This document provides City employees with the information technology infrastructure guidelines. All City employees shall sign for and adhere to these guidelines. Failure to follow these guidelines may be grounds for disciplinary action up to and including termination, and may result in civil or criminal penalties. If you have any questions on this document or if you are not sure how to do something described in this document please call the IT Office at extension 2708 Mo-Fri 9:00AM-5:30PM.
1. Acceptance of Jurisdiction
The City of Doral maintains jurisdiction of all its information technology systems and makes them available to staff to help them in their day to day work, with the understanding that usage of such systems or of the City’s technological infrastructure implies acknowledgement and abidance of these guidelines.
2. Hardware, Software and Data Infrastructure Property
The technological infrastructure within the City’s jurisdiction includes but is not limited to the following:
- Hardware: portable computers, magnetic, optical, and other storage media.
- Software: database and other systems.
- Data: Network drives, data, files, folders, databases,
- Metadata: domain information, IP addresses, web addresses, mail domains, e-mail accounts.
All software and data within the City’s premises are within the jurisdiction of the City. The City reserves the right to monitor any data, in any computer, at any time within its jurisdiction and without prior notice to ensure that the system is being used appropriately and in compliance with City policies and directives. The City may also monitor all communications such as e-mail and voice mail at any time. Neither employees nor any other external entities have any personal privacy or proprietary rights in any matter created, received or sent from any system or media within the City’s jurisdiction. Each account in the City’s system requires a password to prevent unauthorized access to the City’s data and is not to be construed to imply any privacy rights to the owner of the account.
3. Password Security
Each user in City systems has an account name and a password. Users will not divulge their password to anyone. Password security ensures that events in the system are traced to the correct user. Users will be held responsible for their accounts. Users will change their password on their first login and whenever they feel that it might have been compromised. Users must change their passwords whenever they suspect someone has seen them type it, and will alert IT if any changes to their profiles have occurred without their knowledge.
Passwords must be seven or more characters, It should include characters like (!@#$%^^&*()), numbers, and upper and lower case letters, and must never be an English or Spanish word.
4. Electronic/Internet Mail (e-mail)
Electronic mail (e-mail) will be used as an informative method of communication. E-mail is intended to increase the efficiency of communications between staff and departments and the free flow of information within and out of the City. As such e-mail is not intended to be a searchable repository of records and using it in this manner is discouraged.
The City recognizes its duty to retain information and make it available to the public, however the City finds that keeping every piece of data created without organization and regardless of content, is counterproductive to this duty since large and disorganized data repositories are difficult to search. Searching such data repositories can be as difficult as having no data at all.
Although the e-mail system is intended for casual communication, its data will be preserved for a period of time and will be made available to the public upon request. Permanent deletion of any data outside of the City’s disposal process is prohibited. In other words, neither employees nor any other external user cause message to be permanently deleted by emptying their deleted “Items folder” or by any other means. The system will automatically handle this. Nevertheless, staff is responsible to ensure that all public records (i.e. records intended to “formalize or perpetuate knowledge”) are saved in our record management system under the appropriate category. Follow the following rules when dealing with public records:
- The sender of a public record is responsible to ensure that it is properly saved.
- Keep a copy of any such item in the sender’s network drive.
- Send public records as attachments to simplify searching.
In general, discussion of personnel actions or other privileged information in electronic messages is prohibited, and all users and will ensure that all communications are free from sexual harassment and other illegal or inappropriate content. Finally, all e-mails transmitted from City computers are public records pursuant to Chapter 119 of the Florida Statutes.
4.1. Internet Mail
Inappropriate use of e-mail using City equipment or within the City’s infrastructure is prohibited. This includes impersonation of City mail addresses, placing, causing to be placed or authorizing placement of any illegal or inappropriate material in the City’s mail system. Users are responsible for monitoring their accounts (whether personal when accessed from City premises or City owned) for illegal or inappropriate content and will notify their supervisor immediately if such material is found. Upon such a notification, the notified will immediately call the IT Office. The City reserves the right to monitor the mail system including mailboxes at any time, without prior notice to ensure that the system is being used appropriately and in compliance with City policies and directives.
4.2. Personal Mail
Employees are allowed to send/receive personal mail as long as it follows the requirements of the previous section and also the following guidelines:
- Personal mail must not be forwarded to more than three recipients at a time. Announcements that pertain to a significant subset of City staff should be forwarded to the department director (if the nature of the message is departmental) or to the HR director (if the nature of the message is interdepartmental) for action.
- Personal mail with attachments that did not originate with the sender must not be forwarded to any other employee. Employees will take great care that their personal mail is appropriate, free from sexual harassment and does not contain hostile agents that may jeopardize the City’s data or infrastructure.
- Personal mail is subject to becoming public information.
5. Personal Software and data
Personal software will not be permitted on City owned equipment unless all of the following requirements are met:
- The user has a legal license and he/she is willing to donate it to the City. All software installed in City computers shall become property of the City
- The purpose of the software is to aid the user in City business.
- IT staff has verified that the software cannot damage the system and is compatible with the City standards.
Only authorized personnel can install software in the City’s computers. Installation of any software in City equipment must be approved by the IT Director. Personal storage media may not be used in the City’s computers without IT verification and approval of the media.
6. Internet Access
This section deals with user access to the Internet. Internet access has become an integral part of daily work. The City provides employees with access to the Internet to ease daily work and not for personal recreation. However, moderate use of the Internet for recreational purposes is allowed during employee lunch breaks.
6.1. Internet Browsing
While browsing the Internet, Employees will only visit sites related to their work duties, no business outside of City business will be conducted while using City equipment or during City time. Employees will not visit any illegal, pornographic or inappropriate sites. It is understood that during the course of their duties certain employees from the Police department, the Law Department, and IT may require access to restricted sites, in this case, access will be documented and approved in writing by the department head or his/her designee, on a case by case basis. If a staff visits an inappropriate site by mistake, he/she will notify IT so that they can in turn notify/modify Internet filter in place.
6.2. Internet Radio/TV
These services can be very useful for information on current events however they consume a relatively large amount of bandwidth and therefore should only be use as a last resort and when the information needed is critical. Listening to music or recreational use of radio or TV is not allowed.
6.3. Downloading files from the Internet
No downloading of executable files (programs) from the Internet will be allowed unless the employee first gets approval from his department head and from the IT Director. Employees who violate this rule may be disciplined up to and including dismissal and in addition are liable to damage that they may cause to City’s data, due to the download or to the import of viruses. Staff may obtain written exemption from this rule from the IT Director if he routinely requires this tool to do his job and is trained to do it properly. Other City staff in need of an executable file may request it from an authorized employee.
7. Recreational Use of City resources
City computers come installed with some recreational programs designed to help new users get acquainted with the system and improve hand to eye coordination. Employees can run these programs in their lunch hour and breaks but not during normal working hours. Supervisors are responsible for monitoring employee’s usage of recreational programs. Use of recreational resources during working hours can cause the revocation of privileges for the user. IT staff will remove all recreational programs from any computer upon request from the City Manager or a department head.
8. Network Drives
Every department/division will have one or more shared drives where all significant data and files will be stored. These will be the only data files backed up. Staff will refrain from storing significant data elsewhere. Staff will not store files in their desktops or personal directories as these files will not be backed up.
9. Network Drive Backup Procedure
Every department will have one or more shared drives where all significant files will reside. The IT department will perform a daily backup of all shared drives in the City and will keep them in storage in case that a file is lost or corrupt or in case of a disaster. All significant data generated by departments will be stored in the department’s shared drive. Staff will take care not to store significant data in the internal drives of the client PC.
The City’s central databases are automatically backed up daily.
10. Power Outage Procedure
Most power outages are short, requiring no action by City staff since the UPS attached to each computer can keep the computers running while the power outage lasts. In case of a power outage that lasting longer than 5 minutes, Department/Division heads will ensure that all computers within their jurisdiction be shutdown and turned off. Upon restoration of power, computers will be powered on sequentially instead of all at the same time.
All computers must be plugged into an Uninterruptible Power Supply (UPS) that will afford battery power backup and surge protection. The CPU, monitor(s), and related accessories shall be plugged into the battery backup side of the UPS. Printers shall NOT be plugged into UPS. Software accompanying UPS must be installed so that unattended computers can be automatically shutdown. Consult IT staff if your computer does not have this software installed.
11. Procedure for Hurricane or other disaster
In case of a hurricane please refer to the “City of Doral Hurricane Preparedness Plan for Information Technology”.