2.0 Acceptable Use Policy 2.

1 Overview The Louisville Metro Government is responsible and committed to protecting its employees, affiliates and the organization itself from illegal or damaging actions by individuals, either knowingly or unknowingly. Intranet/Internet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing email, web-browsing capabilities, FTP, are the property of the Louisville Metro Government. These systems are to be used for business purposes in serving the interests of the organization in the course of normal operations. Effective security is a team effort involving the participation and support of every Louisville Metro Government employee and affiliate who deals with information and information systems. It is critical that ALL computer users know these guidelines and conduct themselves accordingly. 2.2 Purpose The purpose of this policy is to outline the acceptable use of computer equipment/software within the Louisville Metro Government. These policies are in place to protect the employee (and affiliates) and Louisville Metro Government and its electronic assets. Failure to follow this policy exposes the Louisville Metro Government to risks including virus attacks, SPAM attacks, compromise of network systems/services, and legal issues. 2.3 Scope This policy applies to employees and affiliates of the Louisville Metro Government, including all personnel affiliated with third parties. This policy also applies to all equipment that is owned, leased or purchased by the Louisville Metro Government. These policies fall in line with Louisville Metro Government Human Resources policies 1.4-1.6 and 1.8 here: http://metronet.yes/Depts/HR/default.htm. 2.4 Policy 2.4(1) General Use and Ownership The use of the Internet is for business purposes only. Data that is stored and created on the Louisville Metro Government systems becomes the property of the Louisville Metro Government. The Louisville Metro Government determines the reasonableness of personal use; employees will be guided by this policy.

Any information that may be deemed confidential and sensitive will have the proper steps taken (properly labeled and secured) to maintain its integrity. Information Sensitivity Policy and Data Retention Policy. For security and network maintenance purposes, members of the Louisville Metro Government Metro Technology Services may monitor equipment, systems and network traffic at any time, for any reason with or without cause. Louisville Metro Government reserves the right to audit network and systems on a periodic basis to ensure compliance with all IT Security policies. Louisville Metro Government employees and affiliates are responsible for reporting all weaknesses, security incidents and possible misuse of Louisville Metro Government information resources to IT Security. Incident Response Policy Users are responsible for reading all emails and notifications from Metro Technology Services concerning system downtime and upgrades.

2.4(2) Security and Proprietary Information The information stored on the Louisville Metro Government information systems will be classified as either confidential or nonconfidential. Information Sensitivity Policy. Examples of confidential information include, but not limited to, payroll information, employee information and protected health information. Employees will take all necessary steps to prevent unauthorized access to this information. Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. All PCs, laptops and workstations will be secured with a password-protected screensaver, locking the desktop or by logging off. Password Policy All systems that are used by an employee or affiliate that are connected to the Louisville Metro Government network must be loaded with Metro Technology Services approved antivirus software and current database. Please refer to the Louisville Metro Government Network and Access Policy. The release of information circumventing any open records procedure is prohibited.

2.4(3) Unacceptable Use The following activities are prohibited. Employees and affiliates may be exempted from these restrictions during the course of their legitimate job responsibilities. At NO time is an employee, or affiliate, of the Louisville

Metro Government authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing the Louisville Metro Government owned resources. The lists below are by no means exhaustive, but attempt to provide a framework for activities that fall into the category of unacceptable use. 2.4(3a) System and Network Activities The following activities are strictly prohibited, with no exceptions: 1. Violations of the rights of any person or company protected by copyright, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by the Louisville Metro Government. 2. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which the Louisville Metro Government or the end user does not have an active license is strictly prohibited. 3. Employee introduction of malicious programs into the network or on a server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.). 4. No employee or affiliate will reveal his or her User ID/password to anyone. 5. Using a Louisville Metro Government computing asset to actively engage in procuring or transmitting material that is in violation of federal, state or local laws. 6. Making fraudulent offers of products, items, or services originating from any Louisville Metro Government account. 7. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of their regular job functions. 8. Actively attempting to look for weaknesses within the Louisville Metro Government network is expressly forbidden. 9. Executing any form of network monitoring which will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job/duty is forbidden. 10. Circumventing user authentication or security of any host, network or account.

11. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet. 12. Providing information about, or lists of, the Louisville Metro Government employees to parties outside the Louisville Metro Government without adhering to the Louisville Metro Government Human Resources Policy 1.6. 13. Use of Louisville Metro Government assets for personal gain (e.g. eBay, running Internet based business, etc). 14. Users must not waste resources by using Internet streaming video or audio without prior approval from Metro Technology Services. 15. Impeding an IT Security or Human Resources investigation. 16. The use of external peripherals such as USB devices that are capable of storing data are forbidden unless approved through the Department of Technology. 17. Engage in any activity that would bring discredit to the Louisville Metro Government. 18. The storage of non-business related material in electronic format that could be deemed inappropriate, harassing and offensive in any manner. 2.4(3b) Email and Communication Activities The following is unacceptable use: 1. Sending unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (SPAM). 2. Any form of harassment via email, telephone or paging, whether through language, frequency, or size of messages. 3. The Louisville Metro Government email system shall not be used for the creation or distribution of any disruptive or offensive messages; including offensive comments about race, gender, gender identity, disabilities, age, sexual orientation, pornography, religious belief and practice, political beliefs, national origin or anything that may be deemed harassing in nature. 4. Unauthorized use, or forging, of email header information. 5. Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies. 6. Creating or forwarding of "pyramid" schemes of any type.

7. Excessive personal communication that would be deemed nonbusiness related. Human Resources reserves the right to determine excessive. 8. The use of 3rd-Party web mail services such as Hotmail, AOL, Yahoo, etc. is prohibited; the Louisville Metro Government cannot guarantee the security of those systems. 9. The distribution of chain letters and jokes from a Louisville Metro Government email account is prohibited. 10. The use of email for personal gain (e.g. - running a business, shopping, items for sale, etc.) is forbidden. 11. The sending of any Louisville Metro Government information that may be deemed sensitive or confidential to non-authorized recipients whether internal or external to our network. 12. Personal folders (.pst files) within Outlook a. Pst files are unsupported b. Pst files are not to be used as long-term, continuous-use method of storing messages. c. The storage of business critical and sensitive information inside of pst files is prohibited. - Pst files are highly susceptible to corruption and the chances for recovery from backup are not highly successful. 13. The posting of Louisville Metro Government email addresses on Internet web sites or electronic mailing lists is forbidden unless it is implicitly required for an individual to perform their job function. 2.4(3c) World Wide Web It is expected that employees and affiliates will use the Internet to improve job knowledge; to access scientific, technical, and other information on topics that have relevance to the Louisville Metro Government; and to communicate with peers in other government agencies, academia, and industry. The following is unacceptable use: 1. Employees and affiliates of the Louisville Metro Government are advised not to use the Internet for any purpose, which would reflect negatively upon the organization. 2. Employees and affiliates shall not use Internet chat rooms, discussion boards and newsgroups unless these sessions have a direct relationship to the users primary job function. 3. Accessing, viewing, retrieving, downloading or printing text and graphics which exceeds the bounds of generally accepted standards of good taste and ethics or which could be deemed inappropriate workplace material is forbidden.

4. Engaging in any activity, which would compromise the security of any Louisville Metro Government host system. 5. Instant messaging, online gambling, gaming activity and peerto-peer sharing network are forbidden. 6. The use of Internet streaming video and audio is forbidden, unless it has a direct relationship to the users primary job function (or permission has been explicitly granted from the Director of Technology). 7. Engaging in personal commercial activities on the Internet, including the offering of services or merchandise for sale or the ordering of services and merchandise from online vendors. 8. Attempting to bypass or circumvent the Louisville Metro Governments Internet content filter is forbidden. 2.5 Louisville Metro Police Specific These policies are specific to the Louisville Metro Police Department. Users shall keep their personal computers on at all times to allow software and configuration updates to be delivered during non-peak hours. Users are not to remove the labels or change the labels placed on equipment by the LMPD ITC. Users are not to move equipment without the approval of the LMPD ITC. (This includes moving computers to another desk, moving printers, moving network equipment, etc.) Users will not store data on their desktops. Storing data on the desktop increases log on time, as the data is made part of the users profile. If a users profile becomes damaged, it is possible for data on the desktop to be lost. Creating shortcuts on the desktop that point to data on the network drive will be used instead. All software used to access the Internet shall be configured to use the ISA http proxy. All wiring must be installed by a contractor approved by the Louisville Metro Police Department ITC. No personal or confiscated computers, technology equipment (scanners, digital cameras, USB devices, etc.) are to be used or connected to the LMP network that has not been approved by LMPD ITC. Upon meeting requirements, the items may be approved. Any equipment attached to the LMPD network becomes the property of the LMPD ITC.

2.6 Enforcement Any employee (or affiliate) found to have violated this policy will be subject to disciplinary action, up to and including termination of employment. For a comprehensive listing of Information Security Policies please visit the following; http://metronet.yes/Departments/IT/ 2.7 Revisions 07-01-03 Original 06-18-04 Revised 07-14-04 Revised 09-29-04 Revised 12-06-04 Revised 01-20-05 Revised
I have read the Acceptable Use Policy, and I understand and accept its provisions. I further acknowledge that violation of any portion of this policy will lead to disciplinary action up to and including termination of employment or access privileges:

Printed Name Department Signature Date _______ / ________ / ________

Please make a copy for your records and return this signed form to the rd Metro Technology Services Department 3 Floor City Hall Annex