Employment Home
Equal Employment Opportunity
Examination and Certification
Pre-Employment Reviews
Drug-Free Workplace
Appointment
Compensation
Employee Benefits and Insurance
Leave Administration
Work Schedules
Training
Travel/Relocation
Employee Recognition
Employee Relations
Retirement
Layoff
Position Control and Employee Files
Risk Mgt/Health and Safety
Public Access Computer Security Policy Information
Section:
Subsection:
Authorized By
Navdeep S. Gill, County Executive
Revision History
Revised: 08/2018
Established: 03/2007
Contact
Policy and Compliance Administrator
Department of Personnel Services
Email: AskDPS@saccounty.gov
County of Sacramento departments and agencies provide faster and more efficient service to the walk-in public by providing public access computers in facilities convenient to the public. The need to provide prompt and courteous service to the public is of utmost concern to the County of Sacramento. The purpose of this policy is to define the security measures to ensure County data is protected in accordance with the Electronic Data Access Policy.
This policy applies to all County-owned public access computer systems. Public access computer systems are defined as any computer system made physically available to or accessible by the public for accessing County data and/or the Internet. The policy documented below defines the security measures necessary to secure County data and systems from unauthorized access. The Public Data Policy governs the County data accessible to constituents.
It is of primary importance to ensure that County of Sacramento networks, computer systems, and data are protected from potential malicious use and/or theft. Due to the nature of public access computers being exposed to the public, and the need to put them in convenient locations accessible by the public, a common set of policies and associated standards protects the County’s assets and data.
This document defines the policies related to the secure implementation and management of all County of Sacramento public access computer systems. This policy provides direction to ensure that the County of Sacramento has performed due diligence to protect the County networks, computer systems and data from anonymous public access (through the use of County supplied and approved public access computer systems).
This policy applies to all public access computers connected to County of Sacramento resources and data. This includes all County departments and agencies.
This policy applies to all organizational units, employees, contractors, and others implementing and managing public access computers with access to the County network infrastructures.
A. Public access computer systems will be physically secured to prevent theft or malicious use.
B. Public access computer systems must restrict access to County of Sacramento data and services based on the approved and designated function of the device and the requirements of the Public Data Policy.
C. Implementation of security on any public access computer system will meet or exceed the minimum security standards defined in the Public Access Computer Security Standards document.
D. All new implementations of, or architectural modifications to any public access computer must be reviewed and approved for compliance to this policy and the Public Access Computer Security Standards document before implementation.
E. A post implementation review of any new public access computer system or any public access computer system that has been architecturally modified will be performed to verify compliance with this policy and the Public Access Computer Security Standards document.
F. Ongoing regular security audits will be conducted by the Department of Technology (DTech) on the public access computer system to ensure compliance to this policy and the Public Access Computer Security Standards document.
G. Any public access computer system(s) found to pose a significant risk to other information systems, any individual’s identity or privacy, or found not in compliance with this policy must be removed from service until such time as the risk or non-compliance can be mitigated.
H. The DTech Security Perimeter Team will be responsible for ensuring the compliance of this policy and the Public Access Computer Security Standards document. The Security Perimeter Team will perform compliance reviews in coordination with the applicable department with public access computers.
Regular assessments will be conducted on these policies and standards to validate relevance and applicability to the current environment. Requests for changes to this Public Access Computer Security Policy will be submitted to the Chief Information Officer (CIO) for consideration.