The URL can be used to link to this page

Home My WebLink AboutADM 030-001 Personal Computer ProcedureCity Procedure Procedure Title: Personal Computer Procedure Procedure Number: ADM 030-001 Reference: Date Originated: March 2, 2000 Date Revised: May 25, 2005 & December 3, 2007 & January 15, 2009 & February 2, 2010 Approval: Chie )n -i - ive Officer Point of Contact: Manager, Information Technology c' Procedure Objective The City of Pickering requires its employees, consultants, contractors and agents to use all corporate computer hardware and software systems in a professional and ethical manner, and in a way that best serves the requirements of the Corporation. Such systems are intended for corporate business only, and the Corporation reserves the right to monitor their use at any time. The objective of this Procedure is to: 1. Protect the City of Pickering from illegal activities, which may occur through the improper usage of corporate computer systems. 2. Establish a consistent set of guidelines, procedures, and standards for employees to follow. 3. Establish that all City policies and procedures will be enforced in the use of computer systems and communications. 4. Establish that failure to comply with this procedure may result in discipline up to and including termination of employment. 5. Ensure that a clear set of procedures is in place when requesting support from Information Technology (IT). Index 01 Definitions 02 Responsibilities 03 Ownership of Computer System 04 Procedures/General Provisions 05 Standard Applications 06 Development of Computer Software and Documentation 07 Illegal Software 08 Virus Checking 09 Data Backups 10 Security 11 Freedom of Information 12 Allocation of Computer Resources 13 Email and Text Messaging 14 Internet 15 Staff Changes 16 Personal Computer Desktops 17 Technical Support 18 Training 19 Powering off Computers 20 Requesting Computer Equipment for Home Usage 21 Personal Digital Assistants (PDA) 22 Adherence to Personal Computer Use Procedure Procedure Title: Personal Computer Procedure Page 2 of 20 Procedure Number: ADM 030-001 01 Definitions 01.01 Authorized Official — The Chief Administrative Officer, Directors, Division Heads, or Managers. 01.02 Computer — Refers to computer hardware, and includes personal computers, notebooks, laptops, tablets, printers, plotters, scanners, external CD/DVD drives, external backup drives, modems, digital cameras, PDAs, switches, routers, wireless devices, etc. 01.03 Executable (.exe) File — A file that can directly perform an action, as in executing a program or a command. A program is an organized list of instructions that when executed, causes the computer to behave in a predetermined manner. 01.04 Illegal Software - Software that has been loaded onto a personal computer in violation of the terms of the software vendor's license agreement. Generally, software can only be loaded onto one personal computer at a time, unless the license agreement allows for multiple installs. 01.05 Memory Stick — Refers to any portable device or medium that is designed specifically for the transfer and storage of data. 01.06 PDA — A term used for any small mobile hand-held device that provides computing and information storage and retrieval capabilities for personal or business use. They are often referred to as a Palm Pilot, iPAQ, Blackberry, smartphone, etc., and are primarily used for voice communication, receiving and storage of emails, and the retrieval of calendar and contact information while off-site. PDAs can also be used to download/upload documents and spreadsheets. 01.07 Software — Refers to computer programs and utilities that require a computer to function, 01.08 Virus — A computer program designed to attack a personal computer in a stealth and insidious manner. A virus can be introduced into a network by accessing a medium that originated from an outside source, such as your home. A virus can also attack a network if it is downloaded,from the Internet. 01.09 Login Token - A physical device that together with a Personal Identification Number (PIN) will enable authorized access to an individual computer or computer network. Procedure Title: Personal Computer Procedure Page 3 of 20 Procedure Number:. ADM 030-001 01.10 Email - The exchange of electronic messages processed by the City's MS -Exchange computer system. 01.11 Text — The exchange of electronic messages, including PIN -to -PIN messages sent and received by PDAs, and processed by the City's Blackberry. Enterprise Server (BES) system. 02 Responsibilities 02.01 Chief Administrative Officer to: a) approve any amendments to this Procedure; and b) actively participate in the security of the computer network. 02.02 Director to: a) request Internet access for employees; b) request computers for employee's home usage; and c) actively participate in the security of the computer network. 02.03 Division Head/Manager/Supervisor to: a) investigate any misconduct associated with this Procedure and undertake disciplinary action as may be required; b) provide supervision of employees and monitoring systems in use within their areas of responsibility; c) provide IT with a minimum of two working days' notice prior to the start of a new employee; and d) actively participate in the security of the computer network. 02.04 Employee to: a) refrain from sharing passwords under any circumstances; and b) actively participate in the security of the computer network. Procedure Title: Personal Computer Procedure Page 4 of 20 Procedure Number: ADM 030-001 03 Ownership of Computer System 03.01 The computer system is the property of The Corporation of the City of Pickering and may be accessed only by authorized users. Unauthorized use of this system is strictly prohibited and may subject the user to disciplinary action, penalties, and legal prosecution. The Corporation may monitor any activity or communication on the system and retrieve any information stored within the system. Users should have no expectation of ownership or privacy with respect to any communication or information stored or having been stored within the system, including information stored locally on the hard drive or other media in use with this unit (e.g., PDA's, memory sticks, etc). 04 Procedures/General Provisions 04.01 All computers must only be budgeted within IT's budget, and the computers are only to be installed by IT employees unless IT indicates otherwise. Computers budgeted outside of IT's budget will not be purchased, and the decision to purchase the equipment will be deferred until the following budget year. 04.02 Software must only be budgeted within IT's budget, and must only be installed by IT employees unless IT indicates otherwise. Computer software budgeted outside of IT's budget will not be purchased, and the decision to purchase the software will be deferred until the following budget year. 04.03 If a need is identified for software to be supplied by the City for use by an employee on a personally -owned computer, the Director will submit a written request to IT on behalf of the employee. If the request is approved, the software shall remain the property of the City, and the provisions of this Procedure shall apply. The employee will make available to IT their personally -owned computer within the Civic Complex, and the software will be installed on it by an IT employee. The software's media will not be provided to the employee. If the employee ceases to be employed by the City for any reason, all copies of the software that resided on the employee's personally -owned computer, including all backup copies shall be erased. If the request is not approved, IT will notify the employee of the decision. 04.04 If any situation arises that is not covered by this Procedure, the employee shall seek prior direction from IT before proceeding. Procedure Title: Personal Computer Procedure Page 5 of 20 Procedure Number: ADM 030-001 05 Standard Applications 05.01 Each employee having been assigned a computer network account will be able to utilize the following: MS -Office Zip/Unzip Anti-virus Internet Explorer Acrobat Reader 05.02 If access to additional application software is required and there is an expense involved, the employee's immediate supervisor shall advise IT of the need along with justification for the expenditure. This is required to be completed prior to IT's budget submission. If no additional expense is required to provide the requested access, then only authorization from the employee's immediate supervisor - is required. 06 Development of Computer Software and Documentation 06.01 Software developed for the City by its employees, and all matters affiliated with the development, including but not limited to documentation and design, remains the sole property of the City. 07 Illegal Software The following guidelines have been developed to eliminate non -authorized copying and use of computer software: 07.01 Only software purchased, leased, or developed by the City is to reside on corporate computers with the exception of software being used only for evaluation purposes. The use of evaluation software is allowed only under the following conditions: a) IT has approved in writing the evaluation of the software prior to its installation; b) the software vendor, if applicable, is made aware of the proposed evaluation use and is in agreement; and c) the software resides on the computer hardware only for the length of time specified by the vendor and IT. 07.02 Software purchased by the City is to be installed on only one computer at any time, unless the software license specifically permits otherwise. Procedure Title: Personal Computer Procedure Page 6 of 20 Procedure Number: ADM 030-001 07.03 The software's original storage media shall be kept within IT at all times, except during software reloads. 07.04 Software purchased by the City shall not be installed, except onto • the computer which IT authorizes. The installation of software onto non -authorized computers or medium will be considered as theft; however, copying software for the purpose of back-ups is acceptable. 07.05 Audits will be performed randomly. Software is not to be installed on City equipment that has not been authorized by IT. 07.06 If any situation arises that is not covered by this Procedure, the employee shall seek prior direction from IT before proceeding. 08 Virus Checking 08.01 All City servers, personal computers, notebooks, laptops, and tablets are protected by anti-virus software. 08.02 , If a virus is detected, the transfer or processing of the data must be halted. The employee must notify IT immediately. 08.03 If the network becomes infected with a virus, IT will immediately remove all employee access from the network until such time as the virus has been removed from the network servers. 09 Data Backups 09.01 Employees are responsible for the back-up of data files stored on their local computer disk drive. Data files stored on the server are the responsibility of IT. It is recommended that all data files be stored on the network to ensure they are stored securely and regular back-ups are performed. 09.02 When IT performs maintenance on a computer's local disk drive, the employee will be notified beforehand. It is the employee's responsibility to perform a back-up of the data files (if any) that are stored on the local disk drive. If files are lost or damaged as a result of the maintenance function, IT will assist, if possible, in the . restoration of the files; however, the ultimate responsibility for the files rests with the employee. 09.03 The backup of data residing on network servers is the responsibility of IT. Backups to disk (snapshots) will occur at regular intervals, Procedure Title: Personal Computer Procedure Page 7 of 20 Procedure Number: ADM 030-001 and will be stored for as long as the allotted disk space permits. The weekly backup of data to tape will occur Friday evenings. Weekly backup tapes older than three weeks will be put back into the schedule to be re -used. The backup tape(s) for the last weekend of the month will be stored at Claremont for a period of twelve months. The year-end backup tape(s) will also be stored at Claremont and unlike the weekly and monthly backup tapes; they will not be rescheduled for re -use. 10 Security 10.01 It is the responsibility of each employee to ensure his or her passwords are not shared. Employees must immediately report any known or suspected compromise of their password(s) to the Supervisor, Network Support or the Manager, Information Technology. If an employee requires access to a co-worker's data or email files, upon receiving a Help Desk request from someone with the appropriate level of authority, IT may grant the security rights to the person for whom it was requested. 10.02 An employee must not access or attempt to access a City computer where expressed permission has not been granted to him or her by a member of their supervisor staff or a member of IT. 10.03 An employee placed on leave by the Corporation must not access or attempt to access a City computer. 10.04 Employees are to lock their computer if they will be away from their workstation in excess of five minutes. 10.05 When determining network and computer access, including senders of emails and Internet sites visited, the employee's login ID associated with the action will be viewed as proof of ownership of the action in question. 10.06 The security of the computer network is the responsibility of all City of Pickering staff, including those who do not utilize the computer network on a regular basis. Employees are to immediately notify the Manager, Information Technology or the Supervisor, Network Support if they become aware of, or suspect the security of the Corporation's computer network has been breached or may be breached. Failure to do so may indicate involvement in the security breach. 10.07 The transfer of corporate data outside the confines of City premises, along with the mode of transfer, must be approved by the Procedure Title: Personal Computer Procedure Page 8 of 20 Procedure Number: ADM 030-001 employee's immediate supervisor. If the data are to be transferred by means of a memory stick, computer, or a similar method, the data needs to be both encrypted and password protected. 10.08 Computers leaving the physical confines of City premises must have their disk drives encrypted with IT -installed encryption software. All City -owned laptops, notebooks, and tablets are to have their disk drives encrypted with IT -installed encryption software. 10.09 Non -corporate computers and computer-related equipment not authorized by IT are not permitted to be attached to the Corporation's computer network unless approved by IT. 10.10 An employee who has been assigned a login token must not share their PIN. The token is not to leave the employee's work area unless the employee has been assigned a laptop, and the employee is required to remove the laptop from the work area. During non -working hours the login token is to be stored in an out - of -sight location. If the login token is lost or stolen, IT is to be notified immediately. 10.11 Employees are never to divulge their passwords to anyone other than an IT employee. If IT requests an employee's password, it will always be face-to-face, or by an internal telephone call. If the request is by telephone, the employee is to advise the caller that he or she will telephone the caller back at their office extension to confirm the caller's identity. IT will never request an employee to identify, confirm, or submit his or her password by means of an email request, or by having him or her log into an Internet site. 11 Freedom of Information 11.01 All electronic documents, including emails and texts that are processed on City computers and PDAs are records for the purposes of the Municipal Freedom of Information and Protection of Privacy Act, and may be a public record for the purposes of this Act. 11.02 Authorized officials of the City require approval from the employee's Director and the Chief Administrative Officer to access user files including archived materials of current employees without their prior consent. Such access must be for reasons related to maintaining the integrity of the network, or for any other legitimate City purpose. The request and approvals are to be made to IT in writing. Procedure Title: Personal Computer Procedure Page 9 of 20 Procedure Number: ADM 030-001 11.03 Questions relating to the collection of personal information should be directed to the City of Pickering's Freedom of Information and Privacy Coordinator (City Clerk) or designate. 12 Allocation of Computer Resources 12.01 The responsibility to allocate and to re -allocate computer equipment and software is the sole domain of IT. Although assigned to individuals and departments, all computer-related assets remain the property of the City and are assigned for use at the discretion of IT. The physical movement and re -allocation of computer-related assets is to be performed only by IT employees. 13 Email and Text Messaging 13.01 Rules of Use (see ADM 160 Customer Service Policy & ADM 160- 001 Communications Procedure): a) access to email via the Internet is automatically provided through Microsoft Exchange Server to all employees who have an email account. The Internet email address format will always be first initial, followed by surname, followed by the City's domain name, e.g. jsmithcityofpickering.com. The previous Internet email address format of jsmith@city.pickerinq.on.ca is currently still operational; b) the employee shall use the email and text messaging systems in a responsible manner in accordance with the requirements of this Procedure; c) at a minimum, employees are to check for new email messages within the first thirty minutes of the workday and within the first thirty minutes of returning from lunch. All emails are to be acknowledged on the same day of receipt if so required, either with the requested information or with the time when the information will be forthcoming; all email and text messages are considered to be corporate in nature and thus must adhere to all City policies and guidelines, including the City's Workplace Harassment Procedure; e) personal use of the system is authorized within reasonable limits as long as it does not interfere with or conflict with business use; Procedure Title: Personal Computer Procedure Page 10 of 20 Procedure Number: ADM 030-001 f) if employees receive an email or text message which conflicts with any section of this Procedure, they must notify the Supervisor, Network Support or Manager, Information Technology immediately. The sender may be notified by the City that such communication is inappropriate; g) storage of email messages and attachments are subject to limitations. All employees are required to delete email messages on a monthly basis that are no longer required; h) emails older than twelve months will be automatically archived. IT reserves the right to alter this time parameter should the volume of available disk space require it (ADM 060 - Records Management Policy); and i) copies of all email and text messages received, distributed, and processed through the City's computer systems will be captured and retained for a minimum period of two years. 13.02 Prohibited Use of the Email and Text Messaging Systems: While accessing and using the email and text messaging systems, the employee may not perform or engage in any act, which constitutes illegal or unacceptable behavior. More specifically, but without limitation, the employee may not voluntarily or negligently: a) access the email system or use it without prior approval of IT; b) convey by the signature of his/her messages or otherwise, that he/she is expressing an opinion on behalf of the City, unless duly authorized to do so; send, publish or provide access to any confidential information or document belonging to or concerning the City; d) copy or alter a third party's work without first obtaining the owner's permission; e) download or engage in any communications that are in violation of this Procedure, including but not limited to transmission of defamatory, obscene, offensive, illegal, or harassing messages, or messages that disclose personal or confidential information without permission. Use of the email and text messaging systems to engage in sporting pools, distribution of graphically offensive materials is prohibited; Procedure Title: Personal Computer Procedure Page 11 of 20 Procedure Number: ADM 030-001 f) harass a person or group of persons; make unsolicited bulk advertising mailings ("SPAM", "junk mail", "bulk mail", etc.); h) cause or attempt to cause damage to another individual or his or her property; i) commit or attempt to commit an illegal act; j) compromise the reputation of the City, its employees, clients or suppliers; g) k) transmit or forward Corporate confidential information to outside individuals or companies not authorized to receive such information, or similarly, send or forward such information to other employees inside the City who are not authorized to receive that information; use the email and text messaging systems to copy or transmit any documents, software, or other information protected by copyright laws; employees shall not solicit inappropriate email or text messages; and global messages to all or a large segment of City employees shall not be sent without prior approval from the appropriate authorized official or IT Support Staff. 13.03 General Procedure on Email Filtering: The City of Pickering has taken the appropriate steps to protect staff from receiving SPAM and offensive emails from the Internet by implementing an email filtering system. No filtering is perfect, and some SPAM and/or offensive emails will breach the City's email filtering system. If a breach should repeatedly occur, it is the responsibility of the employee to notify the Help Desk so that it can be determined whether the filter's filtering rules can be modified to block future emails of a similar type. Procedure Title: Personal Computer Procedure Page 12 of 20 Procedure Number: ADM 030-001 If an incoming Internet email is determined by the system to be SPAM, the email will be deleted and will not be delivered to the intended recipient. All emails are scanned and monitored for inappropriate content. Scanned emails include those sent to your City email address, those that you send outside the City, along with those sent within the City. Emails found to be in violation of the City's Personal Computer Use Procedure will not be stopped; however, the employee's Director may be notified of the infraction and provided with a copy of the email along with any attachment(s). 13.04 Blocking Incoming Emails from Specific Senders: • The City believes that in general the decision to accept or reject emails is best taken by the individual recipient, excluding SPAM emails. MS -Exchange can be configured to automatically delete messages matching user -defined criteria including sender addresses. There are; however, situations where the City is obliged to block messages where the sender is negatively impacting multiple users. If multiple users of the City's computer network are receiving emails containing harmful and/or inappropriate material from the same source, and there is a foreseeable risk that similar material may be sent from the same source in future, IT will take steps to block future messages from that source providing the request to do so originates from the Office of the Chief Administrative Officer. Once a block has been implemented, emails originating from the sender will no longer be delivered within the City, and the sender will receive the following automated response: Dear Sir or Madam: The City of Pickering has placed a block on emails originating from this email address. The block was enacted as a result of past emails that were deemed to be inappropriate. 13.05 Third -Party Email Systems: The sending of emails from within the City using third -party systems such as Hotmail, Yahoo, MSN, etc., is prohibited, and has been blocked. The employee retains the ability to receive emails from third -party email systems. Procedure Title: Personal Computer Procedure Page 13 of 20 Procedure Number: ADM 030-001 13.06 Use of Instant Messaging: The use of Instant Messaging systems within the City of Pickering .is prohibited, and has been blocked. 14 Internet 14.01 Ownership: a) the Internet Network Access System or any part thereof, to which the employee is given access, is deemed to be the exclusive property of the City. Consequently, the employee is not granted any right of ownership, or guarantee of confidentiality or privacy, while using the System. Information that is considered to be confidential or private should not be sent over the System; and b) the employee is not granted any right of ownership of any information taken off the Internet Network Access System. 14.02 Access: Internet access is provided to employees based on their job requirements. 14.03 Browsing: The City's web browser is Microsoft's Internet Explorer. Internet access will be controlled by network login ID. 14.04 Downloading: Downloading of non -executable files for business use is permitted. This would include reports, Adobe pdf files, information flyers, etc., from other institutions or government agencies, which may be useful to the City. Software that is installable, such as but not limited to .exe files and Java scripts may contain viruses, which could harm the Network. If such a file is required, approval must be obtained from the Supervisor, Network Support prior to downloading. If you are unsure what constitutes an installable file, the employee is to contact IT prior to the download. Procedure Title: Personal Computer Procedure Page 14 of 20 Procedure Number: ADM 030-001 14.05 Limitations: Employees may have limits placed on their use of Internet -related resources. 14.06 Internet Rules: a) the City's website shall not be altered in any manner except as approved by the Manager, Marketing & Business Development or designate; personal web pages shall not be created that are in any way associated with or linked to a City of Pickering website; c) chat forums are not to be visited; d) websites are not to be visited if they contain obscene, pornographic, hateful, discriminatory or other objectionable subject matter. If a site needs to be visited and you are concerned about a possible violation of the City's Procedure, then prior direction should be sought from IT; and with the exception of public areas such as websites, the employee shall not access or attempt to access a computer or a computer network connected to the Internet without the permission of the Manager, Information Technology. 14.07 Tracking: IT has the ability to track all websites accessed by City employees as well as those sites that were attempted to be accessed. 15 Staff Changes By way of the Help Desk, IT must be provided with advanced notice of two working days, unless specified otherwise, for the following: 15.01 New employee to be added to the network. The form must identify what security access is to be allowed. (The "New Employee Form" may be found in the IT section under Resources on the Corporate Intranet.) 15.02 Employee transfers that affects the security access. 15.03 Employee absences where he or she will be absent from the workplace for a period greater than one month. Procedure Title: Personal Computer Procedure Page 15 of 20 Procedure Number: ADM 030-001 15.04 Movement of computer equipment from one location to another. Employee separations where the person ceases to be an employee of the City: 15.05 The supervisor of a terminated employee must notify IT of the separation on or before the employee's termination date so that account access can be revoked appropriately. The supervisor must initially notify the Supervisor, Network Support or the Manager, Information Technology by email followed after the termination by submitting a Helpdesk request to IT via the Intranet. Both notifications must include the employee's full name, department, termination date, and any other relevant piece of information that might assist IT. 15.06 Upon receiving notification from the supervisor of the terminated employee, the Supervisor, Network Support or the Manager, Information Technology will call the supervisor for verification before revoking the employee's account access. 15.07 Standard network security dictates that should an employee tender his or her resignation, or be terminated, the employee's network account is to be deleted when the employee's status becomes inactive. Therefore, upon being notified that an employee has resigned or been terminated, IT will automatically disable the employee's network account at the end of his or her last active workday and then delete the network account during the following workday. 15.08 If the employee's supervisor requires that IT delay the deletion of the inactive employee's network account, the supervisor must notify IT at the same time IT is notified of the employee's status change. IT will automatically perform the following upon being requested to delay the deletion of the inactive employee's account: a) delay the network account deletion for thirty days after the employee's last active workday. At the end of the thirtieth day, IT will automatically delete the network account; b) automatically disable the account at 4:30 pm on the employee's last active workday, or at time of employee's departure. Enable the account with a new password during the following workday. The new password will be emailed to either the Director or the Division Head, whatever is deemed the most appropriate by IT; Procedure Title: Personal Computer Procedure Page 16 of 20 Procedure Number: ADM 030-001 c) change the network access hours for the network account to 9:00 am — 5:00 pm, Monday — Friday; disable the ability to remotely access the network account; and e) disable the network account from accepting internal email. If the employee's supervisor requests IT delay the deletion of the inactive employee's network account, the following options are available to the department. If any of the following options are requested, IT must be notified at the same time it is notified of the employee's change in status: a) assign an employee to review and process the emails of the inactive employee; b) implement a forwarding rule so that new emails sent to the inactive employee would automatically be forwarded to the network account of a designated active employee. While new emails would be forwarded, existing emails received before the forwarding rule was applied would still need to be addressed; c) disable the inactive employee's network account from accepting new emails from either internal or external sources, or both; and d) allow the inactive employee's network account to receive either internal or external emails, or both, but enable an out - of -office reply to notify the email sender how to redirect future emails. Employee separations where the person is on voluntary Leave of Absence (LOA): a) if the employee is to be absent from work for a period exceeding three weeks, IT must be notified by means of the Help Desk, and the account is to be disabled to block its normal usage. The option is available to either setup an email reply message to ensure the sender is aware of the absence, or to forward the email to an alternate employee. Procedure Title: Personal Computer Procedure Page 17 of 20 Procedure Number: ADM 030-001 16 Personal Computer Desktops 16.01 The City of Pickering logo must appear on the computer monitor's desktop. The logo and background colours are not to be altered in any way. 16.02 The City of Pickering screensaver is the standard within the City, and its display is not to be altered. 17 Technical Support 17.01 Employees are required to submit requests to the Help Desk when requiring hardware or software assistance, as well as the restoring of files. All requests must be submitted utilizing the IT Intranet. 17.02 Employees shall not modify, alter or erase, or attempt to modify, alter,or erase all or part of the content of a computer or of a computer network without first obtaining permission from IT. The exception is data files that the employee has been given permission to access. 18 Training 18.01 Departments are responsible for providing training to their own staff for systems such as MS -Office, etc. 18.02 Departments are responsible for providing training to their staff, along with City staff, for those major systems predominantly used by their department. Examples would be as follows: • Planning & Development: Amanda ■ Corporate Services: Vailtech • City wide: Customer Care Tracking System 18.03 Should the City initiate a corporate -wide software upgrade or installation, IT may be directed to arrange, schedule, and oversee the training effort. 19 Powering off Computers 19.01 Computers are to be powered off only after employees have closed all applications such as MS -Office and Oracle -based systems, and have logged out of the network. Procedure Title: Personal Computer Procedure Page 18 of 20 Procedure Number: ADM 030-001 19.02 Employees must power off their personal computer, monitor, printer and all associated computer hardware, if the equipment is not to be used for twenty-four hours. 19.03 Employees who stay logged into the network overnight are to ensure their computers are locked. 20 Requesting Computer Equipment for Home Usage 20.01 The written request is to be submitted by the employee's Director to the Manager, Information Technology. The request must clearly identify the need for the equipment and software, the estimated monthly usage, and the consequences if the request is declined. 20.02 IT will review the request with the Director, Corporate Services & Treasurer. The requesting Director will be advised of the outcome and the availability of equipment. 20.03 Should the request be declined, the option of meeting with the Director, Corporate Services & Treasurer is available. 20.04 Should the request be approved, the Manager, Information Technology will contact the employee to arrange for delivery of the equipment. The Manager, Information Technology, will notify Human Resources of the home use agreement details. Human Resources shall file the notice in the employee file. In the event that the employee ceases to be employed by the City for any reason, the notice is pulled from the employee file and forwarded to the Manager, Information Technology for appropriate action. 20.05 Should an employee request replacement of obsolete equipment previously approved through the Home Usage process, the request will be considered as a new request and thus, must follow the same process, as would an initial request. 21 Personal Digital Assistants (PDA) As a result of a PDA's capability to store corporate data, security of the data becomes an issue due to the limited security features of these devices and the propensity of most owners of PDAs not to use any security or at best, minimal security. If an employee wishes to attach a PDA to a computer, the employee must first receive permission from their Director or Division Head. Once the employee has secured such authorization, the employee must submit a request to the Help Desk. The request must clearly identify the need for the equipment as it relates Procedure Title: Personal Computer Procedure Page 19 of 20 Procedure Number: ADM 030-001 to their job function. All PDAs containing corporate data must be password protected to protect the Corporation should the PDA be lost or stolen. Providing the device has the capability, the corporate data contained within the PDA is to be encrypted. 22 Adherence to Personal Computer Use Procedure It is the expectation of the City of Pickering that every employee that accesses a City -owned computer has made himself or herself familiar with the Personal Computer Use Procedure, and therefore, the employee acknowledges an understanding and an acceptance of the procedure by the very act of accessing the City -owned computer. An employee will be held accountable for those transactions and site visits that can be traced to his or her login ID; therefore, it is imperative that passwords be protected. Infractions of the Personal Computer Use Procedure will be considered as a serious breach of corporate procedure, and may subject the employee to disciplinary action, penalties, and legal prosecution. Procedure Title: Personal Computer Procedure Procedure Number: ADM 030-001 Page 20 of 20