1.0 Use and Maintenance of Laptop Computers

2.0 Use of Cellular Telephones

10.3 Use of the Internet

source for 10.0 - 000
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications.DOC

1.0 Use and Maintenance of Laptop Computers

2.0 Use of Cellular Telephones

10.3 Use of the Internet

source for 10.1 - 000
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications 01.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications 01.DOC

1.0 Use and Maintenance of Computers

10.1 - 002 Use and Maintenance of Computers
10.1 - 002.005 Use of Computers and Information Systems

2.0 Use of Cellular Telephones

10.3 Use of the Internet

source for 10.1 - 000
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications 10.1.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications 10.1.DOC

Approved by: Executive Director Number: 10.1 - 002

Date: February, 2001

Revised: April 30, 2006

Preamble:

The Huron-Perth Children’s Aid Society is the legal owner of all agency authorized information, technology data, hardware, software, and peripheral equipment. The Society reserves the right to specify the access to, and operation, transportation, transmission, storage, and maintenance of information technology equipment, data and systems. The Society reserves the right to amend and revise operating procedures in order to ensure compliance with these policies and any legal requirements that may be imposed on the Society.

All authorized users of the Society’s information systems shall be apprized of the Information Technology Management Policies and Procedures. Authorized users are responsible for ensuring that the content of all text, audio, or images that they create, access, store or transmit using the Society’s information technology is appropriate to the workplace.

Liability of Authorized Users:

Information technology must be used in a way that minimizes, to the fullest extent possible, any chance of damage, loss, and theft or unauthorized distribution of information. Any authorized user responsible for loss or damage to any information technology equipment through negligence, carelessness, or failure to follow policies and procedures, or who has breached confidentiality, may be subject to disciplinary action.

Confidentiality and Privacy of Information:

H-P CAS recognizes its legal and ethical responsibility to protect the privacy and confidentiality of its employees, associates and clients. Authorized users are required to comply at all times with the Society’s Information Management Policies and Procedures, the Society’s Privacy of Information Statement, the Personal Information Protection and Electronic Documents Act (Canada) the Personal Health Information Protection Act (Ontario) and all other Society policies and Provincial and Federal privacy legislation applicable to the use of the Society’s information technology.

Purpose of the Policy:

The Huron-Perth Children’s Aid Society is committed to providing and maintaining information technology which:

• Meets the Society’s legal and ethical obligations to the privacy of its clients, employees and associates
• Maintains the integrity of the Society’s electronic information
• Provides collaborative and secure access to information to the Society’s authorized users as may be appropriate to their job duties and responsibilities
• Is used in a legal, responsible and professional manner by employees of the Society and its associates
• Employs current technologies in an efficient manner and provides an opportunity for future growth and development in the use of technology in order to preserve and protect these ideals, the following information technology policies are implemented by the Society.

Policy:

1. All information created by, received by, stored on, and transmitted from the Society’s information technology equipment is the sold property of the Huron-Perth Children’s Aid Society and will remain in the Society’s possession in the event of an authorized user’s leave or termination.
2. It is the policy of the Society that the society shall, in accordance with availability and financial resources, provide, for CAS related needs, computer access. All Information technology equipment is the Society’s property and will be returned immediately upon termination of employment or upon commencement of any leave. The Society may request the return of information technology equi9pment from an authorized user at any time.
3. The Society shall enact procedures addressing the use and maintenance of computers owned and/or leased by the Society.

source for 10.1 - 002
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/10-1computers/002.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/10-1computers/002.DOC

Approved by: Executive Director Number: 10.1 - 002.005

Date: February, 2001

Revised: April 30, 2006

Procedure:

This procedure applies to all equipment and/or portable type equipment access owned or leased by the Society Ownership of Information Technology: All information created by, received by, stored on, and transmitted from its information technology equipment is the sole property of the Society. Leaves and Terminations: In the event of an authorized user’s leave or termination, the Information Systems Manager will determine the data files that need to be retained and all other files created by the user will be deleted (inclusive of, but not limited to, work processing documents, spreadsheet files, database information, reports and electronic mail). Users shall return information technology equipment to the Information Systems Manager and /or their designate immediately upon termination of employment, upon commencing a leave of absence, or at any other time it is requested. Monitoring Use: Authorized users shall be aware that the use of the Internet and internal information technology may be audited or monitored at any time by the Director of Corporate Services, or Information Systems Manager or their designate in order to ensure compliance with information technology policies. Access to Information regarding Information Technology

• The Information Systems Manager or their designate is responsible for distributing a copy of the policies and procedures regarding Information Technology to each authorized user before they are granted access to the Society’s information technology
• The Information Systems Manager will post a current copy of the Information Technology Policies and Procedures on the Society’s intranet.
• Authorized users can access current copies of the Information Technology Policies and procedures on the intranet and should do so to keep current with policy and procedure updates as they are individually responsible for immediate and ongoing compliance.

Passwords and Access Protocols:

• The Information Systems Manager or their designate is responsible for all information technology access and authentication procedures and password administration, and shall maintain a current list of all user’s information technology account details and passwords.
• Usernames and passwords are confidential and are intended for the exclusive use of the person to whom they were assigned. Passwords are not to be communicated to other staff members for any reason.’
• Users required additional access to data or files shall contact the Information Systems or their designate and arrange to have their access revised rather than using another person’s password.
• Users must not post, display or make accessible any passwords.
• Any user concerned about the integrity of their password is responsible for requesting a password change from the Information Systems Manager or their designate Assigned Equipment: Authorized users shall use only the information technology equipment assigned to them. Loaning or trading equipment to other users is not permitted. Personal Use: Use of the Society’s information technology for non-business purposes by authorized users is permissible during breaks or outside of work hours, provided that all other usage policies and procedures are adhered to. Users may not allow family members or other unauthorized persons access to the Society’s information technology (hardware and software) for any reason. Breaches of Confidentiality: Should a breach (or suspected breach) of confidentiality occur, users are responsible for immediately reporting the incident to their supervisor and the Information Systems Manager or their designate and the Director of Corporate Services? Forging Data/Data Integrity: Intentionally obscuring, changing or forging the date, time, physical source, logical course, or other label or header information on electronic mail, files or data will not be permitted.

Content: Users are responsible for ensuring that the content of all text, audio, or images that they create, access, store or transmit using the Society’s information technology is appropriate to the workplace (e.g. Does not contain illegal, pornographic, racist or discriminatory content in accordance with the Human Rights code of standards).

1. It should be recognized that, the drive to implement laptop (portable) computer equipment within the agency is as a result of both agency planning and the direction of the Ministry of Community and Social Services (M.C.S.S.) to, primarily, accommodate access to the Provincial reformation of information access to meet provincial standards and guidelines which require “prior contact” checks. Second, issuance of this equipment is in attempt to alleviate “physical locale” obstacles to expedite and promote efficiency of case recording.
2. The society will develop and maintain an inventory of computer equipment.
3. All user(s) of equipment should be prepared for a replacement of this equipment approximately every 36 months.
4. The Users(s) of the Society owned/leased computer(s) shall: Use the assigned unit only for C.A.S. business; personal use will be allowed given approval by the Director of Corporate Services or the Information Systems Manager or the Executive Director (designate); Use and Transportation of Equipment:
   • Creation of, transmission to and storage of Society information on equipment not owned or leased by the Society is strictly prohibited (including but not limited to: home computers, portable computers, removable USB drives, removable hard drives, personal digital assistants (PDA(s)), floppy diskettes, writable CD(s)/DVD(s), and USB storage devices.
   • Users may not transport the Society’s information technology equipment outside of any provincial or national border for any reason, without specific authorization by the Director of Corporate Services or the Information Systems Manager.
   • Users who are travelling within the province to Society business or training shall not transport the Society’s information system equipment with data or with them unless it is absolutely necessary.
   • Users who are travelling within the province for personal reasons may not transport the Society’s information technology equipment or data for any reason, without specific authorization by the Director of Corporate Services or the Information Systems Manager.
   1. Commit responsibility for the equipment assigned to him/her by written signature upon receipt of the assigned unit (or institution of this policy/procedure);
   2. Report any malfunctions of the unit to the designated person within the Society;
   3. Be responsible and accountable for information security; Not leave the unit unattended and/or implement the Society’s security procedure(s) accordingly; Security Measures:
      • The Director of Corporate Services, the Information Systems Manager or their designate is responsible for designing and implementing Information Technology security measures.
      • Unauthorized installation of network connections, network devices and/or wireless access points is not permitted
      • Users are responsible for immediately reporting any information technology security violation (or suspected violation) to the Information Systems Manager or their designate.
      • All computers are to be logged off or shut down during any period of absence, and are to always be shut down at the end of the day.
   4. Ensure they are logged off when vacating their unsecured work area; ensure they are logged off at the end of their work day;
   5. NOT install or download any unauthorized software, data or shareware from any source; such action must be approved by the system administrator or the Executive Director (designate);
   6. Observe all software licensing agreements and copyright laws and not transfer nor copy software licensed to the unit assigned to him/her, to anyone;
   7. NOT employ any external storage media (diskettes) unless first tested and deemed free of any damaging components (i.e.; virus).
   8. NOT read, discuss or expose any (potentially or factually) sensitive and/or confidential information accessed from the agency databank(s), file server or Fast Track Information System (F.T.I.S.), nor said or related information generated on the computer unit assigned to the user, in a locale that might be considered public;
   9. NOT browse agency or F.T.I.S. system(s) unless directly work task related; information retrieved will be for legitimate agency business purpose(s) only.
   10. Ensure complete and accurate data integration by performing synchronization and/or replication exercises on a regular and timely basis.
5. Computers must only be repaired/debugged by Society authorized staff or collaterals.
6. All computers will employ various security/encryption devices/software; subject to change from time to time.
7. All User(s) shall report any loss or theft of Laptop computers (and related equipment and information stored on them) immediately, to the designated person in the Society; a police report will be made immediately upon identification of the loss or theft and this information also forwarded to the designated person in the Society.
8. All User(s) should be conscious that reports will be provided to all CAS’s on the number of requests, the number of hits and other statistical information regarding the use of the F.T.I.S. by individual(s) authorised to access the F.T.I.S..

source for 10.1 - 002.005
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/10-1computers/002.005.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/10-1computers/002.005.DOC

1.0 Use and Maintenance of Computers

2.0 Use of Cellular Telephones

10.2 - 002 Use of Cellular Telephones
10.2 - 002.005 Use of Cellular Telephones

10.3 Use of the Internet

source for 10.2 - 000
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications 10.2.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications 10.2.DOC

Approved by: Executive Director Number: 10.2 - 002

Date: February, 2001

Policy:

1. It is the policy of the Society that:
   1. Communication and contact amongst agency staff, at critical intervals, while fulfilling the mandate of the society, be established in an expedient, efficient and appropriately accessible manner.
   2. Safety and security of agency staff be identified and addressed.
2. The Society shall enact procedures addressing the access to and use of the Society’s cellular telephones, service and equipment.

source for 10.2 - 002
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/10-2cellphone/002.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/10-2cellphone/002.DOC

Approved by: Executive Director Number: 10.2 - 002.005

Date: February, 2001

Procedure:

1. This procedure applies to all staff who use society owned cellular telephones and for that use of personally owned cellular telephones which the staff member chooses to conduct agency related business.
2. Caution must always be exercised when communicating via cellular telephone. The user(s) of this communication path must be sure not to provide identifying information of client(s) as cellular telephone transmissions are not secure.
3. Cellular telephone(s) should only be used for:
   1. assisting staff in emergency situations;
   2. safety and security reasons;
   3. case related matters where a “land phone” is not available or appropriate to use;
   4. in the event the staff member anticipates the need to be contacted.
4. Agency owned or leased Cellular telephones are not to be used for personal business without approval from the Executive Director or designate. Any personal use of cellular telephone and related service will be reimbursed to the society.
5. Users are cautioned not to use the cellular telephone in the vicinity of audio tapes, videotapes, computer disks or other magnetic media.
6. The Users(s) of the Society’s cellular telephone(s):
   1. Will record the equipment use in the Equipment/key sign out binder (or replacement recording vehicle) upon taking the cellular telephone (and related equipment) and again upon its return;
   2. Ensure the cellular telephone is reattached to it’s power unit upon returning the unit to the agency storage location;
7. The user(s) of the cellular telephone will ensure the unit is stored in a safe and secure manner and location while signed out to an individual.
8. The user(s) of the cellular telephone(s) are responsible for reporting and bearing the associated cost in the event of theft or damage.

source for 10.2 - 002.005
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/10-2cellphone/002.005.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/10-2cellphone/002.005.DOC

Approved by: Executive Director Number: 10.3 - 005

Date: February, 2001

Policy:

1. It is the policy of the Society that the society shall provide, for C.A.S. related concerns only, Internet access as a means to access knowledge, communicate, retrieve data and/or disseminate C.A.S.-related information.
2. The Society shall enact procedures addressing the access to and use of the Internet utilizing the Society’s service and equipment.

source for 10.3 - 000
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/OLD - Use of the Internet - Policy.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/OLD - Use of the Internet - Policy.DOC

1.0 Use and Maintenance of Computers

2.0 Use of Cellular Telephones

10.3 Use of the Internet

10.3 - 002 Use of the Internet
10.3 - 002.005 Use of the Internet
10.3 - 004 Use of E-Mail
10.3 - 004.005 Use of E-Mail

source for 10.3 - 000
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications 10.3.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/technology-communications 10.3.DOC

Approved by: Executive Director Number: 10.3 - 002

Date: February, 2001

Revised: April 30, 2006

Policy:

1. It is the policy of the Society that the society shall provide, for C.A.S. related concerns only, Internet access as a means to access knowledge, communicate, retrieve data and/or disseminate C.A.S.-related information.
2. Internet access provided to the Society’s authorized users is a privilege. Authorized users must respect the rights of others, and observe all of the Society’s legal obligations, policies and procedures while using the Internet.
3. The Society shall enact procedures addressing the access to and use of the Internet utilizing the Society’s service and equipment.

source for 10.3 - 002
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/002.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/002.DOC

Approved by: Executive Director Number: 10.3 - 002.005

Date: February, 2001

Revised: April 30, 2006

Procedure:

1. This procedure applies to all remote access including, but not exclusive to:
   1. access via the Government of Ontario service provision;
   2. any other internet service provider(s);
   3. Any non-direct dial remote access application is to be considered under this procedure.
2. Internet access other than the connections maintained by the Society will not be installed on the Society’s computers.
3. Caution must always be exercised when accessing communication paths equivalent to the Internet. These user(s) of this communication path must be sure not to provide identifying information of client(s)
4. C.A.S. Internet access must not be used to gain unauthorized access to remote computers.
5. Use of Internet accounts is strictly work-related and will not be used for any activity (including games and/or recreational activity(s) that is private or commercial for personal and/or financial gain.
6. The Users(s) of the Society’s Internet facilities:
   1. shall act responsibly;
   2. maintain the integrity, credibility and philosophical stance of the Society;
   3. communicate appropriate, C.A.S. related information only and in accordance with C.A.S. policy and/or position(s);
   4. NOT offer personal opinions.
   5. accessing websites or downloading information containing content inappropriate to the workplace is strictly prohibited (e.g. Accessing or distributing material that s pornographic, sexually graphic, abusive, discriminatory or offensive);
   6. Internet gambling and gaming are strictly prohibited;
   7. Download any audio or video file formats, and accessing internet radio or television broadcasts or video file streaming are prohibited unless the download is for business purposes and has been approved by the Information Systems Manager or their designate and/or the Director of Corporate Services;
   8. Accessing personal email accounts provided by outside internet service providers or email providers over the Society’s internet connections or on agency computers is prohibited. Hotmail accounts shall not be accessed and hotmail or personal addresses are not to be stored in the local address book.
7. It is prohibited to attempt to circumvent data-protection and/or intentionally uncover security loopholes.
8. All User(s) shall report any potential for security circumvention to the systems administrator.
9. All User(s) shall report any encounter with potentially damaging material like that known as a “virus”.
10. All software licensing agreements and copyright laws must be observed. Downloading and/or installing any unauthorized software is prohibited(including but not limited to the following: applications, screen savers, toolbars, games, freeware and ad ware)
11. All User(s) will not share password(s) or Internet accounts beyond the boundary of normal daily functions.
12. In the instance of Electronic Mail use, all user(s) will:
    1. Check that the addressee name(s) are correct;
    2. Exercise caution as electronic mail is instant, irretrievable, can be forwarded endlessly and can be retained permanently in any number of forms or locations;
    3. Exercise caution and ensure confidentiality with the knowledge that privacy of any communication cannot be guaranteed;
13. User(s) should not use the Internet resources of the Society for the purpose of collecting, using or disclosing personal information without adequate and approved safeguards to protect the Society’s resources and databank(s).
14. Participate in chat lines, instant messaging services, ftp and peer-to-peer file sharing are prohibited. Chat lines are not to be accessed through the Internet resources of the Society unless they have been approved AND are used in relation to the conduction of Society business. Accessing these types of sites and resources using the Society’s accounts may make the Society liable for any opinions/advice supplied.

source for 10.3 - 002.005
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/002.005.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/002.005.DOC

Approved by: Executive Director Number: 10.3 - 004

Date: February, 2001

Revised: April 30, 2006

Policy:

1. Electronic mail present on the Society’s information technology is the property of the Society. The Society reserves the right to randomly monitor, audit, intercept, access, and disclose all messages created, received, or sent over the electronic mail system. Email may also be requested or monitored by Senior Management, client attorneys, and IT staff at Ministry or Society level. All email users are expected to conduct themselves in a professional, responsible, legal, fair, considerate, and ethical manner.
2. It is the policy of the Society that the society shall provide, for C.A.S. related concerns only, Email as a means to access knowledge, communicate, retrieve data and/or disseminate C.A.S.-related information.
3. The Society shall enact procedures addressing the access to and use of Email utilizing the Society’s service and equipment.

source for 10.3 - 004
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/004.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/004.DOC

Approved by: Executive Director Number: 10.3 - 004.005

Date: February, 2001

Revised: April 30, 2006

Procedure:

1. This procedure applies to all use of Email while accessing information on Agency equipment
2. Inter-office and Inter-agency email is considered a secure form of business communications. Employees should be aware that all information received or transmitted is the property of the Huron-Perth CAS and may be requested or monitored by senior management, client attorneys and IT staff at the Ministry or Agency level.
3. The Society reserves the right to randomly monitor, audit, intercept, access, and disclose all messages created, received, or sent over the electronic mail system
4. Electronic mail is admissible in court as evidence and can be subpoenaed.
5. Users of agency email systems represent the Huron-Perth CAS and are expected to conduct themselves in a professional, responsible, legal, fail, considerate, professional and ethical manner.
6. Internet electronic mail is not a secure form of communication. No private or identifying information (Names, birth dates, et al) pertaining to the Society’s clients, employees or associates or confidential Society business will be communicated to any recipient via Internet mail. (Inclusive of but not limited to communications with the following: clients, foster parents, schools or school boards, Police, the Society’s board members, the Society’s volunteers, summer camps, service providers, the Society’s affiliates or organizations, lawyers, doctors or the Society’s employees’ outside or home internet addresses). Hotmail accounts shall not be accessed on Work computers. Only professional contact(s) addresses should be stored in the local address book. No hotmail or personal addresses should reside in the local copy of the address book.
7. It is only acceptable to open personal emails without attachments for security reasons. Personal emails with attachments should be deleted without opening.
8. If there is any doubt about whether information should be communicated via email, it is each user’s responsibility to verify this with the Director of Corporate Services, their Manager, or the Manger of Information Systems prior to sending the email.
9. The Information Systems department is responsible for maintaining various levels of virus and intrusion protection systems, and/or monitoring inbound and outbound network traffic for known threats. All emails and/or attachments containing viruses may be deleted without notification to the intended recipient.
10. Inter-office and Inter-agency email is to be checked by users on a regular and frequent basis, preferably daily. Users will reply to email as promptly as they would a telephone message.
11. The Society forbids the use of the Society’s equipment or electronic mail communications to:
    • Access or distribute material that expresses or promotes discriminatory attitudes or hatred, make racial, ethnic slurs or defamatory or other derogatory statements, harassment, slander or threats.
    • Conduct any illegal or immoral activity prohibited by federal, provincial statues and common lay
    • Misrepresent the Society’s identity and/or misuse current Society business practices
    • Forward chain letters, jokes, spam or viruses
    • Send anonymous messages or impersonate other employees
12. Electronic mail should be addressed to the specific people involved not all agency staff in order to reduce the traffic
13. Weather reports will not be sent via email in order to reduce the traffic.

source for 10.3 - 004.005
/1-0ADOPT/HP CAS P&P/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/004.005.DOC
/10-0TECHNOLOGY-COMMUNICATIONS/10-3internet/004.005.DOC