BEST: Acceptable Use of State Systems (May 2006)

Governor Dannel P. Malloy |

Department of Administrative Services Bureau of Enterprise Systems and Technology

Home

About Us

Forms

Acceptable Use of State Systems Policy

May 2006 (Addendum added November 2006)

Purpose

The purpose of this document is to provide common standards for the use of State of Connecticut Executive Branch electronic communications, including but not limited to electronic mail systems (E-mail), the Internet, computers, laptops and related technologies and equipment (herein referred to as “State systems”).

The intent of this policy is to provide information concerning the appropriate and inappropriate use of State systems. Examples are included in order to assist readers with the intent of specific sections of this policy. However, the examples contained within this policy do not exhaust all possible uses or misuses.

Please refer to the Addendum for Frequently Asked Questions (FAQ's) containing additional information.

Definitions (1)

E-mail or electronic mail refers to the electronic transfer of information typically in the form of electronic messages, memoranda, and attached documents from a sending party to one or more receiving parties via an intermediate telecommunications system. E-mail is the means of sending messages between computers using a computer network. E-mail services, as defined by this policy, refer to the use of state-provided electronic mail systems.

Internet refers to a “worldwide system of computer networks - a network of networks in which users at any one computer can, if they have permission, get information from any other computer (and sometimes talk directly to users at other computers). The world-wide web is the most widely used part of the Internet, (often abbreviated "WWW" or called "the Web").

Intranet refers to an internal network or website within an organization. The main purpose of an intranet is to share company information and computing resources among employees.

CTNET refers to the equipment and services which provide State of Connecticut agencies, affiliates, and authorized users with electronic access to, including but not limited to, the internet and e-mail (1) Some definitions provided via the http://whatis.techtarget.com website.

Scope of Policy

This policy covers all State of Connecticut Executive Branch agencies and employees whether permanent or non-permanent, full, or part-time, and all consultants or contracted individuals retained by an Executive Branch agency using State of Connecticut systems (herein referred to as “users”).

This policy does not apply to the Judicial or Legislative Branches of government. However, these branches may consider adopting any or all parts of this policy for use within their own branches.

Authority

In accordance with C.G.S. §4d-2 (c) (1), the Chief Information Officer of DOIT is responsible for developing and implementing policies pertaining to information and telecommunication systems for state agencies.

Agency Responsibility

Executive Branch agencies are responsible for providing all users with a copy of this policy, obtaining a signed acknowledgment of receipt from each user, and keeping a copy of the signed acknowledgement on file.

Agencies may establish additional restrictions regarding the use of State systems within their local environments. Should conflict exist between this policy and an agency policy, the more restrictive policy would take precedence.

Distribution of software within or between State agencies may be subject to more restrictive agency computer use policies. When in doubt, users are urged to inquire about all applicable restrictions.

The Director of Human Resources (or person serving in this capacity) within each State agency is responsible for addressing individual employee questions concerning this policy and the appropriate use of State systems. The Office of Labor Relations and the Chief Information Officer of DOIT will serve as consultants to agencies in this regard.

Ownership of Messages, Data and Documents

State systems and all information contained therein are State property. Information created, sent, received, accessed or stored using these systems is the property of the State.

No Presumption of Privacy

All activities involving the use of State systems are not personal or private; therefore, users should have no expectation of privacy in the use of these resources. Information stored, created, sent or received via State systems is potentially accessible under the Freedom of Information Act. Pursuant to Public Act 98-142 and the State of Connecticut’s “Electronic Monitoring Notice” the State reserves the right to monitor and/or log all activities without notice. This includes but is not limited to correspondence via e-mail and facsimile. See “Additional Resources” below.

User Responsibilities

As a user, it is important to identify yourself clearly and accurately in all electronic communications. Concealing or misrepresenting your name or affiliation is a serious abuse. Using identifiers of other individuals as your own constitutes fraud. This includes but is not limited to using a computer Logon ID other than the individual User ID authorized. Individuals may not provide their passwords or logon ids to others.

Users should also be mindful that the network is a shared resource and be aware of the impact of their activities on other users. For example, a user with a need to frequently move large files across CTNET should consider scheduling this to occur during off hours so as not to degrade network performance.

Usage of State Systems

State systems are provided at State expense and are to be used solely to conduct State of Connecticut business. This means system usage is in conformance with federal and state laws, agency policies and procedures, and collective bargaining agreements.

System usage must be in accordance with each user’s job duties and responsibilities as they relate to the user’s position with the State of Connecticut at the time of usage. Users who are dually employed must keep in mind the responsibilities of each specific position while engaged in activities involving State systems. Activities must reflect the position duties the employee is performing at the time of State system usage.

Examples of Acceptable Use of State Systems

Examples of acceptable use of State systems include job-related activities involving any of the State systems and in accordance with the above criteria. The following items are examples of acceptable activities:

E-mail: sending and receiving correspondence for job related purposes; communicating with local governments, vendors, other state agencies and/or employees, etc., on work-related issues; collaborating with other organizations, states, and the federal government about initiatives and projects of interest to Connecticut. Note: E-mail messages are considered public records and are, therefore, legally discoverable and subject to record retention policies. See “Additional Resources” below.

Internet: researching state and federal legislation and regulations as they pertain to the user’s State position; obtaining information useful to users in their official capacity.

Misuse of State Systems

State systems are provided at State expense and are to be used solely to conduct State of Connecticut business. Unacceptable system usage is generally defined as any activity NOT in conformance with the purpose, goals, and mission of the agency. Additionally, activities that are NOT in accordance with each user’s job duties and responsibilities as they relate to the user’s position within State service are also unacceptable. Any usage in which acceptable use is questionable must be avoided. When in doubt, seek policy clarification from your agency Director of Human Resources (or person serving in this capacity) prior to pursuing the activity.

Examples of Unacceptable Use of State Systems

Any and all personal activities involving any of the State systems. The following items are examples of prohibited activities; however, users are reminded prohibited activities are not limited to these examples:

Email: creating or forwarding jokes, chain messages, or any other non-work related messages; checking and/or responding to personal e-mail via another (second party) e-mail system such as Yahoo! or Hotmail; sending or forwarding messages referring to political causes or activities; messages concerning participation in sports pools, baby pools or other sorts of gambling activities; religious activities; stock quotes; distribution groups or “listservs” for non-work related purposes; solicitations or advertisements for non-work related purposes.

Internet: pirating software; stealing passwords; hacking other machines on the Internet; participating in the viewing or exchange of pornography or obscene materials; engaging in other illegal or inappropriate activities using the Internet; personal job searches; shopping on-line for non-work related items; checking/viewing stocks or conducting any personal financial planning activities.

Use of a personal Internet account using state systems is strictly prohibited.

Any usage of CTNET for illegal or inappropriate purposes is prohibited. Illegal activities are violations of local, state, and/or federal laws and regulations (please see Connecticut General Statutes, §53a-251). Inappropriate uses are violations of the appropriate use of State systems, as defined in this document.

Failure to identify the author(s) of information accessed and obtained through CTNET (i.e., that which is subject to copyright laws, trademarks, etc.)

Connecting personally owned hardware or installing and/or using non-State licensed software. State policy on downloading software is included in Connecticut Software Management Policy. See “Additional Resources” below.

Any unauthorized access to any computer system, application or service.

Any activities for private, commercial purposes, such as business transactions between individuals and/or commercial organizations.

Any usage that interferes with or disrupts network users, services, or computers. Disruptions include, but are not limited to, distribution of unsolicited advertising, and deliberate propagation of computer viruses.

Any activities where users engage in acts that are deliberately wasteful of computing resources or which unfairly monopolize resources to the exclusion of others. These acts include, but are not limited to, broadcasting unsolicited mailings or other messages, creating unnecessary output or printing, or creating unnecessary network traffic.

Additional Resources

Public Act No. 98-142, An Act Requiring Notice to Employees of Electronic Monitoring by Employers, and the State of Connecticut’s “Electronic Monitoring Notice” -

http://das.ct.gov/HR/Regs/Current/State_Electronic_Monitoring_Notice.pdf

“Electronic and Voice Mail Management and Retention Guide for State and Municipal Government Agencies” – http://www.cslib.org/publicrecords/GL2009-2Email.pdf

Connecticut Software Management Policy by the State of Connecticut Office of the State Comptroller, the Office of Policy and Management and the Department of Administrative Services http://www.osc.state.ct.us/manuals/PropertyCntl/chapter07.htm