City Policies Computer Usage Policy - 4/23/18

View the PDF version Google Docs PDF Viewer

                                   City of Muskegon

                                Computer Usage Policy

1. Overview
The Information Technology (“IT”) Department’s intentions for publishing a Computer Usage
Policy/Acceptable Use Policy are not to impose restrictions that are contrary to City of
Muskegon’s established culture of openness, trust and integrity. IT is committed to protecting
City of Muskegon's employees, partners and the company from illegal or damaging actions by
individuals, either knowingly or unknowingly.

Internet/Intranet/Extranet-related systems, including but not limited to computer equipment,
software, operating systems, storage media, network accounts providing electronic mail, WWW
browsing, and FTP, are the property of City of Muskegon. These systems are to be used for
business purposes in serving the interests of the organization, and of our citizens and customers
in the course of normal operations.

Effective security is a team effort involving the participation and support of every City of
Muskegon employee and affiliate who deals with information and/or information systems. It is
the responsibility of every computer user to know these guidelines, and to conduct their activities

This policy covers all Departments and entities of the City of Muskegon and replaces any other
computer usage policies.

2. Purpose
The purpose of this policy is to outline the acceptable use of computer equipment at City of
Muskegon. These rules are in place to protect the employee and City of Muskegon. Inappropriate
use exposes City of Muskegon to risks including virus attacks, compromise of network systems
and services, and legal issues.

This policy also advises employees as to the nature of appropriate and inappropriate use of social
media (“blogging”) that may affect the public, Employer, or other employees. This policy must
be read in conjunction with other applicable policies and requirements. Employees who are
uncertain about the scope or applicability of this policy should contact the Director of
Information Technology for guidance. Nothing herein is intended to interfere with employees
rights under the First Amendment to the United States Constitution or the National Labor
Relations Act.

                                                                                            Page 1
                                   City of Muskegon

3. Scope
This policy applies to the use of information, electronic and computing devices, and network
resources to conduct City of Muskegon business or interact with internal networks and business
systems, whether owned or leased by City of Muskegon, the employee, or a third party. This also
includes private cell phones and any other devices that use city resources to communicate (e.g.
personal cell phone using internet provided by the City of Muskegon. All employees,
contractors, consultants, temporary, and other workers at City of Muskegon and its subsidiaries
are responsible for exercising good judgment regarding appropriate use of information,
electronic devices, and network resources in accordance with City of Muskegon policies and
standards, and local laws and regulation.

This policy applies to all internet communication and use of social media done in one’s official
capacity, in a public capacity or privately. This policy applies to employees, contractors,
consultants, temporaries, and other workers at City of Muskegon, including all personnel
affiliated with third parties. This policy applies to all equipment that is owned or leased by City
of Muskegon. If any clause, provision or portion of any clause or provision is deemed invalid,
unlawful or unenforceable in any respect, the validity, legality, and enforceability of the
remaining provisions of this Contract shall not in any way be impaired or affected.

                                                                                              Page 2
                                  City of Muskegon

4. Policy
4.1 General Use and Ownership

4.1.1 City of Muskegon proprietary information stored on electronic and computing devices
      whether owned or leased by City of Muskegon, the employee or a third party, remains the
      sole property of City of Muskegon.

4.1.2 You have a responsibility to promptly report the theft, loss or unauthorized disclosure of
      City of Muskegon proprietary information. Do so by immediately notifying your
      supervisor and the IT Department.

4.1.3 You may access, use or share City of Muskegon proprietary information only to the
      extent it is authorized and necessary to fulfill your assigned job duties.

4.1.4 Employees are responsible for exercising good judgment regarding the reasonableness of
      personal use. Individual departments may have additional guidelines concerning personal
      use of Internet/Intranet/Extranet systems. In the absence of such policies, employees
      should be guided by departmental policies on personal use, and if there is any
      uncertainty, employees should consult their supervisor or manager.

4.1.5 For security and network maintenance purposes, authorized individuals within City of
      Muskegon may monitor equipment, systems and network traffic at any time, including
      the City Voice Over IP phone system (VOIP).

4.1.6 The Information Technology Department reserves the right to audit networks and
      systems on a periodic basis to ensure compliance with this policy.

4.2 Security and Proprietary Information
4.2.1 All mobile and computing devices that connect to the internal network must first be
       approved by the IT Department.

4.2.2 System level and user level passwords must meet or exceed those of our Windows
      Network requirements. Providing access to another individual, either deliberately or
      through failure to secure its access, is prohibited.

4.2.3 All computing devices with proprietary, confidential, or otherwise sensitive information,
      or any device connected to the internal network must be secured with a password-
      protected screensaver with the automatic activation feature set to 10 minutes or less. You
      must lock the screen or log off when the device is unattended.

                                                                                           Page 3
                                   City of Muskegon

4.2.4 Postings by employees from a City of Muskegon email address to internet groups, if
      allowed, must contain a disclaimer stating that the opinions expressed are strictly their
      own and not necessarily those of City of Muskegon, unless posting is in the course of
      business duties.

4.2.5 Employees must use extreme caution when opening e-mail attachments, especially when
      they are received from unknown senders. If in doubt, contact the IT Department before
      taking any action.

4.2.6 Employees may only use authorized City of Muskegon removable media in their work
      computers or devices. City of Muskegon removable media may not be connected to or
      used in computers that are not owned or leased by the City of Muskegon without explicit
      permission of the IT Department. Confidential or sensitive information should be stored
      on removable media only when required in the performance of your assigned duties or
      when providing information required by other state or federal agencies.
      [note: a common ploy by hackers is to drop a USB Stick in the employee parking lot at
      the beginning of the day in hopes the employee will pick it up and insert the device into
      their work computer thereby introducing a malware/virus into the network]

4.2.7 All wireless infrastructure devices, including Bluetooth and other technologies, that are
      used at a City of Muskegon site must be approved by the IT Department and:
          1. Be installed, supported, and maintained by IT Department. Under no
              circumstances is an employee or third party allowed to initiate, install or maintain
              a wireless network without first receiving written approval from the IT
          2. Use City of Muskegon approved authentication protocols and infrastructure.
          3. Use City of Muskegon approved encryption protocols.
          4. Maintain a hardware address (MAC address) that can be registered and tracked.
          5. Not interfere with wireless access deployments maintained by other support

4.2.8 Any security breach or vulnerability, be it real, suspected, or tip, requires that the
      employee immediately call the IT Department at (231) 724-4126 and talk with staff. If
      you cannot reach a person from the IT Department, you must immediately remove the
      network cord from the back of the computer, leave a message for IT Staff, and
      immediately notify your supervisor. See picture below for further detail.

                                                                                            Page 4
                                     City of Muskegon

4.3 Unacceptable Use

The following activities are, in general, prohibited. Employees may be exempted from these
restrictions during the course of their legitimate job responsibilities (e.g., systems administration
staff may have a need to disable the network access of a host if that host is disrupting production

Under no circumstances is an employee of City of Muskegon authorized to engage in any
activity that is illegal under local, state, federal or international law while utilizing City of
Muskegon-owned resources or points of presence.

The lists below are by no means exhaustive, but attempt to provide a framework for activities
which fall into the category of unacceptable use.

4.3.1 System and Network Activities

The following activities are strictly prohibited, with no exceptions:

                                                                                                    Page 5
                                City of Muskegon

1. Violations of the rights of any person or company protected by copyright, trade secret,
   patent or other intellectual property, or similar laws or regulations, including, but not
   limited to, the installation or distribution of "pirated" or other software products that are
   not appropriately licensed for use by City of Muskegon.

2. Unauthorized copying of copyrighted material including, but not limited to, digitization
   and distribution of photographs from magazines, books or other copyrighted sources,
   copyrighted music, and the installation of any copyrighted software for which City of
   Muskegon or the end user does not have an active license is strictly prohibited.
3. Accessing data, a server or an account for any purpose other than conducting City of
   Muskegon business, even if you have authorized access, is prohibited.
4. Installation or removal of any software without prior approval of the IT Department.
   Exceptions would be updates on software previously installed by the City of Muskegon.
5. Exporting software, technical information, encryption software or technology, in
   violation of international or regional export control laws, is illegal. The IT Department
   should be consulted prior to export of any material that is in question.
6. Introduction of malicious programs into the network or server (e.g., viruses, worms,
   Trojan horses, e-mail bombs, etc.).
7. Revealing your account password to others or allowing use of your account by any
   individual. This includes co-workers, family, and other household members when work is
   being done at home.

8. Using a City of Muskegon computing asset to actively engage in procuring or
   transmitting material that is in violation of sexual harassment or hostile workplace laws
   in the user's local jurisdiction.
9. Making fraudulent offers of products, items, or services originating from any City of
   Muskegon account.
10. Making statements about warranty, expressly or implied, unless it is a part of normal job
11. Effecting security breaches or disruptions of network communication. Security breaches
    include, but are not limited to, accessing data of which the employee is not an intended
    recipient or logging into a server or account that the employee is not expressly authorized
    to access, unless these duties are within the scope of regular duties. For purposes of this
    section, "disruption" includes, but is not limited to, network sniffing, pinged floods,
    packet spoofing, denial of service, and forged routing information for malicious purposes.
12. Port scanning or security scanning is expressly prohibited unless authorized by the IT
13. Executing any form of network monitoring which will intercept data not intended for the
    employee's host, unless this activity is authorized by the IT Department.

                                                                                           Page 6
                                  City of Muskegon

   14. Circumventing user authentication or security of any host, network or account.
   15. Introducing honeypots, honeynets, or similar technology on the City of Muskegon
   16. Interfering with or denying service to any user other than the employee's host (for
       example, denial of service attack).
   17. Using any program/script/command, or sending messages of any kind, with the intent to
       interfere with, or disable, a user's terminal session, via any means, locally or via the

   18. Circumventing the Open Meetings Act.
   19. Providing information about, or lists of, City of Muskegon employees to parties outside
       City of Muskegon.

4.3.2 Email and Communication Activities
When using company resources to access and use the Internet, users must realize they represent
the organization. Whenever employees state an affiliation to the organization, they must also
clearly indicate that "the opinions expressed are my own and not necessarily those of the City of
Muskegon". Questions may be addressed to the IT Department.

   1. Sending unsolicited email messages, including the sending of "junk mail" or other
      advertising material to individuals who did not specifically request such material (email
   2. Any form of harassment via email, telephone or paging, whether through language,
      frequency, or size of messages.
   3. Unauthorized use, or forging, of email header information.
   4. Solicitation of email for any other email address, other than that of the poster's account,
      with the intent to harass or to collect replies.
   5. Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.

   6. Use of unsolicited email originating from within City of Muskegon's networks of other
      Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service
      hosted by City of Muskegon or connected via City of Muskegon's network.
   7. Posting the same or similar non-business-related messages to large numbers of groups
   8. Electronic communication using the City email system should not be considered
      “personal.” All communication is logged, archived and may be available to anyone under
      the Freedom of Information Act (FOIA).

                                                                                             Page 7
                                   City of Muskegon

4.3.3 Internet Posting and Social Media

   1. General Guidance.

       (a)     Unless specifically and expressly authorized by an individual position description
       or by the Director of Information Technology, an employee:

       (i.)     May not use City of Muskegon’s computer or communications systems
       (including workstations, laptops, or any portion of the system, software, or e-mail system
       or texting capabilities) for blogging purposes. This prohibition applies to all blogging of
       any format or kind, and includes blogging by use of an employee’s personal computer
       using City of Muskegon’s equipment, network or system whether remotely or in the

       (ii.)   May not blog during the workday or while on City of Muskegon’s premises.

       (iii.) May not blog at any time in any manner that creates an appearance, whether
       intended or not, that the employee is speaking as a representative of, agent for, or in any
       way on behalf of City of Muskegon.

       (iv.) May not blog at any time in any manner that casts City of Muskegon and its
       employees in an unjustified improper or negative light.

       (b)     An employee must understand that blogging of any kind transmits information
       electronically and that the content may be viewed by anyone at any time, even after an
       attempt to delete the blog. Therefore, employees cannot have any expectation of privacy
       in any blog, and City of Muskegon may read, review, monitor, or copy blogs, except as
       may be restricted by law. All employees are held to a heightened duty of care when
       blogging due to the expansive audience you are reaching.

       (c)     Blogs may not be used for personal or sexual harassment, unfounded accusations,
       or to create or contribute to a hostile work environment.

       (d)     Unless authorized, blogs may not display images of City of Muskegon’s property,
       logo, seal, premises, or information of or about other City of Muskegon employees.

       (e)     Bloggers must be wary of commentary about individuals and reputations,
       particular others within the department. An employee must not make any libelous,
       defamatory, or harassing statements in online postings.

       (f)     Unless prohibited by other policy provisions, blogs may mention facts regarding
       incidents or events involving City of Muskegon if: (i.) that information has been reported
       to City of Muskegon and (ii.) the incident or event has first been reported through
       established media and the information is not confidential or false. Blogging described in
       this paragraph also is permitted as allowed by laws generally applicable to employee
       statements and conduct.

                                                                                             Page 8
                              City of Muskegon

   (g)     Bloggers must avoid any activity or conduct that unjustly reflects adversely upon
   City of Muskegon and other employees.

   (h)     Blogs may not be used for admission of, or comment upon, individual or
   Employer liability regarding any work-related matter. Employees shall use internal
   reporting mechanisms for such matters.

   (i)     Bloggers should ensure that opinions they express or relay are not capable of
   being seen as opinions of or statements by City of Muskegon or its officials or employees
   unless expressly authorized.

   (j)    Bloggers should not assume that anonymous blogging, or blogging conducted
   under a pseudonym, protects their identity from disclosure.

2. Guidance for Non-Work-Related Blogging. Subject to the general guidelines and other
   policy provisions, individual bloggers acting on their own behalf, without identifying
   themselves as employees or in any way indicating their status as such, may make non-
   work-related blog comments, without prior review or approval by employer, provided
   that such activity does not constitute defamation or misrepresent or distort facts in such
   manner that it may cause negative effects for, or damage to, City of Muskegon, its
   officials, or its employees. Non-work-related blogging, as described in this paragraph, by
   an employee of City of Muskegon who is identified as such, shall conform to paragraph
   (5) of this Section.

3. Guidance for Non-Work-Related Blogging when Blogger is identified as a Public

   (a) When an employee engages in personal, non-work-related blogging, but the employee
   is identified as an employee of City of Muskegon, City of Muskegon has an interest in
   protecting itself, the public, and other employees from potentially adverse effects of
   blogging and may implement restrictions to such blogging as City of Muskegon sees fit.

   (b) Accordingly, employee agrees that any such blogging shall clearly indicate that the
   content, opinions, and statements are solely those of the employee and do not necessarily
   represent the views of City of Muskegon, other employees, or the public. For example:
   “The views expressed on this post are mine and do not necessarily reflect the views of the
   City of Muskegon.”

   (c) Such blogging may not:

   (i) Contain defamatory or false content;

   (ii) Create or contribute to an unreasonable adverse effect on the workplace;

                                                                                        Page 9
                                   City of Muskegon

       (iii) Contain representation or give the appearance that it is made as part of the official
       duties of the employee unless the official duties of the employee include the authority to
       engage in blogging in the manner in which the blogging occurred; or

       (iv) Otherwise exposes City of Muskegon to liability or adversely affects its public
       officials, employees, the public, or any governmental entity without due cause.

   4. Guidance for “Unofficial” Work-Related Blogging.

       (a) The rights of public employees in some instances to make statements that constitute
       legitimate public comment on matters of public concern may be protected to an extent by
       constitutional guarantees of free speech, association, and religion. Those rights, however,
       are not unlimited and are subject to control depending on the employee’s position and
       duties and the effect of the statements.

       (b) An employee may not state, imply, or suggest that blogging is authorized by or
       represents City of Muskegon unless that is actually the case and the employee expressly
       has been authorized to make such statements.

       (c) Questions about appropriate conduct online should be directed to a manager or

   5. Guidance for Official Blogging. Blogging on behalf of City of Muskegon or as a
      representative or agent of City of Muskegon may be conducted only with specific written
      authorization of the Department of Information Technology / City Manager. The general
      guidelines and standards for official blogging require that the blog be specifically
      authorized, honest and candid, and confined to the authorized statement or topic, and
      conducted in the manner authorized.

   6. Discipline. An employee may be subject to disciplinary action for violation of this

4.4 Compliance Measurement
The IT Department team will verify compliance to this policy through various methods,
including but not limited to, business tool reports, internal and external audits, and monitoring.

4.5 Exceptions
Any exception to the policy must be approved by the City Manager or Information Technology
Department in advance and in writing.

4.6 Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and
including termination of employment.

                                                                                            Page 10
                                  City of Muskegon

5. Definitions and Terms
   •   Blogging: In a broad sense and means all use of online communication and conducts, use
       of social media by employees, including comments made to or by a public employee,
       whether made by e-mail, contribution to a weblog, or posting on a website or other social
       media (public or personal), e.g., Facebook, Twitter, YouTube, Wix, chat rooms, message
       boards, etc.
   •   Social Media: forms of electronic communication through which users create online
       communities to share information, ideas, personal messages and other content such as
       Facebook, Twitter, Instagram, Snapchat, YouTube, Wix, etc.
   •   Internet Posting – posting of any information on the internet in any form.
   •   Honeypot: an information system resource whose value lies in unauthorized or illicit use
       of that resource.

   Signature: ________________________________________________________________

   Name:       ________________________________________________________________

   Date:       ________________________________________________________________

6. Revision History

Date of           Responsible              Summary of Change

4/23/2018         IT Department            Updated Layout , Policy, Social Media

                                                                                        Page 11

Top of Page