Click here to skip to main content.
scenic picture from Washington state
SUBJECTSIS › Whatcom County Computer Services Policies and Procedures
Whatcom County Computer Services Policies and Procedures

Whatcom County Computer Services Policies and Procedures

ADS - Information Services Division
Computer Services Section
Whatcom County Courthouse
676-7684

Table of Contents

    Introduction 1-1
    General Policy 2-1
    Purchasing Rules 3-1
    Installations 4-1
    Use of Minicomputers 5-1
    Use of LAN/WAN 6-1
    Security 7-1
    Electronic Mail B-1
    Internet Access 9-1

Chapter 1 Introduction

Computer systems, whether personal computers or mainframe computers, have become the prevalent tool for the gathering, storing, manipulating and reporting of business information. As computer systems become more sophisticated, so must the level of computer services available.

With the proliferation of computer systems, computer resources must be managed and controlled for the benefit the organization. This benefit is obtained by assuring that computer resources are purchased, distributed and used in the best interest of the organization.

A. Computer Systems Defined

Computer Systems - the combination of computer hardware and software that allows for the user to input, store, print or distribute County information for internal or external purposes. A typical computer system consists of a central processing unit, monitor screen, keyboard, mouse, printer, modem, operating system and application software.

B. Computer Hardware and Software Defined

Computer Hardware - any electronic device that is used to input, store, print or distribute County information for internal or external purposes. This includes, but is not limited to, personal computers, local area network file servers and workstations, mainframe computers and terminals, printers, modems, scanners and backup units.

Computer Software - any program or operating system that allows the user of computer hardware to input, store, print or distribute County information for internal or external purposes. This includes, but is not limited to, personal computer operating systems, network operating systems, word processors, spreadsheets, databases, accounting, electronic mail, management utilities an user interfaces.

C. Computer Networks Defined

Computer Networks - computer systems linked together by department or location, for the purpose of sharing data or applications that are stored centrally. This includes local area network workstations, wide area network workstations, minicomputer terminals, minicomputer emulated personal computers and other systems that may be connected, such as bulletin boards, Internet, and on-line information services.

D. Computer Services Defined

Computer Services - any advice, support, recommendation or contact with a computer system, regardless of form or physical characteristic, that has been purchased or otherwise obtained by the County. Computer services are performed by Information Services personnel or by an Information Services approved outside consultant.

Computer services include, but are not limited to, recommending, purchasing configuring, installing and supporting computer systems. Support includes, but is not limited to, troubleshooting hardware and software problems, upgrading hardware or software, and assisting in using application software. All computer services performed by the County are to be considered the property of the County.

E. Purpose/Goals of Computer Services

The primary purpose of Computer Services is to provide County employees with computer systems and support that ensure that the employee can perform their job duties with available computer resources.

The specific goals of Whatcom County's Computer Services Section are as follows:

  1. Assure that proposed computer system purchases are in accordance with Information Services standards for such purchases.

  2. Ensure acquisition of computer systems follow Whatcom County Purchasing rules and procedures.

  3. Computer systems purchased are appropriate for the user's needs and are also within the financial means of the County.

  4. Configuration and installation of computer systems are performed which allow for the maximum utilization by the user.

  5. Maintain and support computer systems to allow for continued high utilization by the user.

Chapter 2 General Policy

Whatcom County is responsible for securing its computer systems in a reasonable and economically feasible degree against unauthorized access and/or abuse, while making them accessible for authorized and)egitimate users. This responsibility includes informing users of expected standards of conduct and the punitive measures for not adhering to them. Any attempt to violate the provisions of this policy may result in disciplinary action in the form of temporary revocation of user access, regardless of the success of failure of the attempt. Permanent revocations can result from continued violations or from management decision.

The users of the County's computer systems are responsible for respecting and adhering to local, state, federal and international laws. Any attempt to break those laws through the user of the County's computer systems may result in litigation against the offender by the proper authorities. If such an event should occur, the County will fully comply with the authorities to provide any information necessary for the litigation process.

A. Computer Power Usage

All non-essential computer equipment should be turned off during nonworking hours (i.e. week nights, weekends, vacations, holidays). This includes CPUs, monitors, printers and modems.

Essential computer equipment includes: network file servers, workstations attached to networks that perform after hours system backups, and computers receiving data after hours.

To save wear on the computer system's power switches, it is recommended that the equipment is turned off using the power strip's on/off switch.

B. Privacy

All electronic equipment used by employees are to be considered property of the County. All data, messages, or other files created while using the equipment is also considered property of the County. The County reserves the express right to monitor and review all activities of the employee, including information created or obtained by the employee.

This monitoring includes, but is not limited to, reviewing files or correspondence created by any software medium, periodic scans of an employees computer hard drive, and review of department log files.

C. Security

It is the responsibility of the Department Manager to assure that all computer hardware and software are secured both physically and logically. By physical, it is the manager's responsibility that all equipment is protected against theft or misuse. The use of department identification tags is required. By logical, it is the managers responsibility to assure that computer users are periodically backing up data files to safeguard against computer failures and the loss of data. It is also the managers responsibility to assure that data diskettes that are used in the department, whether they originated within the department or are obtained from outside the department, are scanned for computer viruses before they are used in the computer.

D. Personal Use of Computers

Employees are not to place personal copies of software or data on any County equipment. If an employee requires the software, a copy must be purchased by the County. This includes, but is not limited to, games, screen savers, and questionable material. If found, the software or data will be removed and a memorandum sent to the user's Department Head outlining what was found and the action taken to remove it.

It is County policy that County owned software is not to be taken home and installed on an employee's home computer for personal or County use, regardless of the software's licensing agreement. The instances of abuse and the inability to monitor and control the software is beyond the scope of the Information Services.

E. Confidentiality

Unless otherwise dictated by public disclosure laws, all information regarding the computers systems, or data created by employees, are to be considered confidential. Removing of data from the County offices without the express consent of the Department Manager is considered a breach of this confidentiality.

F. Violations of County Policy

Violations of this County policy may lead to revocation of computer use or disciplinary action, including discharge.

G. Employee Signature

All employees will be required to sign a Use of County Local Area Network/Wide Area Network and Other Information Network Resources form (see Appendix) before access to the computer systems will be made available to the user. Refusal to sign the form will result in the employee not receiving computer system access and possible disciplinary action.

Chapter 3 Purchasing Rules

The purpose of this policy is to set out guidelines for the researching, pricing, and acquisition of computer system hardware and software, and outside computer support. All computer system hardware and software purchases must be pre-approved by the department's Information Services support technician and Department Head. Final approval is the responsibility of the Information Services Manager.

A. Purchase Requests

Computer system purchase requests originate with the requesting department. The appropriate department personnel will contact the Information Services support technician with a computer system need. With information from the department on the purpose and use of the computer system the Information Services technician will research the items and contact vendors to obtain the lowest cost. Once the technician has collected the information, a printed report will be given to the department so that a Purchase Requisition can be filled out. Once the Purchase Requisition is completed, it is signed by the requesting department head and routed to Information Services for final approval. Information Services is responsible for routing the request to the Purchasing Agent for assignment of a purchase order.

B. Receiving Orders

All computer system orders are received by Information Services. The department's support technician checks the purchase order against the packing slip to determine if all of the items have been received and are correct. if so, the technician arranges with the department contact for a date and time to install the equipment. If a convenient date and time cannot be agreed upon, it will be up to the discretion of the Information Services technician when to install the equipment. If the items have not all been received, it is the technician's decision whether to start the installation or wait until all the items have been received.

If there are errors with the equipment received, it is Information Services responsibility to determine the problem and ensure that it is corrected.

Chapter 4 Installations

The purpose of this policy is to set out guidelines for the installation and configuration of computer system hardware and software. InformationServices will be responsible for the installation and configuration of all computer hardware and software, unless express consent from Information Services is given. It is Information Services policy to install the hardware and/or software with the minimum disruption to the user whenever possible.

A. Computer Hardware Installations

Once the computer equipment has been received, the Information Services technician will arrange with the department contact a convenient date and time to install the equipment. If a convenient date and time cannot be agreed upon, it will be up to the discretion of the Information Services technician when to install the equipment.

The placing and tracking of identification numbers is the responsibility of the department which purchased, or acquired, the equipment. Equipment inventories are also the responsibility of the department which purchased, or acquired, the equipment.

B. Computer Software Installations

Once the computer software has been received, the Information Services technician will arrange with the department contact a convenient date and time to install the software. If a convenient date and time cannot be agreed upon, it will be up to the discretion of the Information Services technician when to install the software.

It is Information Services' responsibility to ensure that all licensing agreements are being met before installing the computer software.

The recording and tracking of software licenses is the responsibility of the department which purchased, or acquired, the software. The tasks of securing the software media and instructional manuals is also the responsibility of the department which purchased, or acquired, the software.

C. Surplusing Old or Excess Computer Equipment

It is the responsibility of the Department Head to ensure that a Whatcom County Surplus Property Release form (see Appendix) is filled out and signed for transferring or disposing of old or excess computer equipment. Once the form has been filled out and signed bythe Department Head, it is sent to Information Services along with the equipment being salvaged. Information Services will send one copy of the salvage form to the ADS - Finance/Purchasing and attach a second copy to the equipment being salvaged. If the equipment is being transferred to another department, the equipment instalation policywill be followed. If the salvaged equipment is being surplused, it will be sent to Facilities Management for final disposal.

Chapter 5 Use of Minicomputers

Once a user receives a userld to be used to access the network and computer system, they are solely responsible for all actions taken while using that userld.

A. Requesting A UserlD

A user must fill out a Whatcom County System Access Request Form (see Appendix) and have it signed by the Department Head. The user is to include the systems/functions they require access to. The form is then routed to Information Services for processing. Applying for a userld under false pretenses is a punishable disciplinary offense.

B. Prohibited Actions

Sharing UserlDs - sharing your userld and /or password with any other person is prohibited. In the result that you do share your userld with another person, you will be solely responsible for the actions that other person appropriated.

Use of Files - deletion, examination, copying, or modification of files and/or data belonging to other users without their prior consent is prohibited.

Changing Resources - altering, or attempting to alter, yours or any other person's system configuration is prohibited. This includes attempting to gain greater access to the system or attempting to access data that you have not been given rights to.

Use of System Resources - continued impedance of other users through mass consumption of system resources, after receipt of a request to cease such activity is prohibited.

Use of Computer System - use of facilities and/or services for commercial or personal purposes is prohibited.

Unauthorized Use - any unauthorized, deliberate action which damages or disrupts the computer system, alters its normal performance, or causes it to malfunction is a violation regardless of system location or time duration.

Chapter 6 Use of Local and Wide Area Networks

Once a user receives a userID to be used to access the network and computer system, they are solely responsible for all actions taken while using that userld.

A. Requesting A UserlD

A user must request access to the network and have it signed by the Department Head. A simple memo from the Department Head stating the amount of access the user is to have is sufficient. The memo is routed to the Information Services technician in charge of supporting the department. Applying for a userld under false pretenses is a punishable disciplinary offense.

B. Prohibited Actions

Sharing UserIDs - sharing your userld and /or password with any other person is prohibited. In the result that you do share your userld with another person, you will be solely responsible for the actions that other person appropriated.

Use of Files - deletion, examination, copying, or modification of files and/or data belonging to other users without their prior consent is prohibited.

Changing Resources - altering, or attempting to alter, yours or any other person's system configuration is prohibited. This includes attempting to gain greater access to the system or attempting to access data that you have not been given rights to.

Use of System Resources - continued impedance of other users through mass consumption of system resources, after receipt of a request to cease such activity is prohibited.

Use of Computer System - use of facilities and/or services for commercial or personal purposes is prohibited.

Unauthorized Use - any unauthorized, deliberate action which damages or disrupts the computer system, alters its normal performance, or causes it to malfunction is a violation regardless of system location or time duration.

Chapter 7 Security

As a user of Whatcom County computer systems, you may be allowed access to other computer systems through the use of County networks. This policy is used to describe types of security and prohibited actions regarding computer system security.

A. Computer Security Defined

Physical Security - this is the actions taken to ensure that the computer system components (CPU, monitor, keyboard, mouse, modem, printer, etc.) are secure and not easily available by non-County personnel. Physical security is the responsibility of the head of the department.

Access Security - this is the actions taken by the user to ensure that the computer system data is not compromised or made available to unauthorized personnel within and outside the County. The use of passwords and file encryption are the most common.

B. Prohibited Actions

Accessing the use of computer systems and/or networks in attempts to gain unauthorized access to remote systems is prohibited. The use of computer systems and/or networks to connect to other systems, in evasion of the physical limitations of the remote system or local system, is prohibited.

Passwords - decryption of system or user passwords, or any other method used in an attempt to gain unauthorized access to the computer systems, is prohibited.

System Files - the copying or transferring of system files is prohibited. The copying of copyrighted materials, such as third-party software is prohibited.

Unauthorized Use - intentional attempts to "crash" network systems or programs is prohibited. Attempts to secure a higher level of privileges on any computer system is prohibited.

Viruses - the willful introduction of computer viruses or other disruptive/destructive programs into any County computer system, or any external computer system, is prohibited.The unintentional introduction of a computer virus or other disruptive/destructive programs into any County computer system, or any external computer system, by the failure to follow County policy will result in disciplinary action.

Chapter 8 Electronic Mail

Whatcom County's ongoing commitment to information and records management includes the establishment of a County-wide Electronic Mail Policy that provides the policies by which electronic mail is to be used. The purpose of this program is to protect the organization during litigation, government investigation or audit, promote increased efficiency and reduce costs.

It is the responsibility of all employees, contractors, and vendors of Whatcom County to ensure that County records are maintained, used, transferred and disposed of in accordance with appropriate policies.

Information Services is responsible for developing, implementing, reviewing and monitoring the Cotinty's Electronic Mail Policy. This includes approving all modifications to the Policy and resolving any disputes that may arise regarding the policies. Information Services is responsible for administering the program on a County- wide basis, reporting program status, maintaining appropriate records documenting the development and administration of the program and updating policies as required.

This Electronic Mail Policy is hereby adopted as the official County policy. This policy supersedes any and all prior electronic mail policies.

Policy Philosophy

The primary purpose of Whatcom County's electronic mail system is to facilitate the timely and efficient conduct of County business. The system is also provided to encourage and facilitate the free exchange of business-related communications and ideas between employees.

Electronic mail is playing a significant - and increasing - role in Whatcom County communications. All employees are responsible for adhering to County standards when electronic mail is created, sent, forwarded or saved. The failure to do so can put both the County and the individual user at risk for legal liabilities, embarrassment and other setbacks. These policies are meant to make employees aware of the risks associated with using electronic mail and to advise them on the County's philosophy regarding such use.

Violation of these policies may result in the cancellation of the violator's electronic mail account and may be grounds for disciplinary action up to and including termination.

Policy 1 Retention of Electronic Mail

The Whatcom County Records Management Policies apply to electronic mail and should be consulted for instructions on longterm and/or permanent record storage.

Policy 2 Electronic Mail Messages Are Not Private

Do not expect any electronic mail messages to be private or confidential. The recipient of a message can forward it to any number of other individuals or groups. Messages may accidentally be delivered to the wrong recipient. Electronic mail may become evidence in legal proceedings. All users are required to consent that the County may review any messages on the system, may use any information for any purpose, and may disclose such messages to third parties. All messages should be composed with the expectation that they will be made public.

Policy 3 Prohibition on Inappropriate Message Contents

Electronic mail should be businesslike, courteous and civil. It must not be used for the expression of ill will or bias against individuals or groups, offensive material such as obscenity, vulgarity or profanity, jokes, sarcasm, or other non-businesslike material. Sexually explicit material, cursing and name-calling are not appropriate communications. Users who engage in such activity will be subject to disciplinary action.

Policy 4 Statement of Business Purpose, Right of Inspection and Duty to Report Abuses

The electronic mail system is intended for business purposes, not personal or recreational use. By using the electronic mail system, all users have consented that the County may, at its discretion, inspect, use or disclose any electronic mail or other electronic communications and/or data without further notice. However, inspection is not systematic and the County depends upon users to report offensive or inappropriate material.

Policy 5 Misdelivered Messages

If an electronic mail message comes to you by mistake, stop reading as soon as you realize that the message was not meant for you and notify the sender or system administrator immediately. It is impermissible, and may be a violation of law, to purposefully read electronic mail intended for another person without the express permission of that person.

Policy 6 Forwarding of Electronic Mail

A user, in forwarding a message which originates from someone else, may not make changes to that message without clearly disclosing the exact nature of the changes and identity of the person who made the changes.

If a message has been designated by its originator as confidential or privileged, it may not be forwarded without the written consent of its originator.

Policy 7 Non-Solicitation

The County's electronic mail system may not be used for commercial activities, religious causes, charitable solicitations, political activity, support for outside organizations, or other activities which are not related to the direct conduct of County business. This rule applies to both internal electronic mail communications and to electronic mail to or from persons outside the County.

Policy 8 User's Responsibility for Security

You are responsible for the security of your electronic mail account password and any electronic mail that is sent via your account. To protect your account against unauthorized use, please take the following precautions:

a. Log off from your electronic mail account before leaving your computer unattended. If you leave your electronic mail account open, and someone else uses it, it will appear as if you sent the message and you will be held accountable.

b. Do not give out your password. You are responsible for messages sent via your account. Correspondingly, do not use or tamper with someone else's account without their knowledge and consent. Unauthorized use of an electronic mail account may be unlawful and is in violation of County policy.

c. Change your password on a regular basis. Passwords can be stolen, guessed or be inadvertently made available.

Consent Waiver Form

Those employees who have signed and submitted a copy of the Employee Electronic Mail Account Waiver Form (see Appendix) are authorized to use Whatcom County's electronic mail system. Unauthorized access is a violation of law and Whatcom County's polices and my result in disciplinary action.

The consent waiver form acknowledges that an employee has read and understood the County's electronic mail policies and the employee consents to the County being Ible to access and/or utilize his or her electronic mail.

Chapter 9 Internet Access With the widespread use of the Internet as an information exchange medium, employees are able to access data that exists on the World Wide Web (WWW). Along with this access to the Web comes the potential for abuses. The intention of this policy is to outline issues regarding access, and to set out the rules that should be followed for Internet access.

A. Accessing the Internet

Access to the Internet - employees are not to use their personal Internet accounts during work hours or use County equipment to reach personal related site$. Internet access is limited to working hours unless after hours access is expressly given by the department manager and a record iskeptwithlnformationservices. lnformation Services reserves the right to remove any employee from Internet access for violation of these procedures.

Access Logs - it is the responsibility of the Department Manager to ensure that all employees accessing the Internet keep an up-to-date Internet Access Log (see Appendix). This log may periodically be audited by Information Services for accuracy and completeness. Aduplicate access log will be maintained by Information Services to assist in the auditing process.

B.Downloading Files

It is Information Services' policy that files are not to be downloaded from the Internet without express consent bythe employee's department manager. the possibility of downloading a file with a computer virus is great and care must be taken not to contaminate any computers in the County. Files downloaded from the Internet, or any other outside service, must be scanned by a virus checking software prior to being used on a County computer. Department managers can contact Information Services for options available for virus checking downloaded files.

C. Uploading Files

It is Information Services' policy that files are not to be uploaded to the Internet without express consent by the employee's department manager. riles uploaded to the Internet have the possibility of being intercepted by others and used against the County's interest. Because of this, all data sent over the Internet to others is required to be encrypted.

D. Prohibited Uses of the Internet

Solicitation - the purchase or sale of personal items through advertising on the Internet is prohibited.

Harassment - the use of the Internet to harass employees, vendors, customers, and others is prohibited.

Political - the use of the Internet for partisan political purposes is prohibited.

Aliases - the use of aliases while using the Internet is prohibited. Anonymous messages are not to be sent. Also, the misrepresentation of an employee's job title, job description, or position in the County is prohibited.

Misinformation/Confidential Information - the release of untrue, distorted, or confidential information regarding County business is prohibited.

Viewing/Downloading of Non-County Related Information - the accessing, viewing, downloading, or any other method for retrieving nonCounty related information is prohibited. This includes, but is not limited to, entertainment sites, pornographic sites, or news related sites.

E. Legal issues

Copyrights - most of the information available on the Internet is

copyrighted. It is illegal to reproduce or distribute copyrighted information regardless of it's source. It is the Department Manager's responsibility to ensure that copyrighted information is not misused by the employees. Violation of copyright laws endanger the County and legal remedies include large fines.

Discrimination - harassing messages, derogatory comments, or other forms of discrimination based upon color, sex, religion, or creed is against the law. lt is the Department Manager's responsibility to ensure that employees do not engage in discriminatory behavior while accessing the Internet. Violation of discrimination laws include fines and jail time.

Privacy - an employee's rights while accessing the Internet through the use of County property does not include the right to privacy. The County reserves the express right to monitor, in any way, the activities of the employee while accessing the Internet. Violation of County policy regarding Internet use is considered punishable. Court cases have upheld a business' right to monitor and discipline employees based upon electronic activities which are prohibited by a company's policy.

Appendix Whatcom County Administrative Services
Information Services Division
Employee Electronic Mail
County Courthouse Account Waiver Form 676-7684
Consent and Privacy Waiver

I hereby consent that Whatcom County, or its authorized representatives, may monitor, review, and/or copy any information on the electronic data processing system, including the electronic mail system, whether stored or in transit, at any time, and may, without further notice, disclose such information to any third party or parties, including government and law enforcement agencies.

Prevention of Unauthorized Access

I will maintain the confidentiality of my system password and will not permit access to my network account or to my electronic mail account by any person unless such access has been approved in advance by my immediate supervisor. If my password is disclosed to any other individual, for whatever reason, or if to my knowledge the security of my account is otherwise breached, I will immediately notify my supervisor.

Acknowledgment of Whatcom County Policies

I acknowledge receipt of the Whatcom County's Policy on Electronic Mail and agree to comply with all stated policies. I further acknowledge that Whatcom County depends upon users to bring to its attention abuses of the electronic mail system and I agree to promptly notify my supervisor or ADS - Information Services if such abuse comes to my attention.

Employee Name (Please Print) _______________________________

Department

______________________________

Employee Signature ______________________________

PLEASE NOTE

only those individuals who have signed and submitted a copy of this form are authorized to use Whatcom County's electronic mail system. Unauthorized access is a violation of law and Whatcom County policies and may result in disciplinary action.

Whatcom County Administrative Services
Information Services Division
Internet Tracking Log
County Courthouse
676-7684

Department ________________________

Time ________________________

Date ________________________

Employee Name ________________________

Started ________________________

Ended ________________________

Sites Visited ________________________

Files Downloaded ________________________

Whatcom County
Administrative Services Department
Information Services Section
Use of County Local Area Network/Wide Area
Network and Other Information Network Resources

This is to acknowledge that I have read and understand the Whatcom County Computer Services Policies and Procedures. I understand that failure to follow the provisions of the Policies and Procedures could lead to the loss of my computer system privileges and/or more severe disciplinary action.

By signing below, I agree to abide by the County policy.

Employee Name (Please Print) ________________________

Department ________________________

Employee ________________________

Signature ________________________

Date ________________________

THIS DOCUMENT WILL BE PLACED IN YOUR PERSONNEL FILE

Recommended Language for Initial Log-On Screen

IMPORTANT NOTICE
PLEASE READ BEFORE LOGGING ON

This computer system is the property of Whatcom County. Only authorized users are allowed to access the system and any data on it, and the system is to be used only for business purposes. By logging on, each user consents that the County or its designees may inspect, copy, or disclose any electronic mail, electronic communications or other information on this system at any time without further notice.

All communications made through this system, and all material placed on it, must conform to Whatcom County's policy on Electronic Mail. For a copy of this policy, please contact ADS - Information Services. Violations of this policy, including use of this system for inappropriate or offensive material, should be reported to George Reid at Ext. 57694.

Please type [y] or [Enter] if you agree to the above.

If you do not agree, notify your manager immediately.