NATIONAL LIBRARY AND INFORMATION SYSTEM AUTHORITY (NALIS)
Staff Internet Usage and Security Policy Document
Policy Overview
NALIS Vision Statement
NALIS is a dynamic network of libraries, entrepreneurial and customer oriented in outlook, offering information services to the nation and to the world, utilizing state-of-the- art technology.
NALIS is in the business of providing for information access and delivery to all facets of society.
In the context of its stated vision and purpose, NALIS provides access to the vast information resources of the Internet to its users and staff. This policy applies to the Wide Area Network linking the five buildings in Port of Spain and San Fernando. There is a separate Policy for the use of the computer networks in the Branch Libraries.
The facilities to provide access represent a considerable commitment of resources for telecommunications, networking, software, storage, etc. This Internet usage policy is designed to clarify our expectations for the use of those resources in the particular conditions of the Internet, and to help staff to use those resources wisely.
First and foremost, the Internet for this Organization is a tool, provided at significant cost, for making information available to our users and for improving efficiency in the work of the Division. That means we expect staff to use their Internet access primarily for work related purposes.
It is extremely important that all members of staff conduct themselves honestly and appropriately on the Internet, and respect the copyrights, software licensing rules, property rights, privacy and prerogatives of others. It should be emphasized that all existing policies which apply to public servants also apply to your conduct on the Internet, especially (but not exclusively) those that deal with intellectual property protection, privacy, misuse of the organization's resources, sexual harassment, information and data security, and confidentiality.
Unnecessary or unauthorized Internet usage causes network and server congestion. It slows other users, takes away from work time, consumes supplies, and ties up printers and other shared resources. Unlawful Internet usage may also garner negative publicity for the organization and could expose the organization to significant legal liabilities.
The chats, newsgroups and email of the Internet give each individual Internet user an immense and unprecedented reach to publicize our services and provide information -about our organization. Because of that power we must take special care to maintain the clarity, consistency and integrity of the organization's image and posture. Anything any one employee writes in the course of acting for the organization on the Internet can be taken as representing the organization's official posture. That is why we expect staff to forgo a measure of their individual freedom when participating in chats or newsgroups in the course of their work.
While our direct connection to the Internet offers a cornucopia of potential benefits, it can also open the door to some significant risks to our data and systems if we do not follow appropriate security discipline. As presented in greater detail below, that may mean preventing machines with sensitive data or application from connecting to the Internet entirely, or it may mean that certain users must be prevented from using certain Internet features like file transfers. The overriding principle is that security is to be everyone's first concern. An Internet user can be held accountable for any breaches of security or confidentiality.
Certain terms in this policy should be understood expansively to include related concepts. "Document" covers just about any kind of file that can be read on a computer screen as if it were a printed page, including the HTML files read in an Internet browser, any file meant to be accessed by a word processing or desk top publishing program or its viewer, or the files prepared for the Adobe Acrobat reader and other electronic publishing tools. "Graphics" includes photographs, pictures, animations, movies, or drawings. "Display" includes monitors, flat-panel active or passive matrix displays, monochrome LCDs, projectors, televisions and virtual-reality tools.
(A) Management and Administration
1. The organization has software and systems in place that can monitor and record all Internet usage. We want you to be aware that our security system is capable of recording (for each and every user) each World Wide Web site visit, each chat, newsgroup or email message, and each file transfer into and out of our internal networks, and we reserve the right to do so at any time. No employee should have any expectation of privacy as to his or her Internet usage. Out network managers will review Internet activity and analyse usage patterns, and they may choose to publicize this data to assure that official Internet resources are devoted to maintaining the highest levels of productivity.
2. We reserve the right to inspect any and all files stored in private areas of our network in order to assure compliance with policy.
3. The display of any kind of sexually explicit image or document on any system is a violation of our policy. In addition, sexually explicit material may not be archived, stored, distributed, edited or recorded using our network or computing resources.
4. This organization's Internet facilities and computing resources must not be knowingly used to violate the laws and regulations of Trinidad and Tobago or any other nation in any way. Use of any of the organization's resources for illegal activity is grounds for disciplinary action and we will cooperate with any legitimate law enforcement activity.
5. No employee may use the organization's facilities knowingly to download or distribute pirated software or data.
6. No employee may use the organization's Internet facilities to deliberately propagate any virus, worm, Trojan horse, or trap-door program code.
7. No employee may use the organization's Internet facilities knowingly to disable or overload any computer system or network, or to circumvent any system intended to protect the privacy or security of another user.
8. Each employee using the Internet facilities of the organization shall identify himself or herself honestly, accurately and completely.
9. Only those employees or officials who are duly authorized to speak to the media, to analysts or in public gatherings on behalf of the organization may speak/write in the name of the organization to any newsgroup or chat room. Other employees may participate in newsgroups or chats in the course of business when relevant to their duties, but they do so as individuals speaking only for themselves. Where an individual participant is identified as an employee or agent of this organization, the employee must refrain from any unauthorized political advocacy and must refrain from the unauthorized endorsement or appearance of endorsement by the organization of any commercial product or service.
The organization retains the copyright to any material posted to any forum, newsgroup chat or World Wide Web page by any employee in the course of his or her duties.
10. Employees are reminded that chats and newsgroups are public forums where it is inappropriate to reveal confidential information.
11. Employees releasing protected information via a newsgroup or chat -whether or not the release is inadvertent -will be subject to all penalties under in existing data security policies and procedures.
12. Use of the organization's Internet access facilities to commit infractions; such as misuse of the organization's assets or resources, sexual harassment, unauthorized public speaking and misappropriation or thefts of intellectual property are also prohibited by general policy.
13. Employees may use their Internet facilities for non-business research or browsing during mealtime or other breaks, or outside of work hours, provided that all other usage policies are adhered to.
(B) Technical
1. User IDs and passwords help maintain individual accountability for Internet resource usage. Any employee who obtains a password or ID for an Internet resource must keep that password confidential. Policy prohibits the sharing of user Ids or password obtained for access to Internet sites.
(C) Security
1. The organization has installed a variety of firewalls, proxies, Internet address screening programs and other security systems to assure the safety and security of the organization's networks. Any employee who attempts to disable, defeat or circumvent any security facility will be subject to immediate dismissal.
2. Files containing sensitive data that are transferred in any way across the Internet must be encrypted.
3. Employees are not allowed to download files.
4. Our network security policy requires that all FTP transactions and downloads be blocked except from specific workstations. However, users with a specific need for FTP or downloading may request such access in writing from the Information Networks Division.