View the PDF version Google Docs PDF Viewer
City of Muskegon
Computer Usage Policy
1. Overview
The Information Technology (“IT”) Department’s intentions for publishing a Computer Usage
Policy/Acceptable Use Policy are not to impose restrictions that are contrary to City of
Muskegon’s established culture of openness, trust and integrity. IT is committed to protecting
City of Muskegon's employees, partners and the company from illegal or damaging actions by
individuals, either knowingly or unknowingly.
Internet/Intranet/Extranet-related systems, including but not limited to computer equipment,
software, operating systems, storage media, network accounts providing electronic mail, WWW
browsing, and FTP, are the property of City of Muskegon. These systems are to be used for
business purposes in serving the interests of the organization, and of our citizens and customers
in the course of normal operations.
Effective security is a team effort involving the participation and support of every City of
Muskegon employee and affiliate who deals with information and/or information systems. It is
the responsibility of every computer user to know these guidelines, and to conduct their activities
accordingly.
This policy covers all Departments and entities of the City of Muskegon and replaces any other
computer usage policies.
2. Purpose
The purpose of this policy is to outline the acceptable use of computer equipment at City of
Muskegon. These rules are in place to protect the employee and City of Muskegon. Inappropriate
use exposes City of Muskegon to risks including virus attacks, compromise of network systems
and services, and legal issues.
This policy also advises employees as to the nature of appropriate and inappropriate use of social
media (“blogging”) that may affect the public, Employer, or other employees. This policy must
be read in conjunction with other applicable policies and requirements. Employees who are
uncertain about the scope or applicability of this policy should contact the Director of
Information Technology for guidance. Nothing herein is intended to interfere with employees
rights under the First Amendment to the United States Constitution or the National Labor
Relations Act.
Page 1
City of Muskegon
3. Scope
This policy applies to the use of information, electronic and computing devices, and network
resources to conduct City of Muskegon business or interact with internal networks and business
systems, whether owned or leased by City of Muskegon, the employee, or a third party. This also
includes private cell phones and any other devices that use city resources to communicate (e.g.
personal cell phone using internet provided by the City of Muskegon. All employees,
contractors, consultants, temporary, and other workers at City of Muskegon and its subsidiaries
are responsible for exercising good judgment regarding appropriate use of information,
electronic devices, and network resources in accordance with City of Muskegon policies and
standards, and local laws and regulation.
This policy applies to all internet communication and use of social media done in one’s official
capacity, in a public capacity or privately. This policy applies to employees, contractors,
consultants, temporaries, and other workers at City of Muskegon, including all personnel
affiliated with third parties. This policy applies to all equipment that is owned or leased by City
of Muskegon. If any clause, provision or portion of any clause or provision is deemed invalid,
unlawful or unenforceable in any respect, the validity, legality, and enforceability of the
remaining provisions of this Contract shall not in any way be impaired or affected.
Page 2
City of Muskegon
4. Policy
4.1 General Use and Ownership
4.1.1 City of Muskegon proprietary information stored on electronic and computing devices
whether owned or leased by City of Muskegon, the employee or a third party, remains the
sole property of City of Muskegon.
4.1.2 You have a responsibility to promptly report the theft, loss or unauthorized disclosure of
City of Muskegon proprietary information. Do so by immediately notifying your
supervisor and the IT Department.
4.1.3 You may access, use or share City of Muskegon proprietary information only to the
extent it is authorized and necessary to fulfill your assigned job duties.
4.1.4 Employees are responsible for exercising good judgment regarding the reasonableness of
personal use. Individual departments may have additional guidelines concerning personal
use of Internet/Intranet/Extranet systems. In the absence of such policies, employees
should be guided by departmental policies on personal use, and if there is any
uncertainty, employees should consult their supervisor or manager.
4.1.5 For security and network maintenance purposes, authorized individuals within City of
Muskegon may monitor equipment, systems and network traffic at any time, including
the City Voice Over IP phone system (VOIP).
4.1.6 The Information Technology Department reserves the right to audit networks and
systems on a periodic basis to ensure compliance with this policy.
4.2 Security and Proprietary Information
4.2.1 All mobile and computing devices that connect to the internal network must first be
approved by the IT Department.
4.2.2 System level and user level passwords must meet or exceed those of our Windows
Network requirements. Providing access to another individual, either deliberately or
through failure to secure its access, is prohibited.
4.2.3 All computing devices with proprietary, confidential, or otherwise sensitive information,
or any device connected to the internal network must be secured with a password-
protected screensaver with the automatic activation feature set to 10 minutes or less. You
must lock the screen or log off when the device is unattended.
Page 3
City of Muskegon
4.2.4 Postings by employees from a City of Muskegon email address to internet groups, if
allowed, must contain a disclaimer stating that the opinions expressed are strictly their
own and not necessarily those of City of Muskegon, unless posting is in the course of
business duties.
4.2.5 Employees must use extreme caution when opening e-mail attachments, especially when
they are received from unknown senders. If in doubt, contact the IT Department before
taking any action.
4.2.6 Employees may only use authorized City of Muskegon removable media in their work
computers or devices. City of Muskegon removable media may not be connected to or
used in computers that are not owned or leased by the City of Muskegon without explicit
permission of the IT Department. Confidential or sensitive information should be stored
on removable media only when required in the performance of your assigned duties or
when providing information required by other state or federal agencies.
[note: a common ploy by hackers is to drop a USB Stick in the employee parking lot at
the beginning of the day in hopes the employee will pick it up and insert the device into
their work computer thereby introducing a malware/virus into the network]
4.2.7 All wireless infrastructure devices, including Bluetooth and other technologies, that are
used at a City of Muskegon site must be approved by the IT Department and:
1. Be installed, supported, and maintained by IT Department. Under no
circumstances is an employee or third party allowed to initiate, install or maintain
a wireless network without first receiving written approval from the IT
Department.
2. Use City of Muskegon approved authentication protocols and infrastructure.
3. Use City of Muskegon approved encryption protocols.
4. Maintain a hardware address (MAC address) that can be registered and tracked.
5. Not interfere with wireless access deployments maintained by other support
organizations.
4.2.8 Any security breach or vulnerability, be it real, suspected, or tip, requires that the
employee immediately call the IT Department at (231) 724-4126 and talk with staff. If
you cannot reach a person from the IT Department, you must immediately remove the
network cord from the back of the computer, leave a message for IT Staff, and
immediately notify your supervisor. See picture below for further detail.
Page 4
City of Muskegon
4.3 Unacceptable Use
The following activities are, in general, prohibited. Employees may be exempted from these
restrictions during the course of their legitimate job responsibilities (e.g., systems administration
staff may have a need to disable the network access of a host if that host is disrupting production
services).
Under no circumstances is an employee of City of Muskegon authorized to engage in any
activity that is illegal under local, state, federal or international law while utilizing City of
Muskegon-owned resources or points of presence.
The lists below are by no means exhaustive, but attempt to provide a framework for activities
which fall into the category of unacceptable use.
4.3.1 System and Network Activities
The following activities are strictly prohibited, with no exceptions:
Page 5
City of Muskegon
1. Violations of the rights of any person or company protected by copyright, trade secret,
patent or other intellectual property, or similar laws or regulations, including, but not
limited to, the installation or distribution of "pirated" or other software products that are
not appropriately licensed for use by City of Muskegon.
2. Unauthorized copying of copyrighted material including, but not limited to, digitization
and distribution of photographs from magazines, books or other copyrighted sources,
copyrighted music, and the installation of any copyrighted software for which City of
Muskegon or the end user does not have an active license is strictly prohibited.
3. Accessing data, a server or an account for any purpose other than conducting City of
Muskegon business, even if you have authorized access, is prohibited.
4. Installation or removal of any software without prior approval of the IT Department.
Exceptions would be updates on software previously installed by the City of Muskegon.
5. Exporting software, technical information, encryption software or technology, in
violation of international or regional export control laws, is illegal. The IT Department
should be consulted prior to export of any material that is in question.
6. Introduction of malicious programs into the network or server (e.g., viruses, worms,
Trojan horses, e-mail bombs, etc.).
7. Revealing your account password to others or allowing use of your account by any
individual. This includes co-workers, family, and other household members when work is
being done at home.
8. Using a City of Muskegon computing asset to actively engage in procuring or
transmitting material that is in violation of sexual harassment or hostile workplace laws
in the user's local jurisdiction.
9. Making fraudulent offers of products, items, or services originating from any City of
Muskegon account.
10. Making statements about warranty, expressly or implied, unless it is a part of normal job
duties.
11. Effecting security breaches or disruptions of network communication. Security breaches
include, but are not limited to, accessing data of which the employee is not an intended
recipient or logging into a server or account that the employee is not expressly authorized
to access, unless these duties are within the scope of regular duties. For purposes of this
section, "disruption" includes, but is not limited to, network sniffing, pinged floods,
packet spoofing, denial of service, and forged routing information for malicious purposes.
12. Port scanning or security scanning is expressly prohibited unless authorized by the IT
Department.
13. Executing any form of network monitoring which will intercept data not intended for the
employee's host, unless this activity is authorized by the IT Department.
Page 6
City of Muskegon
14. Circumventing user authentication or security of any host, network or account.
15. Introducing honeypots, honeynets, or similar technology on the City of Muskegon
network.
16. Interfering with or denying service to any user other than the employee's host (for
example, denial of service attack).
17. Using any program/script/command, or sending messages of any kind, with the intent to
interfere with, or disable, a user's terminal session, via any means, locally or via the
Internet/Intranet/Extranet.
18. Circumventing the Open Meetings Act.
19. Providing information about, or lists of, City of Muskegon employees to parties outside
City of Muskegon.
4.3.2 Email and Communication Activities
When using company resources to access and use the Internet, users must realize they represent
the organization. Whenever employees state an affiliation to the organization, they must also
clearly indicate that "the opinions expressed are my own and not necessarily those of the City of
Muskegon". Questions may be addressed to the IT Department.
1. Sending unsolicited email messages, including the sending of "junk mail" or other
advertising material to individuals who did not specifically request such material (email
spam).
2. Any form of harassment via email, telephone or paging, whether through language,
frequency, or size of messages.
3. Unauthorized use, or forging, of email header information.
4. Solicitation of email for any other email address, other than that of the poster's account,
with the intent to harass or to collect replies.
5. Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.
6. Use of unsolicited email originating from within City of Muskegon's networks of other
Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service
hosted by City of Muskegon or connected via City of Muskegon's network.
7. Posting the same or similar non-business-related messages to large numbers of groups
(spam).
8. Electronic communication using the City email system should not be considered
“personal.” All communication is logged, archived and may be available to anyone under
the Freedom of Information Act (FOIA).
Page 7
City of Muskegon
4.3.3 Internet Posting and Social Media
1. General Guidance.
(a) Unless specifically and expressly authorized by an individual position description
or by the Director of Information Technology, an employee:
(i.) May not use City of Muskegon’s computer or communications systems
(including workstations, laptops, or any portion of the system, software, or e-mail system
or texting capabilities) for blogging purposes. This prohibition applies to all blogging of
any format or kind, and includes blogging by use of an employee’s personal computer
using City of Muskegon’s equipment, network or system whether remotely or in the
workplace.
(ii.) May not blog during the workday or while on City of Muskegon’s premises.
(iii.) May not blog at any time in any manner that creates an appearance, whether
intended or not, that the employee is speaking as a representative of, agent for, or in any
way on behalf of City of Muskegon.
(iv.) May not blog at any time in any manner that casts City of Muskegon and its
employees in an unjustified improper or negative light.
(b) An employee must understand that blogging of any kind transmits information
electronically and that the content may be viewed by anyone at any time, even after an
attempt to delete the blog. Therefore, employees cannot have any expectation of privacy
in any blog, and City of Muskegon may read, review, monitor, or copy blogs, except as
may be restricted by law. All employees are held to a heightened duty of care when
blogging due to the expansive audience you are reaching.
(c) Blogs may not be used for personal or sexual harassment, unfounded accusations,
or to create or contribute to a hostile work environment.
(d) Unless authorized, blogs may not display images of City of Muskegon’s property,
logo, seal, premises, or information of or about other City of Muskegon employees.
(e) Bloggers must be wary of commentary about individuals and reputations,
particular others within the department. An employee must not make any libelous,
defamatory, or harassing statements in online postings.
(f) Unless prohibited by other policy provisions, blogs may mention facts regarding
incidents or events involving City of Muskegon if: (i.) that information has been reported
to City of Muskegon and (ii.) the incident or event has first been reported through
established media and the information is not confidential or false. Blogging described in
this paragraph also is permitted as allowed by laws generally applicable to employee
statements and conduct.
Page 8
City of Muskegon
(g) Bloggers must avoid any activity or conduct that unjustly reflects adversely upon
City of Muskegon and other employees.
(h) Blogs may not be used for admission of, or comment upon, individual or
Employer liability regarding any work-related matter. Employees shall use internal
reporting mechanisms for such matters.
(i) Bloggers should ensure that opinions they express or relay are not capable of
being seen as opinions of or statements by City of Muskegon or its officials or employees
unless expressly authorized.
(j) Bloggers should not assume that anonymous blogging, or blogging conducted
under a pseudonym, protects their identity from disclosure.
2. Guidance for Non-Work-Related Blogging. Subject to the general guidelines and other
policy provisions, individual bloggers acting on their own behalf, without identifying
themselves as employees or in any way indicating their status as such, may make non-
work-related blog comments, without prior review or approval by employer, provided
that such activity does not constitute defamation or misrepresent or distort facts in such
manner that it may cause negative effects for, or damage to, City of Muskegon, its
officials, or its employees. Non-work-related blogging, as described in this paragraph, by
an employee of City of Muskegon who is identified as such, shall conform to paragraph
(5) of this Section.
3. Guidance for Non-Work-Related Blogging when Blogger is identified as a Public
Employee.
(a) When an employee engages in personal, non-work-related blogging, but the employee
is identified as an employee of City of Muskegon, City of Muskegon has an interest in
protecting itself, the public, and other employees from potentially adverse effects of
blogging and may implement restrictions to such blogging as City of Muskegon sees fit.
(b) Accordingly, employee agrees that any such blogging shall clearly indicate that the
content, opinions, and statements are solely those of the employee and do not necessarily
represent the views of City of Muskegon, other employees, or the public. For example:
“The views expressed on this post are mine and do not necessarily reflect the views of the
City of Muskegon.”
(c) Such blogging may not:
(i) Contain defamatory or false content;
(ii) Create or contribute to an unreasonable adverse effect on the workplace;
Page 9
City of Muskegon
(iii) Contain representation or give the appearance that it is made as part of the official
duties of the employee unless the official duties of the employee include the authority to
engage in blogging in the manner in which the blogging occurred; or
(iv) Otherwise exposes City of Muskegon to liability or adversely affects its public
officials, employees, the public, or any governmental entity without due cause.
4. Guidance for “Unofficial” Work-Related Blogging.
(a) The rights of public employees in some instances to make statements that constitute
legitimate public comment on matters of public concern may be protected to an extent by
constitutional guarantees of free speech, association, and religion. Those rights, however,
are not unlimited and are subject to control depending on the employee’s position and
duties and the effect of the statements.
(b) An employee may not state, imply, or suggest that blogging is authorized by or
represents City of Muskegon unless that is actually the case and the employee expressly
has been authorized to make such statements.
(c) Questions about appropriate conduct online should be directed to a manager or
supervisor.
5. Guidance for Official Blogging. Blogging on behalf of City of Muskegon or as a
representative or agent of City of Muskegon may be conducted only with specific written
authorization of the Department of Information Technology / City Manager. The general
guidelines and standards for official blogging require that the blog be specifically
authorized, honest and candid, and confined to the authorized statement or topic, and
conducted in the manner authorized.
6. Discipline. An employee may be subject to disciplinary action for violation of this
policy.
4.4 Compliance Measurement
The IT Department team will verify compliance to this policy through various methods,
including but not limited to, business tool reports, internal and external audits, and monitoring.
4.5 Exceptions
Any exception to the policy must be approved by the City Manager or Information Technology
Department in advance and in writing.
4.6 Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and
including termination of employment.
Page 10
City of Muskegon
5. Definitions and Terms
• Blogging: In a broad sense and means all use of online communication and conducts, use
of social media by employees, including comments made to or by a public employee,
whether made by e-mail, contribution to a weblog, or posting on a website or other social
media (public or personal), e.g., Facebook, Twitter, YouTube, Wix, chat rooms, message
boards, etc.
• Social Media: forms of electronic communication through which users create online
communities to share information, ideas, personal messages and other content such as
Facebook, Twitter, Instagram, Snapchat, YouTube, Wix, etc.
• Internet Posting – posting of any information on the internet in any form.
• Honeypot: an information system resource whose value lies in unauthorized or illicit use
of that resource.
Signature: ________________________________________________________________
Name: ________________________________________________________________
(printed)
Date: ________________________________________________________________
6. Revision History
Date of Responsible Summary of Change
Change
4/23/2018 IT Department Updated Layout , Policy, Social Media
Page 11