Subject: Computers & Electronic Records. Responsible Party: Part C Coordinator



Similar documents
REGION 19 HEAD START. Acceptable Use Policy

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure

Acceptable Use Policy

Acceptable Use Policy

Acceptable Use Policy

How To Use A College Computer System Safely

United Tribes Technical College Acceptable Use Policies for United Tribes Computer System

AVON OLD FARMS SCHOOL COMPUTER AND NETWORK ACCEPTABLE USE POLICY

Terms in this document are defined in the SOA policy ISP-002 Information Security Glossary.

AASTMT Acceptable Use Policy

Insert GNIS Logo Here. Acceptable Use Policy & Guidelines Information Technology Policies & Procedures. Guangzhou Nanhu International School

Odessa College Use of Computer Resources Policy Policy Date: November 2010

13. Acceptable Use Policy

'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy

Information Technology Acceptable Use Policy

Responsible Access and Use of Information Technology Resources and Services Policy

UNIVERSITY GUIDEBOOK. Title of Policy: Acceptable Use of University Technology Resources

Acceptable Use Policy

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

Acceptable Use Policy ("AUP")

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

How To Monitor The Internet In Idaho

DUVAL COUNTY PUBLIC SCHOOLS (DCPS) INFORMATION SECURITY PROGRAM SUBJECT: ACCEPTABLE USE POLICY (AUP) POLICY NUMBER: 8.71

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

Information Technology Acceptable Use Policies and Procedures

City of Grand Rapids ADMINISTRATIVE POLICY

BOARD OF EDUCATION POLICY

Forrestville Valley School District #221

Century Commons' Internet Use

Information Technology Policies and Procedures. Wakulla County School District. March 2014

FKCC AUP/LOCAL AUTHORITY

Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

The City reserves the right to inspect any and all files stored in private areas of the network in order to assure compliance.

INFORMATION SYSTEM GENERAL USAGE POLICY

STAR TELEPHONE MEMBERSHIP CORPORATION ACCEPTABLE USE POLICY FOR BROADBAND INTERNET SERVICES

How To Protect Ais From Harm

La Cañada Unified School District Personnel Use of Technology Regulations (AR ) Also known as the Staff Technology and Internet Use Policy

Human Resources Policy and Procedure Manual

ACCEPTABLE USE POLICY

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

CITY OF SALINE CELL PHONE POLICY

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Security Policy

region16.net Acceptable Use Policy ( AUP )

Acceptable Use and Publishing Policy

Acceptable Use Policy

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

FRESNO COUNTY EMPLOYEES' RETIREMENT ASSOCIATION INTERNET AND USAGE POLICY

State of Michigan Department of Technology, Management & Budget. Acceptable Use of Information Technology (former Ad Guide 1460.

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

Cablelynx Acceptable Use Policy

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

Redland Christian Migrant Association (RCMA) Internet Security and Safety Policy

Acceptable Usage Policy

STOWE COMMUNICATIONS ACCEPTABLE USE POLICY FOR BUSINESS SERVICES HIGH SPEED INTERNET

JHSPH Acceptable Use Policy

Hyde School Student Computer Systems Acceptable Use Policy

Acceptable Use Policy

Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating

Acceptable Use Policy

Appendix H: End User Rules of Behavior

Information Technology Security Policies

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY

AXIS12 DRUPAL IN A BOX ON THE CLOUD

1. Computer and Technology Use, Cell Phones Information Technology Policy

BROADALBIN-PERTH CENTRAL SCHOOL ADOPTED 1/22/00 3 RD READING AND ADOPTION 5/21/12. Employee Computer Use Agreement. Terms and Conditions

HIPAA Security Alert

Wellesley College Written Information Security Program

The Top Ten Of Public Computers And Their Perpetuation

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Transcription:

POLICIES AND PROCEDURES NEW JERSEY EARLY INTERVENTION SYSTEM No: NJEIS-17 Subject: Computers & Electronic Records Effective Date: May 1, 2011 Responsible Party: Part C Coordinator I. Purpose To protect personally identifiable information and minimize exposure to risks including virus attacks, compromise of networks systems and services, and legal issues when using computers. II. Policy A. NJEIS provider agencies must participate in the New Jersey Early Intervention System Management Information System (NJEIS-MIS), including the Central Management Office (CMO), purchase, inventory and/or use of standardized hardware and software required by the Department to implement the collection and reporting of uniform data. B. NJEIS provider agencies must establish and enforce an acceptable computer use policy regardless of funding source and computer ownership. 1. Agency policy and procedures must meet or exceed the requirements established by the Department including record management and ensuring personally identifiable information is sanitized prior to the disposition of hardware and other storage devices. 2. All NJEIS provider agency personnel must sign a receipt acknowledging that they have received and read this and the agency s policy. C. All computer hardware, software, and data provided by the early intervention system shall: 1. Only be used for NJEIS related activities; 2. Remain the property of the Department; 3. Be inventoried and reported to the Department or its assigned designee at least annually or upon request; 4. Cannot be disposed of or transferred without written permission from the Department; and 5. Be returned to the Department or its assigned designee upon contract termination (Grant/LOA) and/or the end of a designated purpose. D. NJEIS provider agencies must maintain internet access and a current email address for

each staff member to fully participate in the NJEIS-MIS. E. Electronic transmissions of personally identifiable early intervention information from any computer must be encrypted or sent through a secure transmission. F. Encryption must be used to protect early intervention data: 1. "at rest" should physical security measures fail, such as files on computers and storage devices (e.g. USB flash drives). 2. In transit (data being transferred via networks, mobile telephones, Bluetooth devices). G. As used in NJEIS-17, the following words and terms are defined as indicated: 1. Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable by unauthorized persons. 2. Electronic Record means a record created, generated, sent, communicated, received, or stored by electronic means. 3. Record is an item that documents a NJEIS transaction or action including but not limited to all correspondence, disks, maps, memoranda, papers, photographs, recordings, reports, tapes, writings and other data, information or documentary material, regardless of physical form or characteristics, storage media or condition of use made or received by an individual in connection with the provision of NJEIS services. 4. Record Management means the planning, controlling, directing, organizing, training, promoting, and other managerial activities related to the creation, maintenance, use, and disposition of records. 5. Sanitized for the purpose of protecting personally identifiable information means a procedure used to overwrite the hard drive. H. Electronic communications must be conducted in a professional, responsible and courteous manner. I. Antivirus software must be installed and regularly updated on computers used to conduct NJEIS business. J. Under no circumstances are provider agency personnel to engage in any activity that is illegal under local, state, or federal law while utilizing NJEIS issued computers. K. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use under the NJEIS while utilizing NJEIS issued computers will be subject to debarment from the NJEIS. III. Procedures A. General Use and Ownership of Computer Hardware Provided by NJEIS 1. Authorized individuals from the assigned early intervention provider agency, the DHSS itself or an authorized NJEIS agent has the right to monitor/audit computers, systems and network traffic at any time. 2. All computer hardware must: (a) retain the anti-virus software provided with the computer; and (b) update the anti-virus software as recommended by the manufacturer 2

3. The use of agency specific encryption and/or anti-virus software for safeguarding data may be permissible if the agency provides acceptable justification and receives written approval from the Department. 4. No additional information including, but not limited to, an image, picture, icon, nonwork related link, quote, phrase, or message shall be attached to electronic messages. 5. Email must include a confidentiality banner. 6. All NJEIS provider agency personnel must sign a receipt acknowledging that: (a) they have received and read this policy; (b) they will immediately report any breach of this policy to their supervisors; (c) the receipt of any property distributed by the Department for NJEIS related activities; and (d) the acknowledgement that the receipt must be kept on file at the provider agency s main administrative office. B. Security and Proprietary Information 1. Agency personnel are responsible for ensuring that personally identifiable information residing on devices and electronic media, including storage media, will be removed before the devices and media are made available for internal reassignment in order to prevent unauthorized access to personally identifiable information. 2. NJEIS is responsible for ensuring that personally identifiable information residing on devices and electronic media, including storage media, will be removed before the devices and media are made available for external use (use by another agency) in order to prevent unauthorized access to personally identifiable information. (a) Disable the write caching and overwrite the hard drive with at least 33 passes of pseudo-random data. (b) If the hard drive includes bad sectors or it is not possible to overwrite with pseudo-random data then the hard drive must be destroyed through smelting or pulverizing. (c) Agency personnel using privately owned computers, devices and electronic media, including storage media are responsible for ensuring that personally identifiable information is protected and appropriately removed in order to prevent unauthorized access to personally identifiable NJEIS information. 3. Authorized provider agency personnel must: (a) Keep their passwords secure and not share account information. (b) Secure the computer with a password-protected screensaver by setting the automatic activation feature at 15 minutes or less, or by logging-off when left unattended. (c) Use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code. 4. Security breaches (a) NJEIS provider agencies must notify and document security breaches in writing to the lead agency immediately with the following information: date of security breach; type of security breach; a listing of the individuals affected by the security breach; and 3

how and when the breach was corrected. C. Unacceptable Use of Computers Provided by NJEIS 1. Authorized provider agency personnel are prohibited from: (a) Copying unauthorized copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the end user does not have an active license. (b) Installing any software on a NJEIS issued computer or altering its configuration unless undertaken by an administrator approved DHSS/NJEIS. (c) Engaging in instant messaging, playing Internet games, using streaming media or streaming video for non-njeis related purposes. (d) Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws. (e) Intentionally distributing malicious programs (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.). (f) Revealing account passwords to others or allowing use of an assigned account by others. This includes family and other household members. (g) Unauthorized transmission of confidential or proprietary information. (h) Using profane, harassing or other offensive language. (i) Using a NJEIS-issued computer to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction. (j) Making fraudulent offers of products, items, or services originating from any NJEIS-issued computer. (k) Effecting security breaches including, but not limited to, accessing data of which the individual is not an intended recipient or logging into a server or account that the individual is not expressly authorized to access, unless these duties are within the scope of regular duties. (l) Circumventing user authentication or security of any account. 2. Internet Use Accessed through NJEIS Computer Hardware (a) The sole purpose for which provider agency users may access the Internet using NJEIS-issued computers is to carry out NJEIS business. (b) Posting messages to large numbers of Usenet newsgroups (newsgroup spam), blogs, websites or any other Internet site utilizing any Internet protocol is prohibited. (c) NJEIS has the right to monitor Internet activity and therefore users should have no expectation of privacy. (d) All records created by Internet use, including path records, are the property of NJEIS and are subject to monitoring. (e) All users shall ensure that their use of the Internet does not compromise the security and integrity of the computer, whether by allowing intruders into the networks or by introducing viruses or other threats. 4

(f) In the event these polices do not address a specific concern or the user is unclear about the policy, they should consult their supervisor and/or the lead agency (DHSS). D. General Care and Security of Equipment Provided by NJEIS 1. Provider agency users must take every precaution to safeguard the NJEIS-issued hardware from physical damage and /or a security breach of stored information. 2. Users must not eat or drink around the computer. 3. Computers must not be: (a) Left in the car as temperature can affect the unit and unattended computers in an automobile create an opportunity for theft; (b) Lent to other non-approved users; and (c) Personalized with pictures, notes, screensavers or decorations that would indicate the unit is personally owned. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information