Order No. 28502
Information/Technology Policies
Came to be heard this the 26th day of January 2004 with a motion made by
Commissioner Williams, Seconded by Commissioner Baldwin, the Court
unanimously approved by a vote of 4-0-0 to set a workshop for February 9th,
2004 at 3:00 pm.
s2
COMMISSIONERS' COURT AGENDA REQUEST
PLEASE FURNISH ONE ORIGINAL AND NINE COPIES OF THIS REQUEST
AND DOCUMENTS TO BE REVIEWED BY THE COURT.
MADE BY: William H. Williams OFFICE: Commissioner, Pct. 2
MEETING DATE: January 26, 2004 TIME PREFERRED:
SUBJECT: (Please be specific). Consider, discuss and take appropriate action to approve
Kerr County Information/Technology Policies.
EXECUTIVE SESSION REQUESTED
NAME OF PERSON(S) ADDRESSING THE COURT: Commissioner Williams.
ESTIMATED LENGTH OF PRESENTATION: 5 Minutes
IF PERSONNEL MATTER-NAME OF EMPLOYEE:
Time for submitting this request for Court to assure that the matter is posted in
accordance with Title 5, Chapter 551 and 552, Government Code, is as follows:
Meeting scheduled for Mondays: 5:00 P.M. previous Tuesday
THIS REQUEST RECEIVED BY:
THIS REQUEST RECEIVED ON:
All Agenda Requests will be screened by the County Judge's Office to determine if adequate
information has been prepared for the Court's formal consideration and action at time of Court
meetings. Your cooperation is appreciated and contributes toward your request being addressed
at the earliest opportunity. See Agenda Request Rule adopted by Commissioners Court.
Backup information for Agenda Item
Prior to and during the 2003-04 Budget process, Commissioners Court was made aware
of on-going serious computer problems resulting from misuse and unauthorized use of
computers and related equipment/technology. It was pointed out that no comprehensive
Information Technology Policy for Kerr County was in place.
I obtained a copy of the Information Technology Policy in place for Alamo Area Council
of Governments, and edited and amended it to for use by Kerr County.
Prior to presentation to Commissioners Court, I submitted it for review and comment to
Tommy Tomlinson, County Auditor and Shaun Branham, Kerr County Information
Technology Specialist.
D RAFT... D RAFT... D RAFT
Kerr County
Information/Technology
Policies
Adopted by
Kerr County
Commissioners Court
2003
Table of Contents
1. Policy .........................................................................	1-1
2. Purpose ......................................................................	2-1
3. Term	inology ...............................................................	3-1
3.1	Chain Letter ......................................................	3-1
3.2	Client .................................................................	3-1
3.3	Computing Ethics ..............................................	3-1
3.4	E-Mail .................................................................	3-1
3.5	Hack ..................................................................	3-1
3.6	Internet .............................................................	3-1
3.7	Hoax Message ..................................................	3-1
3.8	Home Page .......................................................	3-1
3.9	Intellectual Property ........................................	3-2
3.10	Network ............................................................	3-2
3.11	Processes .........................................................	3-2
3.12	Server ................................................................	3-2
3.13	Shareware .........................................................	3-2
3.14	Software License Agreement ...........................	3-2
3.15	Software Piracy .................................................	3-2
3.16	Unauthorized Copying .......................................	3-3
3.17	Virus ................................................................... 3-3
3.18	World Wide Web (VW1IW or the Web) .................. 3-3
3.19	Web Page ........................................................... 3-3
3.20	Worm .................................................................. 3-3
4. Use of Kerr County Information Technology ............. 41
4.1 Authorization ...................................................... 41
4.2 Electronic Maii and Internet Use ....................... 41
4.3 Network Operability ........................................... 42
4.4 Personal Use ...................................................... 42
4.5 Right to Privacy .................................................. 42
4.6 Broadcast Messages .......................................... 43
4.7 Disciplinary Action ............................................. 43
5. Software ......................................................................... 5-1
5.1	Copyrighted Software ..............................................	5-1
5.2	Software Approval ...................................................	5-1
5.3	Software Purchases ................................................	5-1
5.4	Unauthorized Purchases .........................................	5-1
5.5	Damaged Software ..................................................	5-2
5.6	Software Accounting ...............................................	5-2
5.7	Software Documentation/Record Keeping ..............	5-2
6. Kerr County's Home Page ................................................. 6-1
7. Computer Ethics ................................................................ 7-1
8. Etiquette ............................................................................ 8-1
9. E-mail Guidelines .............................................................. 9-1
1. Policy
It is the policy of Kerr County to provide an atmosphere that encourages the free
exchange of ideas and sharing of information to benefit the conduct of official
Kerr County business.
Access to this environment and Kerr County's information technology resources
is a privilege and must be treated with the highest standard of ethics. Kerr
County expects all individuals to use the computing and information technology
resources in a legal, ethical, and responsible manner; respecting the public trust
through which these resources have been provided, the rights and privacy of
others, the integrity of facilities and controls, and all pertinent laws and Kerr
County policies and standards.
Electronic mail and Internet access is provided to Kerr County representatives
such as elected officials, department heads, employees, interns, temporary agency
employees and volunteers as business communications tools. Kerr County
representatives may have access to one or more forms of electronic media and
services (computers, a-mail, telephones, voice mail, fax machines, copying
machines, external electronic bulletin boards, wire services, on-line services, the
Internet and the World Wide Web).
Kerr County encourages the use of these media and associated services for the
conduct of official Kerr County business. However, electronic media and services
provided by Kerr County are Kerr County property, and their sole purpose is to
facilitate Kerr County business.
The following procedures apply to all electronic media and services, which are:
• Accessed on or from Kerr County premises;
• Accessed using Kerr County computer or other equipment, or via
• Kerr County-paid access methods, and/or used in a manner which
identifies the individual with Kerr County.
By using or accessing any such electronic media in the manner described, the
employee shall be deemed to have agreed to be bound by these procedures.
2. Purpose
The purpose of establishing Information Technology policies is to accomplish the
following:
• Outline standard information technology terminology;
• Outline the standards for acceptable use and procurement of Kerr County
computing and information technology resources which include, but are
not limited to, software, equipment, networks, data and telephones
whether owned, leased or otherwise provided by Kerr County;
• Set forth Kerr County's policy regarding the use of, access to, review, and
disclosure of various electronic communications, including those sent or
received by Kerr County employees and/or representatives;
• Set forth the applicability of this policy to include all individuals
representing Ken County and using Kerr County's computer and network
systems, including Elected Officials, Department Heads, employees,
interns, temporary employees, subcontractors and volunteers; and
• Tod(facilitate the efficient and productive use of all information
technology resources as a means to accomplish the County's business.
3. Terminology
3.1 Chain Letter
A letter sent to a number of people asking each recipient to send copies
with the same request to a specified number of others. The circulation of a
chain letter increases in geometrical progression as long as the instructions
are followed by all recipients.
3.2 Client
Is one end of a network protocol that provides a user interface to the
server.
3.3 Computing Ethics
A set of accepted manners to be observed while using information
technology resources.
3.4 E-Mai/
Electronic mail is a means of sending messages between computers using
a computer network or over a modem connected to a telephone line.
3.5 Hack
An individual who uses programming skills to gain illegal access to a
computer network or file.
3.8 /nternet
The Internet is a network of computer networks through which
information or electronic mail may travel. Computer users can use the
Internet like a telephone or fax to exchange information quickly and
efficiently.
3.7 Hoax Message
Any message used to deceive by a story or a trick, for sport or mischief.
3.8 Home Page
The starting point for most organizations to place links to other parts of
the web.
3.9 irate/%ctuai Property
An original computer program is regarded by law as the intellectual
property of the person or company which created the work. Computer
programs are protected under copyright law, which provides that any
unauthorized copying of such works is illegal.
3.10 Networlr
A collection of two or more computers and associated devices that are
linked together with communications equipment.
3.11 Processes
A part of a running software program or other computing operation that
does a single task.
3.12 Server
A computer that provides information or programs to client computers on
a network, whether it be an in-house server or an Internet server.
3.13 Shareware
Software available on the Internet for downloading so you can try it before
buying it. This software is copyrighted and distributed on a "free-will
donation" basis, either via the Internet or by being passed along by
satisfied customers. Users who continue to use the program after a trial
period are expected to pay a registration fee. In return, they get
documentation, technical support, and access to updated versions.
3.14 Software License Agreement:
A software license agreement states the terms of usage, as permitted by
the copyright owner, for the specific software product to which it pertains.
The license agreement accompanying software is stated explicitly in the
software documentation or on the computer screen when the program is
started. The price of software covers the legal acquisition of the software
license and binds the purchaser to use the software only according to the
terms and agreements stated in the license.
3.15 Software Piracy
Software piracy is the term used to describe the unauthorized copying or
use of a computer program in any manner other than what is permitted by
copyright law or by the author as stated in the software licensing
agreement. Any person who engages in software piracy commits an
illegal act under general copyright law.
3.16 Unauthorised Copying
The manufacturer's license agreement should be followed when making
back up copies of the software. Unless otherwise stated, the purchase of a
software license allows the purchaser to make a "back-up" copy, to be
used in case the original software disk malfunctions or is destroyed.
3.17 Virus
A computer program that replicates on computer systems by incorporating
itself into shared programs.
3.18 World Wide Web (WWW or the Web)
The part of the Internet which provides a way for organizations or
individuals to publish information which is then available to a world wide
audience. The World Wide Web currently uses an Internet protocol called
HTTP or Hyper Text Transfer Protocol and sends files written in a
language called HTML or Hyper Text Markup Language. An HTTP
server provides Web pages to client programs called browsers which
retrieve and display the information stored on the Web server.
3.18 Web Page
A single page displayed by a Web browser.
3.19 Worm
Known primarily as a virus, it is a computer program that can replicate
itself.
4. Use of Kerr County Information Technology
4.1 Authorization
Kerr County elected officials, department heads and employees shall use
only authorized computing and information technology resources when
conducting the official business of the county.
Prohibited actions include but are not limited to:
• Use of unauthorized resources;
• Access applications, files, data or processes without appropriate
authorization.
• Intent to research or exploit security flaws to gain system or data
access;
• Connecting any hardware to the network or PC without prior
approval from the Information Technology Department.
• Alter or destroy information with the intent to cause harm or injury
to Kerr County or an employee of Kerr County.
• Attempt to deliberately degrade performance or deny service.
• Installation of any software without prior approval of the
Information Technology Department.
• Sending bomb threats or "hoax" messages.
• Use of computing or network resources for advertising or
commercial purposes.
• Use of another employee's account andlor password or share the
account and password assigned to you with another employee is
prohibited.
• Use of chat software (MSN Messenger, AOL Instant Messenger,
etc., is prohibited.
Information Technology staff have the responsibility of maintaining
confidentiality of information viewed during troubleshooting and
monitoring of the county's network.
4.2 Electronic Mai! and Internet Use
Kerr County elected officials, department heads and employees shall not
knowingly send, receive, store, or access sites that are deemed by Kerr
County to promote, encourage, or endorse discrimination on the basis of
race, color, national origin, age, sex, political affiliation, religion,
disability, or sexual orientation;
Electronic media may not be used for knowingly transmitting, retrieving
or storage of any communications including but not limited to:
• Those of a discriminatory or harassing nature;
• Those that are derogatory to any individual or group
• Those that are obscene or of a pornographic nature;
• Those that are of a defamatory or threatening nature;
• Chain letters;
• Bomb threats or "hoax messages;"
• E-mail bombs that may cause network problems and disrupt
service for other users;
• Those which attempt to hide the identity of the sender, or represent
the sender as someone else or from another source;
• Those for advertising or other commercial purposes; or
• Are for any other purpose which is illegal or against Kerr County
policy or contrary to Kerr County's interest.
4.3 Network Operability
Ken County employees and/or representatives may not attempt to read,
"hack" into other systems or other people's logins, or "crack" passwords,
breach computer or network security measures, or monitor electronic files
or communications of other employees or third parties except by explicit
direction of Commissioners Court.
Kerr County employees and/or representatives may not share user logon
and passwords, access or copy another user's electronic mail, data,
programs, or other file(s) without prior approval of the elected official or
department head for whom the employee directly works.
Electronic media and services should not be used in a manner that will
likely cause network congestion or significantly hamper the ability of
other people to access and use the system, such as distributing computer
worms or viruses.
Kerr County employees and/or representatives may not alter or destroy
information with the intent to cause harm or injury to Kerr County or any
other employee or Ken County.
Kerr County employees and/or representatives may not tap a phone line or
run a network sniffer without authorization.
4.4 Persona/ Use
Electronic media and services are primarily for Kerr County business use.
Limited, occasional or incidental use of electronic media (sending or
receiving) for personal, non-business purposes are understandable and
acceptable, however, the use of streaming audio or video for personal use
is prohibited.
This limited personal use shall not interfere with job performance.
Personal messages may not be broadcast to groups of people or other
employees.
Employees need to demonstrate a sense of responsibility and may not
abuse the limited use privilege.
4.5 Right to Privacy
Kerr County reserves the right to monitor, access, review, copy or delete
each employee's access or use of the Internet and Electronic Mail
including but not limited to a-mail, word processing, utility programs,
spreadsheets, voicemail, telephones, InternetBBS access, and to block
access to areas of the Internet which have not value to Kerr County.
Kerr County employees and/or representatives have no legitimate
expectation of privacy in their use of the Internet or Electronic Mail. Use
of Ken County's systems and hardware constitutes consent to having
Internet and Electronic Mail usage monitored.
All documents are the property of Kerr County, and are not to be removed
from Kerr County premises or copied to removable media without the
approval of the Elected Official and/or the Department Head for whom the
employee/representative/volunteer works.
Kerr County reserves the right to purge electronic message(s) and/or
documents to include attachments order than four (4) months. Messages
and/or documents to include attachments sent and/or received via
electronic mail which must be retained for greater that four (4) months
must be filed in "My Documents" on the user's hard drive or on a network
shared drive where applicable.
Kerr County elected officials, department heads, employees and/or
representatives obtaining electronic access to other companies or
individuals' materials must respect all copyrights and may not copy,
retrieve, modify, or forward copyrighted materials except as permitted by
the copyright owner. Information sent by an employee to one or more
individuals via an electronic network (e.g., bulletin board, on-line service,
or Internet) are statements identifiable and attributable to Kerr County.
While some users include personal disclaimers in electronic messages, it
should be noted that there would still be a connection with Kerr County,
and the statement might still be legally imputed to Kerr County. All
communication sent by employees via a network must comply with this
and other Kerr County policies.
All Ken County employees and/or representatives have the obligation to
report suspected violations of this policy to their elected official,
department head, or in the alternative Commissioners Court.
4.6. Broadcast Messages
Permission for County-wide broadcasting of messages must be obtained
from either the elected official or department head for which the employee
and/or representative works.
4.6 Disciplinary Action
Any employee found to be abusing the privilege of Ken County-facilitated
access to electronic media or services will be subject to disciplinary action
up to and including termination of employment and/or risk having the
privilege removed him/herself and possibly other employees.
5. Software
5.1 Copyrighted Software
Kerr County employees and/or representatives shall abide by applicable
laws and Kerr County policies and respect the copyrights and intellectual
property laws of others, including the legal use of copyrighted software.
Unauthorized software copies are a violation of the law and unauthorized
copying of software will not be tolerated under any circumstances.
Kerr County employees and/or representatives must comply with all
license or purchase terms regulating the use of software.
5.2 Software Approve/
Approval must be obtained from the Kerr County Information Technology
Department prior to using any publicly available software package,
download of demo software, or software on preview. (A Software
Approval Form is available for this purpose).
Software that may be marked as "free," "public domain," and "public use"
may be free for personal use but not corporate and/or governmental use.
In downloading software from the Internet, use of this software can violate
copyright or licensing requirements, thus subject Kerr County to
unnecessary and expensive litigation.
5.3 Software Purchases
Only copyrighted software, authorized for use and/or purchased in
compliance with Kerr County's software procurement policies, will be
eligible for payment.
Only original manufacturer's copyrighted software will be eligible for
purchase and payment.
The Kerr County Information Technology Department is responsible for
safekeeping of all software purchased including licenses and media.
License agreements will be kept as the property of Kerr County. A copy of
the license agreement may be kept by an elected official or department
head.
5.4 Unauthorized Purchases
All software purchased must have prior approval. Any software
purchased without an approved request and purchase order issued by the
Information Technology Department will be considered an unauthorized
purchase and will become the financial responsibility of the employee who
made the purchase.
Unauthorized purchases must be returned to the vendor and may not be
used on Kerr County property, even if paid for by the employee who made
the original purchase.
"Shareware" is not eligible for purchase and any "shareware" purchased
will become the financial responsibility of the employee making the
purchase.
The use of software, free or otherwise not authorized or purchased by Kerr
County is prohibited. Employees not adhering to this policy may be
subject to disciplinary action up to and including termination of
employment.
5.5 Damaged Software
It is the responsibility of the Information Technology Department to return
any damaged software to the vendor and seek the appropriate credit or
refund, if paid.
5.6 Software Accounting
Kerr County Information Technology Department will take inventory of
each desktop or laptop computer's software on a periodic basis.
Departments must allow access to all directories, disks, and
documentation upon request by ITD personnel.
5.7 Software Documentation/Record Keeping
All copyrighted software must include proper documentation (license
agreement).
Only under the following circumstances may Kerr County
employees/representatives copy software:
• Prior authorization must be obtained from the Information
Technology Department.
• Back-up copies will be permitted if allowed in the software license
agreement.
• Back-up copies are labeled as such and become the property of
Kerr County.
6. Kerr County's Home Page
Kerr County's Home Page will contain the official County Seal,
information about county activities, meetings, and public hearings.
Likewise, information on how to contact all elected officials or
departments by e-mail, by regular mail, or by fax or telephone will be
included.
Confidential information shall not be release via the Internet.
Release of information that might compromise public safety should be
avoided at all times.
Kerr County's Home Page will be coordinated and produced by the
Information Technology Department. No modifications or additional
including links to other sites can be made to Kerr County's Home Page
without prior approval of the Information Technology Department.
Only official information about Kerr County governmental agencies and
activities will be displayed on the Kerr County Web Site.
7. Computer Ethics
Kerr County is a political subdivision of the State of Texas. Elected Officials,
employees and/or representatives of Kerr County have a responsibility to conduct
themselves in an ethical manner.
Electronic mail should be treated as privileged in the same manner as first class
U. S. mail.
Any system weaknesses should be reported to the Information Technology
Department immediately.
Data obtained inappropriately (i.e., proprietary) should not be used.
The organizations and citizens that Kerr County serves have the right to privacy.
Use of personal or proprietary information voluntarily provided, for purposes
other than agreed to is unethical.
8. Etiquette
Each network/sXstem (e.~., Law Enforcement, District Clerk. County Clerk,
Auditing Treasurer Tax Assessor, etc.) has its own set of policies, practices and
procedures Actions which are routinely allowed on one network/system may be
controlled or even forbidden on other networks/systems. It is the user's
responsibility to abide by the nolicies~practices and procedures of all
network/s~tems with which they may communicate.
9. E-Mail Guidelines
Guidelines when writing a-mail:
• Write a specific subject or entry line.
• Organize and construct the message. Due to constraints, most of the
screens are limited to 24 or fewer lines. Limiting your message enables
the reader to read it on one page instead of scrolling through multiple
pages to get the information needed.
• Flag total content and position important information first or use the first
page as an executive summary if the document will be lengthy.
• If the message requires several screens, use heading, subheadings, listings,
and side-titles to assist readers.
• Warn readers of additional pages.
• Do not "Shout" at your reader by writing EXCLUSIVELY IN CAPITAL
LETTERS!
• Be professional. Use proper grammar, spelling, and punctuation.
• No flaming (a verbal attack in electronic form) is allowed.
• Unsolicited a-mail will not be permitted.
• Salutations should follow the same manner in which you normally address
the receiver.
• The closing of the e-mail should include your name, title, and a-mail
address to enable the receiver to easily respond to your message.
Kerr County Information Technology Policy
Revisions submitted by Shaun Branham
Section 3.5 "Hack"
This is not necessary for a revision, I just wanted to give some background info fro
Political Correctness. Originally, and even still, to Hack meant to write computer
software or administer a computer network with permission.
Unfortunately, two major Hollywood productions (War Games, 1980's; and Hackers
1990's) used the term hack or hacker as someone who illegally gains access to computers.
Until these two movies, the term for illegal access was Crack and someone who accessed
computers illegally was a Cracker.
I just wanted to mention this so we can be careful about using the term loosely in
conversation or email because this has been a flame war with IT personnel since the term
was misconstrued, and many IT personnel are highly insulted when a Cracker is dubbed a
Hacker since many TT personnel are proud to call themselves hackers.
Not in document
With the court's permission, if this policy is adopted, I would like to create a banned
program list that can be accessed by a internal website. This list would include known
software that should he banned from all pc's in Kerr's domain.
Basically this list will be a "don't even ask if I can install it list".
/%
/,j Z -~i
t~~aun Branham
1/12/2004