if necessary, by the City.

6. CELLULAR/SMART TELEPHONE REQUIREMENTS AND USAGE

6.1 Employees may be issued a cellular/smart phone if authorized by the Department Director. Department Directors have the authority to approve a cellular/smart phone request based on sufficient City employee need and departmental budget funds. The department should annually review the list of users to ensure that designated employees continue to demonstrate a need for the cellular/smart phone.

6.2 City issued cellular/smart phones are the property of the City of Brentwood and should be used for City related business only. Use of City-owned cellular/smart phones for outside business ventures not related to City business is prohibited. The opportunity is available, with director approval, for the employee to obtain an alternate phone line to be used for personal use and paid for by the employee directly to the service provider.

6.3. The City recognizes that there may be incidental occasional personal use of cellular/smart telephones, but messages will be treated the same as other messages. The City reserves the right to access, review, audit and disclose as necessary all incoming messages from a City-owned cellular/smart phone, without regard to content.

6.4 In the event that a City-owned cellular/smart phone is lost or stolen, the employee must notify his supervisor immediately so that the/smart appropriate City staff can be informed and address the situation with the carrier. In the case of a theft, a police report must also be filed immediately.

6.5 Occasionally, employees who do not have a City-issued cellular/smart phone may need to use their personal cellular/smart phone for critical City business. These calls may be eligible for reimbursement by the City, provided no other option (i.e., pay phone, hotel or home phone) is available. Request for reimbursement should be submitted on an expense reimbursement form, attaching a copy of the monthly cellular/smart phone bill with business calls highlighted.

6.6 Federal, State, and local laws regarding cellular/smart telephones are to be observed including, but not limited to, the State law, effective July 1, 2008 that makes it an infraction to drive a motor vehicle while using a wireless telephone, unless the cellular/smart telephone is designed and configured to allow hands-free listening and talking operation, and is used in that manner while driving.

7. Telecommuting / Accessing City Files from Home

7.1 Employees may, from time to time, need to work from home and may use their personal computer to do so. However, the City reserves the right to audit any personal computer of any employee accessing City files from their personal computer. Users who do not wish to be subject to possible audit of their personal computer may request a City laptop be provided to access City resources from remote sites.

8. SYSTEMS – COMPUTERS, SOFTWARE, DOWNLOADS

8.1 Only Information Systems staff has the authority to install, remove, or modify hardware on City-owned electronic systems and devices. This is done via service request and must be a job-related.

8.2 Only the I.S Information Systems staff has the authority to install or remove all software on City-owned electronic systems and devices computers. This is done via service request and should must be a job-related requirement. Non job-related software may be installed on a City-owned electronic systems and devices only by written authorization of the Department Director and approval by the Chief Information Systems Officer or designee.

8.3 Prior to purchasing new software, a Software Request Purchase Form must be completed and approved by the Chief Information Systems Officer or designee. The form is located on the Intranet.

9. FAX MACHINES

9.1 Use of City fax machines should be for City business purposes only. In the event that a need for personal use should arise, permission from your supervisor must be obtained.

9.2 City fax machines encode “City of Brentwood” on all documents faxed from the City. As such, all users of the City fax machine are represented as being the City. Each employee is therefore held individually accountable for information sent from the City.

10. Password and Encryption Key Security and Integrity

10. SECURITY Password and Encryption Key Security and Integrity

10.1 All system passwords and encryption keys must be available to City management, and you may not use passwords that are unknown to your supervisor or install encryption programs without prior written permission of the Chief Information Systems Officer and without turning over encryption keys to the City. The City Authentication system enforces the following:

10.1.1 Passwords for newly activated accounts must be changed at first use. This ensures that only the person who is assigned to the account knows the password.

10.1.2 Password must be six or more in length.

10.1.3 The password must contains any 3 of the following characters:
A-Z
a-z
0-9
Special characters (!@#$%^&*(){}/?[])

10.1.4 Password will expire every six months.

10.1.4.1 City employees are required to create a new password.

10.1.4.2 The system retains a history of six passwords. This means that the last six passwords cannot be reused. When the password is changed, the account owner must create a password that is different from the last six passwords. Information Systems staff strongly encourages users to avoid reusing old passwords.

10.1.4.3 City employees are encourage to use pass phrase (see definition of pass phrase),

10.2 Employees are prohibited from the unauthorized use of the passwords and encryption keys of other employees to gain access to the other employee’s workstation computer, e-mail or voice mail messages. The City will not give out any logins or passwords to non-management persons other than the one stated above. City Employees are expected to:

10.2.1 Create a strong password (see sections 10.1.2 to 10.1.3). Passwords are an important aspect of computer security. A poorly chosen password may result in the compromise of the entire City network.

10.2.2 Safeguard the password. For example, individuals should not write down or store the password on paper or on a computer system where others might acquire it.

10.2.3 Never share the password, even with a best friend, roommate, or relative.

10.2.4 Reserve the username and password for City systems and services only. Individuals should create a different username and password for external services such as stores, banks, music services, Web sites, personally owned computers, or other systems.

10.3 All use of the login accounts to various City systems is assumed to be performed by the person assigned to that account. Account owners are held responsible for all activities associated with their accounts.


10.4 Support:
If it is required that another City employee has access to information protected by your password in your absence, access can only be granted by a supervisor or Department Director in writing. An e-mail to Chief Information Systems Officer or designee from any one of these individuals constitutes permission. Information that a user obtains through this special privilege is to be treated as private and confidential.

Individuals who forget their password or need assistance should contact Information Systems staff for assistance.

Information Systems staff will annually review users’ access rights on the first quarter of every calendar year to ensure that employees only have access to computing resources and information deemed necessary for the performance of their duties. This effort is coordinated with relevant application owners.

11. MEDIA DESTRUCTION

Once all required approval have been obtained for the destruction of media pursuant to the City’s Record Retention Policy, the approved Department personnel can authorize in a memo or email to the Chief Information Systems Officer or designee to dispose of the electronic media.

11.1 Media with non sensitive data;

11.1.1 Prior to disposal or designated for surplus, operable hard drives must be formatted into a single partition or degaussed with electro magnet by the Information Systems Staff, removing all programs and data.

11.1.2 If the hard drive is inoperable, the hard drive must be physically damaged.

11.1.3 All media other than the hard drive must be erased, degaussed with electro magnet or rendered unusable by physically damaging the media.

11.2 Media with confidential or sensitive data:

11.2.1 Prior to disposal or designated for surplus, the hard drive must be overwritten with random pattern of meaningless information. Typically, overwriting consist of recording the hard drive with binary ones and zeros. If the hard drive is overwritten three times, then the hard drive is considered sanitized. This renders the data unrecoverable.

11.2.2 If the hard drive is inoperable, the Information Systems Staff must first attempt to sanitize the hard drive. If the hard drive cannot be sanitized, then the hard drive must be dissembled and mechanically damaged so that it is unusable by a computer

11.2.3 All other electronic media other than the hard drive must be erased, degaussed with electro magnet or rendered unusable by physically damaging the media.

11.3 All Media can be disposed of by using a certified commercial disposal company in place of 11.1 and 11.2 of the media destruction section of this policy. The Chief Information Systems Officer or designee will make arrangements with a certified commercial disposal company to have the media destroyed.

12. Violations

12.1 Any employee found to have violated this policy may have his/her access to the Internet limited or revoked completely and may be subject to formal disciplinary action up to and including termination from City employment.

12.1.1 Initially, the employee shall be informed of the alleged breach, given an opportunity to respond to the allegation, and if unable to provide a satisfactory explanation, be asked to desist from or, if applicable, to remedy the breach. However, if the initial breach is a serious breach, the City employee may be disciplined up to and including termination.


12.1.2 If a breach is not desisted from or remedied, City of Brentwood may either withdraw the employee’s access to the Internet or will provide a first warning to the employee, to which the employee shall have an opportunity to respond or, subject to above, cited for a serious breach and disciplined up to and including termination.

12.2 If the infringing conduct continues, whether a serious or minor breach, the employee may be given a second and third warning, to each of which he or she shall have an opportunity to respond or, subject to section 12.1.1, cited for a serious breach and disciplined up to and including termination.

12.3 If even a minor breach is committed after the third warning, the employee may be terminated.

13. EFFECTIVE DATE:

This policy is initially made effective as of December 1, 2004. This policy shall remain in full force and effect until rescinded and may be amended from time to time at the sole determination of the City.


Glossary

Archive – A collection of computer files that have been packaged together for backup, to transport to some other location, for saving away from the computer so that more hard disk storage can be made available, or for some other purpose. An archive can include a simple list of files or files organized under a directory or catalog structure (depending on how a particular program supports archiving).

Compression – The reduction in size of data in order to save space or transmission time. For data transmission, compression can be performed on just the data content or on the entire transmission unit depending on the number of factors.

Cracker – Someone who breaks into someone else’s computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. A cracker can be doing this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering has been done ostensibly to point out weaknesses in a site’s security system.

Decryption – The process of converting encrypted data back into its original form so it can be understood.

DPI – Dots Per Inch is a measure of spatial printing or video resolution. In the digital image files, DPI refers to physical size of an image.

Electronic Mail – Electronic Mail (e-mail) may include non-interactive communication of text, data, images, or voice messages between a sender and a designated recipient by systems utilizing telecommunications links. It may also include correspondence transmitted and stored electronically using software facilities called e-mail, facsimile, or messaging systems; or voice messages transmitted and stored for later retrieval from a computer system.

Encryption – The conversion of data into a form, called a ciphertext that cannot be easily understood by unauthorized people.

Encryption Keys – An encryption method that uses the concept of a key ring. The key ring has two keys: a public key that is made available to everyone and a private key that is known only by the private key holder. The public and private keys are designed to work together. Anyone can use the public keys to encrypt data, but only the person with the corresponding private key can decrypt the data; this helps to protect the content of the message.

FTP – File Transfer Protocol – A standard internet protocol, FTP is the simplest way to exchange files between computers on the internet. Like the Hypertext Transfer Protocol (HTTP), which transfers displayable Web pages and related files, FTP is an application protocol that uses the Internet’s TCP/IP protocols. FTP is commonly used to transfer Web page files from their creator to the computer that acts as their server for everyone on the Internet. It’s also commonly used to download programs and other files to your computer from other servers.

Hacker – Term used by some to mean “a clever programmer” and by others, especially journalists or their editors, to mean “someone who tries to break into computer systems.”

Icons – A little picture on your screen that you can click on with your mouse. An icon can represent a file, program, peripheral or tool.

Integrity – In terms of data and network security, integrity is the assurance that information can only be accessed or modified by those authorized to do so. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can also be threatened by environmental hazards, such as heat, dust and electrical surges.

Internet – A worldwide network of networks, connecting informational networks communicating through a common communications language or protocol.

Internet Downloads – To transfer data or code from a far-away system (especially a larger host system) over a digital communications link to a nearby system.

Logos – An iconic symbol designed to represent a company, organization, product, service, and sometimes certain places.

Media – Any object that has the capability to store data, such as hard drives, floppy diskettes, magnetic tape, CD or DVD disks, USB “thumb drives”, digital voice recorders, memory cards, PDA’s etc.

Pass phrase – A passphrase is a first letter of a sentence or phrase used instead of a single password. Because of its length, a passphrase is more secure than a password. By using a phrase, it still is easy to remember. (“Do you know the way to San Jose?” could be D!Y!KtwTSJ?).

PDA – Personal Digital Assistant – a term for any small mobile hand-held device that provides computing and information storage and retrieval capabilities for personal or business use, often for keeping schedule calendars and address book information handy.

Piracy – In terms of software - the illegal copying, distribution, or use of software.

PST – Users create a .pst (personal storage file) to store messages that they consider important somewhere other than on the Exchange server. Based on the criticality of the information, users may decide to “back up” the .pst file to some removable medium, such as a CD-ROM for long term storage.

Screen Saver – A utility program that blanks out the image displayed on the monitor of a computer, or replaces it with a continuously changing pattern, to prevent ghosting, the permanent etching of a still image on the monitor. Most screen savers can be set to commence after a designated period of inactivity and remain on the screen until the mouse is moved or a key is pressed, restoring the original image.

Sanitize – The act or action of rendering electronic media removing all information by using software utilities to write random patterns of zero’s and one’s to a hard drive, at a minimum of 3 consecutive times, thereby overwriting any data, and rendering the device incapable of retrieving it.

Standards – Departmental directions or instructions describing how to achieve policy; Mandatory statement of direction.

Stationery – Background image for email, often animation and/or sound are associated with the background image.

Strong Passwords – Password must be at least six characters in length, significantly different from previous passwords, contains combination of upper case, lower case, digit or punctuation character and avoid using common usage word such as pets, family names, friends, co-workers, or fantasy characters.

Tag lines – A slogan that creates a memorable phrase. Such tag lines at the City of Brentwood are intended to reflect a Division, Department or the City’s mission and vision, and/or culture of the organization.

Telecommuting – To work outside the traditional office or workplace, usually at home or in a mobile situation.

Unusual or Unusually Excessive – Not common or ordinary; exceeding what is normal, proper or reasonable.

Users – The Public and City Employees

Video Streaming – Playing video in real time - immediately as it is downloaded from the Internet, rather than storing it in a file on the computer and viewing at a later time.

Wallpaper – Also known as a ‘desktop picture’ refers to an image used as a background pattern or picture that appears in the background on a computer screen or email.







ACKNOWLEDGEMENT OF RECEIPT


Policy and Procedures for City Information Systems and Communications
Policy No. 10-10


My signature below is confirmation that I have received a copy of the Policy and Procedures for City Information Systems and Communications, Policy No. 10-10 as amended and that I understand that it sets forth the City’s policy with respect to the use of cellular telephones, smart phone, computers, electronic mail (e-mail), intranet (internal City websites), mobile messaging systems, telephonic voice mail, Internet access, fax systems, Personal Digital Assistants (PDAs) and other electronic communications systems provided by the City of Brentwood. I understand that this policy is intended to supplement other City personnel policies that govern rules of conduct and performance in the workplace. I further understand and agree that it is my responsibility to read and familiarize myself with the provisions of this policy.




Employee's signature




Date of Receipt








 
City Administration
City of Brentwood City Council
150 City Park Way
Brentwood, CA 94513
(925) 516-5440
Fax (925) 516-5441
E-mail allcouncil@brentwoodca.gov