HomeMy WebLinkAbout120 - Network Access and Use Policy
120-1
Network Access and Use Policy
OVERVIEW
The City’s Ethernet network facilitates all electronic communication internal for City users as well
as to or from the public. This crucial tool to City business must be used in a secure manner and
with good judgment. The three ways to access the City’s network are via wired (using a cable to
connect), wireless (using a wireless card), or remote connections (over the Internet using software).
Network access is provided for City owned devices and in certain cases for personally owned
devices. All network use (wired, wireless and remote) must conform to the City’s Internet Access
and Use Policy, Electronic Mail Policy and any other relevant City policies.
ACCESS AND USE GUIDELINES
Use of the City’s Network
Good judgment and common sense should always prevail regarding the appropriate use of the
City’s network. Under this standard, it is not possible to list all the allowed and prohibited uses of
the City’s network. However, use of the City’s network for any reason is expressly prohibited
under the following circumstances:
Compromises the integrity of the City and its business operations in any way.
Commits any illegal act.
Violates the City’s Anti-Discrimination and Unlawful Harassment Policy or any other City
policy.
Results in private gain or advantage for the employee (such as conducting business related to
economic interests outside of City employment), or violates the City’s Ethics Policy.
USER RESPONSIBILITY
Council Members, Council Appointed Officials, Department Heads and all Regular and
Temporary Staff
o General. Persons in this category with access to the City’s network are responsible
for understanding and following these guidelines. Unauthorized or improper use
of the City’s network may result in terminating access and depending on the
Internet Access and Use Policy
120-2
severity of the outcome of unauthorized or improper use, may result in disciplinary
action up to and including termination of employment.
o Connection Security and Passwords. Each person has a uniquely assigned user
name and password for security purposes. While this cannot guarantee privacy,
confidentiality or data security, it is an important component of the City’s overall
system protection. Passwords should never be shared with others. This is
especially important since each person is responsible for all network use conducted
under their user name. Password policy is managed by Information Technology
(IT) and password changes may be forced pursuant to that policy. System usage
will be monitored by the Network Administrators. Policy violations will be brought
to attention of the IT Manager who will review and if necessary, contact the
appropriate Department Head.
Advisory Body Members, Contractors, volunteers and all other Non-City personnel
o General. Persons in this category with access to the City’s network are responsible
for understanding and following these guidelines. Unauthorized or improper use
of the City’s network may result in terminating access.
o Connection Security and Passwords. Where possible, each person has a uniquely
assigned user name and password for security purposes. While this cannot
guarantee privacy, confidentiality or data security, it is an important component of
the City’s overall system protection. Passwords should never be shared with others.
This is especially important since each person is responsible for all network use
conducted under their user name. In certain very limited cases IT may approve the
use of a generic user name and password. Password policy is managed by IT and
password changes may be forced pursuant to that policy.
Public Users
o General. Persons in this category with access to the City’s network are responsible
for understanding and following the City’s Public Wireless Acceptable Use Policy.
Unauthorized or improper use of the City’s network may result in terminating
access.
o Connection Security and Passwords. Each person has a uniquely assigned user
name (their cellular phone number) and password for security purposes. While this
cannot guarantee privacy, confidentiality or data security, it is an important
component of the City’s overall system protection. Passwords should never be
shared with others. This is especially important since each person is responsible
for all network use conducted under their user name. Password policy is managed
by IT and password changes may be forced pursuant to that policy.
Internet Access and Use Policy
120-3
SECURITY
The following practices are intended to provide reasonable, but not absolute, safeguards against
unauthorized access to the City's network and IT systems:
Encrypted Connections. All wireless and remote connections shall be encrypted using the
standards established by IT.
Passwords. All users of the City's network must be issued a login name and password.
Because passwords are the key to system security, which becomes an even greater issue when
wireless or remote access is provided, it is essential that they are not disclosed or utilized by
other persons. Disclosure of passwords (or the use of an unauthorized one) may result in the
termination of access to the City's network. Depending on the severity of the outcome of the
disclosure, disciplinary action, including termination may result.
Suspicious Network Activity. IT is charged with protecting the City’s network from any
threats. Because of the severe consequences of any breach to the security or integrity of the
City’s network, any connection (wired, wireless or remote) may be immediately terminated if
IT suspects it is a threat to the City’s network.
WIRED ACCESS
The City’s wired network exists for the purpose of conducting City business.
Limited and appropriate personal access to the City’s network is allowed, provided that:
Interactive use does not occur during an employee’s assigned working hours.
It is used in accordance with all laws and other guidelines/restrictions set forth in this policy.
Personally Owned Devices
Personally owned devices are not allowed to connect to the City’s wired network unless the devices
are being used to conduct City business and are vetted and approved in advance of such use by IT.
Approval to Use the City’s Wired Network
General Approval. Council members, Council appointed officials, department heads and all
regular and temporary City staff are authorized to connect to the City’s wired network using
City owned devices. Department heads are responsible for notifying employees who have
wired network access of this policy and all other applicable policies.
Case-by-Case Approval. Department head approval is required for all other users, including
contractors or volunteers who require permanent wired network access except for incidental
use, which can be approved by the IT manager. Department heads are responsible for notifying
users who have wired network access of this policy and all other applicable policies.
Internet Access and Use Policy
120-4
Time Limited or Temporary Access. The IT Manager may approve any time limited or
temporary wired access for any user connecting using a personally owned device or a City
owned device. The IT Manager is responsible for notifying users who have time limited or
temporary wired access of this policy and all other applicable policies.
WIRELESS ACCESS
The City’s wireless networks exist for the sole purpose of conducting City business.
Limited and appropriate personal access to of the City’s wireless network is allowed, provided that:
Interactive use does not occur during an employee’s assigned working hours.
It is used in accordance with all other guidelines and restrictions set forth in this policy.
WIRELESS NETWORKS AND THEIR PURPOSES
Wireless Network Purpose Internet Access Access to internal
City Resources
PublicWireless Public access to the
Internet.
Yes No
EmployeeWireless Access to the Internet for
personally owned devices
of City employees.
Yes No
Secure Wireless Wireless access to internal
City resources from City
owned devices.
Yes Yes, with restrictions
based on
authentication.
SecureDevice Wireless access to internal
City resources from City
owned mobile devices
managed by the City’s
Mobile Device
Management.
Yes Yes, with restrictions
based on
authentication.
1019 Wireless access to internal
Police resources from
City owned devices.
Yes Yes, with restrictions
based on
authentication.
Internet Access and Use Policy
120-5
DispWireless Access to the Internet for
personally owned devices
of Dispatch employees.
Yes No
Other City owned wireless networks exist for very specific uses (e.g. Telemetry) and other may be
created by IT for devices and uses that do not fall within the above five wireless networks.
Personally Owned Devices
Personally owned devices must connect to either the Public Wireless or Employee Wireless
networks unless the devices are vetted and approved by IT per the process below in advance of
such use. IT does not support any personally owned devices and may terminate the device’s
connection if IT suspects it poses a threat to the security or integrity of the City’s network.
Approval to Use the City’s Wireless Network
General Approval. Council members, Council appointed officials, department heads and all
regular and temporary City staff are authorized to connect their personal devices to the City’s
Employee Wireless network. They are also authorized to use any City owned devices
connected to the PrivateWireless network by IT. Department heads are responsible for
notifying employees who have wireless network access of this policy and all other applicable
policies.
Case-by-Case Approval. Department head approval is required for all other users, including
contractors or volunteers who require Broadcast Wireless or Employee Wireless or
PrivateWireless wireless network access. Department heads are responsible for notifying users
who have wireless network access of this policy and all other applicable policies.
Time Limited Access. Members of the public are allowed to use the Public Wireless network
for 12 hours at a time from a personally owned device, provided that a valid cellular phone
number is provided and the acceptable use policy is accepted when prompted.
REMOTE ACCESS
Remote access to the City’s network exists solely for the purpose of conducting City business.
Remote access is using any non-trusted network outside the City’s firewall (e.g. Internet, County
network, Verizon Wireless network) to access City IT resources (e.g. servers, workstations, radios
devices, telemetry devices) behind the City’s firewall.
Remote access to the City’s network using personally owned software is not allowed.
Internet Access and Use Policy
120-6
In general users will have the same level of access to City IT resources as they would while at a
City facility using a City owned device. Users may be approved to only have a lower level of
access to City IT resources where technologically feasible and with the concurrence of the IT
Manager. As noted above, unauthorized access or improper system utilization may result in
terminating access (remote or local), and depending on the severity of the outcome of improper
use, may result in disciplinary action, including termination.
Personally Owned Devices
Personally owned devices used to make remote connections to the City’s network are the
responsibility of the person using the device. They must be used to conduct City business.
Personal devices must meet the minimum security standards set by IT.
IT does not support any personally owned devices and may terminate the device’s connection if IT
suspects it poses a threat to the security or integrity of the City’s network.
Approval to Remotely Access the City’s Network
General Approval. Council members, Council appointed officials, department heads and IT
staff are authorized to have unrestricted remote access to the City’s network using personal or
City owned devices.
Restricted General Approval. Regular and temporary City staff are authorized to have remote
access the City’s network using City owned devices during their assigned working hours.
Department heads are responsible for notifying employees who have remote network access
of this policy and all other applicable policies.
Case-by-Case Approval. Department head approval with the concurrence of the IT Steering
Committee chair is required for all other users whether using personally owned devices or City
owned devices, including contractors or volunteers who require permanent remote network
access. Any significant use of remote access for “telecommuting” by City staff must be
approved by the City Manager pursuant to the Trip Reduction Incentive Program. Department
heads are responsible for notifying users who have remote network access of this policy and
all other applicable policies.
Time Limited or Temporary Access. The IT Manager may approve any time limited or
temporary remote access for any user connecting using a personally owned device or a City
owned device. The IT Manager is responsible for notifying users who have remote network
access of this policy and all other applicable policies.
Remote Access Support Responsibilities
Information Technology. IT staff is responsible for: establishing standards for remote access
communication software and equipment; installing City owned computers and communication
Internet Access and Use Policy
120-7
software for Council Members; and providing communication software for other approved
remote access users.
Application Administrators. On a case-by-case basis, Application Administrators may take
the lead role in installing and supporting remote access for their applications. This will be
mutually agreed upon between IT staff and the operating department.
Departments. Departments are responsible for the costs of purchasing communication
software and for approving remote access to the City’s network. In the case of Council
Members, Administration is responsible for providing training in accessing the City’s network
as well as the use of standard City office applications.
SUMMARY
Network use is an important tool for the City. It facilitates the effective and efficient work of the
City. The purpose of these guidelines is to ensure that common sense and organizational purpose
are embodied in the use of the City’s network.
• Remote Access Policy approved by the Council on July 20, 1993
• Remote Access Policy amended by the Council on January 4, 1994
• Remote Access Policy amended by the IT Steering Committee on June 26, 1997 to reflect changes in
organizational responsibility for IT support
• Remote Access Policy amended by the City Manager on July 23, 2009
• Remote Access Policy revised by the City Manager on January 20, 2010
• Network Access and Use Policy approved by the City Manager on December 20, 2013
• Network Access and Use Policy updated by IT Manager to revise Wireless Network descriptions on November
1, 2024