Employment Home
Equal Employment Opportunity
Examination and Certification
Pre-Employment Reviews
Drug-Free Workplace
Appointment
Compensation
Employee Benefits and Insurance
Leave Administration
Work Schedules
Training
Travel/Relocation
Employee Recognition
Employee Relations
Retirement
Layoff
Position Control and Employee Files
Risk Mgt/Health and Safety
Information Technology Acceptable Use Policy Information
Section:
Subsection:
Authorized By
David Villanueva, County Executive
Revision History
Revised: N/A
Established: 06/17/2024
Contact
Policy and Compliance Administrator
Department of Personnel Services
Email: AskDPS@saccounty.gov
This policy provides a common standard for the use of Sacramento County Information Systems and advises Workforce Members using these resources of acceptable and prohibited uses. Sacramento County provides its Workforce Members with Information Systems and resources, including workstations, telephones, mobile devices, Internet access, and electronic communications services for the performance and fulfillment of job responsibilities. Prudent and responsible use begins with common sense and includes respect for the public's trust, the larger networked computing community, and the access privileges that have been granted. The use of such resources imposes certain responsibilities and obligations on Workforce Members and is subject to Sacramento County policies and applicable local, state, and federal laws. Prohibited use of Information System resources can lead to consequences affecting the individual Workforce Member and many other Workforce Members, and can cause service disruptions.
This policy applies to Sacramento County Workforce Members who are using Sacramento County Information Systems.
The following are definitions of some of the words and acronyms that were used in this document.
Authorization: The right or permission to use an Information System resource.
Information System - A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Minimal Personal Use: Use that is brief in duration and frequency, does not interfere with or impair the conduct of official business, and results in negligible or no additional expense to the County.
Entity: Every County office, every institution, and every department, division, board and commission.
Workforce Member: Employees, volunteers, and other persons whose conduct, in the performance of work for Sacramento County, is under the direct control of Sacramento County, whether or not they are paid by Sacramento County. This includes full- and part-time elected or appointed officials, members of boards and commissions, employees, affiliates, associates, students, volunteers. Workforce Members also include independent contractors and their staff who provide service to Sacramento County.
Sacramento County Information Systems and all data contained in them are the property of the Sacramento County government.
Workforce Members shall ensure that Sacramento County Information Systems are used appropriately for Sacramento County business.
Workforce Members shall use these Information Systems to increase productivity, to facilitate the efficient and effective performance of their duties, and to meet the daily operational and business requirements of Sacramento County, including but not limited to the following illustrative list.
4.2.1 Perform assigned responsibilities and duties;
4.2.2 Support Sacramento County and Entity activities;
4.2.3 Access authorized work-related information;
4.2.4 Access authorized work-related Information Systems;
4.2.5 Communicate and collaborate with colleagues on work-related issues;
4.2.6 Improve work-related skills when approved by management;
4.2.7 Use applications and access information available on Sacramento County's Internet and Intranet sites;
4.2.8 Access Internet hosted online reference and information sources such as phone directories, online dictionaries, search engines, subscription resources, or mapping and weather services if such use is appropriate for business use, adds value to the entity, increases employee efficiency, or avoids costs that Sacramento County would otherwise incur for such referenced services;
4.2.9 Access Internet-based training resources approved and/or provided by Sacramento County;
4.2.10 Perform statutory and regulatory activities;
4.2.11 Comply with Sacramento County information technology security policies, standards, procedures and methods, and federal, state, and local laws concerning computers, networks, and personal conduct; and
4.2.12 Interact for personal use by employees with human resource, time accounting, compensation, and employee benefits and health administration programs managed by or administered for Sacramento County.
4.2.13 Access to the County's e-mail system for union or Association business shall be no less than allowed for other non-business communication as spelled out in this policy.
Workforce Members shall refrain from using Sacramento County Information Systems for prohibited uses at all times, including during breaks or outside of their regular business hours. Prohibited use of Information Systems is subject to disciplinary action up to and including termination from County employment. Prohibited use of Information Systems may also result in termination of agreements. Prohibited uses include- but are not limited to the following illustrative list of actual or attempted use of Information Systems.
4.3.1 Conduct private or personal for-profit or unauthorized not-for-profit activities. This includes use for private purposes such as business transactions, private advertising of products or services, and any activity meant to foster personal gain;
4.3.2 Conduct any political activity; 4.3.3 Conduct any solicitation for any purpose except those officially sanctioned by Sacramento County; 4.3.4 Access, or allow others to access, any restricted, non-public computing resources, databases, systems, etc. inside or outside of Sacramento County to which they may have legitimate access, to perform their assigned duties, for non-assigned (personal) purposes;
4.3.5 Conduct any unlawful activities as defined by federal, state, and local laws and/or regulations;
4.3.6 Create, access, display or transmit sexually explicit, indecent, offensive, harassing or intimidating, obscene, pornographic, defamatory, libelous material or material that could reasonably be considered discriminatory, offensive, threatening, harassing, or intimidating, except as a necessary part of bona fide work-related activities;
4.3.7 Create, access, or participate in online gambling;
4.3.8 Infringe on any copyright, trademark, patent, or other intellectual property rights, including copying and/or using software, images, music, movies, or other intellectual property;
4.3.9 Make copies of Sacramento County licensed software for use on non-Sacramento County computers unless explicitly authorized by the licensing agreement;
4.3.10 Knowingly perform any activity that could cause the loss, corruption of, or prevention of rightful access to data or the degradation of system or network performance;
4.3.11 Distribute Sacramento County data and information without following appropriate disclosure processes or obtaining proper authorization;
4.3.12 Engage in any activity that endangers the public;
4.3.13 Engage in any activity that results in an additional cost to Sacramento County that would not normally be incurred as part of doing business;
4.3.14 Attempt to subvert the security of the Sacramento County network or network resources outside Sacramento County;
4.3.15 With the exception of authorized personnel having proper permission to do so, intercept communications of any type, intended for other persons or systems;
4.3.16 With the exception of authorized personnel doing bona fide work and following the provisions of County policy, use another Sacramento County Workforce Member's access privileges, or Workforce Member account for any reason;
4.3.17 Attempt to modify or remove computer equipment, components, software, or peripherals without proper authorization;
4.3.18 Monitor or record the electronic activities or conversations of other individuals unless explicitly authorized and in the performance of properly assigned duties;
4.3.19 Scan or monitor ports or network nodes unless explicitly authorized and in the performance of assigned duties by the entity responsible for the target Information Systems;
4.3.20 Knowingly access, use, copy, modify, or delete files, data, Workforce Member accounts, access rights, logs, applications, system functions, drivers, or disk space allocations associated with Sacramento County Information Systems without proper authorization;
4.3.21 Knowingly create or forward hoaxes, chain letters, Ponzi, or other pyramid schemes of any type, regardless of content, sources or destinations;
4.3.22 Knowingly impersonate or misrepresent any individual, entity, or system;
4.3.23 Knowingly download, install or run security programs or utilities that reveal weaknesses in the security of a system without Sacramento County authorization;
4.3.24 Knowingly circumvent Workforce Member authentication or security of any host, network, or account no matter whether it belongs to Sacramento County or some other entity;
4.3.25 Knowingly mask the identity of an account or machine without specific and properly authorized authority, including but not limited to sending anonymous e-mail;
4.3.26 Knowingly hack into systems and databases or act to disrupt systems or cause unnecessary network congestion or application delays unless explicitly authorized and in the performance of properly assigned duties;
4.3.27 Knowingly introduce unauthorized applications, executables, scripts, or commands;
4.3.28 Knowingly leverage cloud resources and services not authorized by Sacramento County;
4.3.29 Knowingly interfere with or unreasonably deny service to any other authorized Workforce Member, unless duly authorized;
4.3.30 Knowingly use any program/script/command, or send messages of any kind, with the intent to interfere with or disable a Workforce Member's session via any means, locally or through the network except as identified in 4.3.28 above;
4.3.31 Knowingly establish connections that create routing patterns that are inconsistent with the effective and shared use of Sacramento County Information Systems (i.e. do not plug unauthorized network equipment into County equipment, do not establish multiple network connections at the same time); and
4.3.32 Knowingly use Sacramento County Information Systems to engage in acts that deliberately waste information systems or unfairly monopolize these resources to the exclusion of others. (i.e. do not use crypto currency mining software, do not oversaturate network bandwidth or system resources with personal or unauthorized activity such as large file transfers)
Workforce Members may use Sacramento County Information Systems for Minimal Personal Use, provided that the use is not prohibited as defined in section 4.3, and provided the use has the appearance of professionalism even if it is not used in a public setting.
Although Workforce Members may be expected to maintain the privacy and confidentiality of information to which they have access, they are not guaranteed personal privacy for any activity in which they engage utilizing County computing resources. This includes legitimate county purposes, Minimal Personal Use, violations of acceptable use, or any other use. This includes, but is not limited to, word processing documents, spreadsheets, databases, electronic and voice mail, and Internet access.
Workforce Members should be aware that all activity undertaken on any Sacramento County Information Systems, including legitimate county purposes, Minimal Personal Use, violations of acceptable use, or any other purpose, is subject to monitoring, recording, and intervention by Sacramento County for the purpose of system update, maintenance, security and compliance with countywide and Entity-specific policies and standards. Any use of Sacramento County Information Systems constitutes Workforce Member consent to such monitoring, recording, and intervention. Workforce Members expecting privacy for their Minimal Personal Use should use a different means of communication. Workforce Members should be aware that electronic communications could be forwarded, intercepted, printed, and stored by others and are not subject to personal privacy expectation and may be disclosed.
Entities reserve the right to retrieve and read any data composed, transmitted or received through online connections and/or stored. Electronic communications shall be open to inspection or review by Sacramento County to comply with local, state, and federal regulations as well as any applicable policies.
Entities shall provide notice of this policy to all Workforce Members of Sacramento County Information Systems by displaying an Acceptable Use Banner on all computers as part of the standard log-on procedure with the following language as a minimum standard:
Title: You are attempting to access a County of Sacramento IT Resource
Body: “By clicking [ok] below: You acknowledge and consent to the unrestricted monitoring, recording, auditing, searching, and disclosing of all communications and data transiting, or stored on this system at any time and for any purpose; that you have no reasonable expectation of privacy regarding your use of this system and; unauthorized or improper use of this system is prohibited and may result in administrative disciplinary action, civil charges/criminal penalties, and/or other sanctions. These acknowledgments and consents cover all use of the system, including office use, work-related use, and personal use, without exception as defined in the County of Sacramento IT Acceptable Use Policy.”.
A similar banner must be displayed on all information technology points of entrance into Sacramento County, including but not limited to virtual private networks (VPN), wireless access points, and dial-in modem connections.
Entity management must provide written access authorization in advance for Workforce Members who access Internet websites generally considered to be unacceptable as part of their regular job responsibilities. Requests can be submitted using the Request IT Support form found on Sac County's help page.
Entities shall investigate violations of this policy on a case-by-case basis and discipline Workforce Members according to Sacramento County policy, guidelines, and practices.
Entities requesting an exception to this policy must follow the Information Technology Exception Request Process. Requests can be submitted using the Request IT Support form found on Sac County's help page.
Workforce Members: Understand the expectations of this policy and accept personal responsibility for adhering to its provisions.
Entity management: Makes Workforce Members aware of this policy, educates them about its content, and requires that employees acknowledge via Appendix A receipt of such policy and the impacts of violating it.
IT management: Ensures that, at a minimum, all PCs and Servers display the "Notice of Acceptable Use" above.
This Information Security Office will review this policy on an annual basis.