(Amendment)
DAR File No.: 38470
Filed: 04/29/2014 09:13:13 AMRULE ANALYSIS
Purpose of the rule or reason for the change:
Information technology resources are provided to state employees to assist in the efficient day to day operations of state agencies. The change to this rule clarifies responsibility of employees to ensure security of state's information technology resources.
Summary of the rule or change:
In Subsection R895-7-4(4)(a), replace the word "management" with "data owner", and adds Subsection R895-7-4(4)(l).
State statutory or constitutional authorization for this rule:
- Section 63F-1-206
Anticipated cost or savings to:
the state budget:
There is no anticipated cost or savings to the state budget, as this change will not affect any processes performed by the state.
local governments:
There is no anticipated cost or savings to local government, as this change will not affect any requirements processes performed by local government.
small businesses:
There is no anticipated cost or savings to small businesses, as this change will not affect any requirements processes performed by small businesses.
persons other than small businesses, businesses, or local governmental entities:
There is no anticipated cost or savings to persons other than small businesses, businesses, or local government entities, as this change will not affect any requirements processes performed by other persons.
Compliance costs for affected persons:
There is no compliance cost for affected persons, as this change will not affect processes performed by affected persons.
Comments by the department head on the fiscal impact the rule may have on businesses:
The change to this rule will have no fiscal impact on businesses.
Mark VanOrden, Executive Director
The full text of this rule may be inspected, during regular business hours, at the Division of Administrative Rules, or at:
Technology Services
Administration
Room 6000 STATE OFFICE BUILDING
450 N STATE ST
SALT LAKE CITY, UT 84114Direct questions regarding this rule to:
- Stephanie Weiss at the above address, by phone at 801-538-3284, by FAX at 801-538-3622, or by Internet E-mail at stweiss@utah.gov
Interested persons may present their views on this rule by submitting written comments to the address above no later than 5:00 p.m. on:
06/16/2014
This rule may become effective on:
06/23/2014
Authorized by:
Mark VanOrden, Executive Director and CIO
RULE TEXT
R895. Technology Services, Administration.
R895-7. Acceptable Use of Information Technology Resources.
R895-7-1. Purpose.
Information technology resources are provided to state employees to assist in the efficient day to day operations of state agencies. Employees shall use information technology resources in compliance with this rule.
R895-7-2. Application.
All agencies of the executive branch of state government including its administrative sub-units, except the State Board of Education and the Board of Regents and institutions of higher education, shall comply with this rule.
R895-7-3. Authority.
This rule is issued by the Chief Information Officer under the authority of Section 63F-1-206 of the Utah Technology Governance Act, Utah Code, and in accordance with Section 63G-3-201 of the Utah Rulemaking Act, Utah Code.
R895-7-4. Employee and Management Conduct.
(1) Providing IT resources to an employee does not imply an expectation of privacy. Agency management may:
(a) View, authorize access to, and disclose the contents of electronic files or communications, as required for legal, audit, or legitimate state operational or management purposes;
(b) Monitor the network or email system including the content of electronic messages, including stored files, documents, or communications as are displayed in real-time by employees, when required for state business and within the officially authorized scope of the person's employment.
(2) An employee may engage in incidental and occasional personal use of IT resources provided that such use does not:
(a) Disrupt or distract the conduct of state business due to volume, timing, or frequency;
(b) Involve solicitation;
(c) Involve for-profit personal business activity;
(d) Involve actions, which are intended to harm or otherwise disadvantage the state; or
(e) Involve illegal and/or activities prohibited by this rule.
(3) An employee shall:
(a) comply with the Government Records Access and Management Act, as found in Section 63G-2-101 et seq., Utah Code, when transmitting information with state provided IT resources.
(b) Report to agency management any computer security breaches, or the receipt of unauthorized or unintended information.
(4) While using state provided IT resources, an employee may not:
(a) Access private, protected or controlled records regardless of the electronic form without [
management]data owner authorization;(b) Divulge or make known his/her own password(s) to another person;
(c) Distribute offensive, disparaging or harassing statements including those that might incite violence or that are based on race, national origin, sex, sexual orientation, age, disability or political or religious beliefs;
(d) Distribute information that describes or promotes the illegal use of weapons or devices including those associated with terrorist activities;
(e) View, transmit, retrieve, save, print or solicit sexually-oriented messages or images;
(f) Use state-provided IT resources to violate any local, state, or federal law;
(g) Use state-provided IT resources for commercial purposes, product advertisements or "for-profit" personal activity;
(h) Use state-provided IT resources for religious or political functions, including lobbying as defined according to Section 36-11-102, Utah Code, and rule R623-1;
(i) Represent oneself as someone else including either a fictional or real person;
(j) Knowingly or recklessly spread computer viruses, including acting in a way that effectively opens file types known to spread computer viruses particularly from unknown sources or from sources from which the file would not be reasonably expected to be connected with;
(k) Create and distribute or redistribute "junk" electronic communications, such as chain letters, advertisements, or unauthorized solicitations[
.];(l) Knowingly compromise the confidentiality, integrity or availability of the State's information resources.
(5) Once agency management determines that an employee has violated this rule, they may impose disciplinary actions in accordance with the provisions of DHRM rule R477-11-1.
KEY: information technology resources, acceptable use
Date of Enactment or Last Substantive Amendment: [
June 8, 2004]2014Notice of Continuation: April 15, 2014
Authorizing, and Implemented or Interpreted Law: 63F-1-206
Document Information
- Effective Date:
- 6/23/2014
- Publication Date:
- 05/15/2014
- Filed Date:
- 04/29/2014
- Agencies:
- Technology Services,Administration
- Rulemaking Authority:
Section 63F-1-206
- Authorized By:
- Mark VanOrden, Executive Director and CIO
- DAR File No.:
- 38470
- Related Chapter/Rule NO.: (1)
- R895-7. Acceptable Use of Information Technology Resources.