Memo To Council - Sarnia - Ca E-Mail Addresses and Sign-Off On IT Policies...

DEPARTMENT CORRESPONDENCE
People Serving People
TO: Members of Sarnia City Council
FROM: Margaret Misek-Evans, City Manager
DATE: March 31, 2017
RE: Sarnia.ca e-mail accounts

Sign-off on Information Technology Policies
All Sarnia City Council Members have now been set up with a @sarnia.ca e-
mail account. Mark Dillon, our Corporate Manager of Information
Technology, has offered to provide training on Monday, April 10, 2017 at
2:30 p.m. in Committee Room #2, prior to the Regular Council Meeting.
If you are unable to attend the April 10th session or require additional
training, Mark is available for one-on-one training and should be contacted
at mark.dillon@sarnia.ca or 519-332-0330 extension 3246 to make
arrangements. The training will offer an overview of using the @sarnia.ca e-
mail including mobile device set-up, calendar and scheduling features.
By Monday, May 8, 2017, we expect Members of Council to use the Sarnia e-

mail account for all City business. City staff will be directed to communicate
with Council through their Sarnia e-mail account; this includes Council
agenda distribution, media releases and any memos to Council. A Council
Events Calendar will also be set up in Outlook, which all council members
will have access to.
Secondly, we have enclosed the following Information Technology Policies:

Personal Mobile Device Acceptable Use Policy, Remote Wipe Policy and
Waiver, Approved Mobile Device List, Password Policy and Anti-Virus Policy.
Mark will provide an overview of all the policies at the April 10th training
session. We request that you please sign-off on the policies and return them
to Amy Burkhart, Clerks Department by Tuesday, April 18, 2017. Questions
or concerns regarding these policies should be directed to me.
We thank you for your cooperation on these matters.
Attachments: Personal Mobile Device Acceptable Use Policy

Remote Wipe Policy and Waiver
Approved Mobile Device List
Password Policy
Anti-Virus Policy
Copy: Mark Dillon

City Management Group
Amy Burkhart
Katarina Ovens
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Policy Owner Information Technology Department
Policy Approver(s) Information Technology Steering Committee
Related Policies N/A
Related Procedures N/A
Storage Location http://cosintranet.com
Effective Date February 1st, 2017
Next Review Date January 2nd, 2018
Policy Statement
The purpose of this policy is to define standards, procedures, and
restrictions for end users who have legitimate business uses for
connecting a personally-owned mobile device to The City of Sarnias
corporate network. This mobile device policy applies, but is not limited,
to all devices and accompanying media that fit the following
classifications:
Smart phones
Other mobile/cellular phones
Tablet computers
E-readers
Portable media devices
PDAs
Portable gaming devices
Ultra-mobile PCs (UMPCs)
Laptop/notebook computers
Any mobile device capable of storing corporate data and
connecting to a network
The policy applies to any hardware and related software that is not
corporately owned or supplied, but could be used to access corporate
resources. That is, devices which all City Full time and part time Staff,
Council, contractors and other 3rd parties, hereafter referred to as
users have purchased for personal use but also wish to use in the
business environment.
The overriding goal of this policy is to protect the integrity of the

confidential client and business data that resides within City of Sarnias
technology infrastructure. This policy intends to prevent this data from
being deliberately or inadvertently stored insecurely on a mobile
Page 1 of 11
City of Sarnia IT Department
City of Sarnia
device or carried over an insecure network where it could potentially

be accessed by unsanctioned resources. A breach of this type could
result in loss of information, damage to critical applications, loss of
revenue, and damage to the Citys public image. Therefore, all users
employing a mobile device connected to The City of Sarnias corporate
network, and/or capable of backing up, storing, or otherwise accessing
corporate data of any type, must adhere to city-defined processes for
doing so.
Applicability
This policy applies to all City of Sarnia users, and agents who use
a personally-owned mobile device to access, store, back up, or
relocate any organization or client-specific data. Such access to this
confidential data is a privilege, not a right, and forms the basis of the
trust The City of Sarnia has built with its citizens, supply chain
partners and community partners. Consequently, employment at The
City of Sarnia does not automatically guarantee the initial or ongoing
ability to use these devices to gain access to corporate networks and
information.
The policy addresses a range of threats to, or related to the use of,
enterprise data:
Threat Description
Device Devices used to transfer or transport work files could be

Loss lost or stolen.
Sensitive corporate data is deliberately stolen and sold by

Data Theft
an employee or unsanctioned third party.
Viruses, Trojans, worms, spyware and other threats could

Malware
be introduced via a mobile device.
Compliance Loss or theft of financial and/or personal and confidential

data could expose the enterprise to the risk of non-
Page 2 of 11
City of Sarnia
compliance with various identity theft and privacy laws.
Addition of new hardware, software, and/or related components to

provide additional mobile device connectivity will be managed at the
sole discretion of IT. Non-sanctioned use of mobile devices to
back up, store, and otherwise access any enterprise-related
data is strictly forbidden.
This policy is complementary to any previously implemented policies

dealing specifically with data access, data storage, data movement,
and connectivity of devices to any element of the enterprise network.
Responsibilities
The Corporate Manager of Information Technology for The City of
Sarnia has the overall responsibility for the confidentiality, integrity,
and availability of corporate data.
Other information technology staff members under the direction of the

Corporate Manager of Information Technology are responsible for
following the procedures and policies within information technology
and information systems.
All City of Sarnia employees are responsible to act in accordance with

city policies and procedures.
Affected Technology
Connectivity of all mobile devices will be centrally managed by The
City of Sarnias IT department and will use authentication and strong
encryption measures. Although IT will not directly manage personal
devices, end users are expected to adhere to the same security
protocols when connected to non-corporate equipment. Failure to do
so will result in immediate suspension of all network access privileges
so as to protect the citys infrastructure.
Page 3 of 11
City of Sarnia
Policy and Appropriate Use

It is the responsibility of any employee of The City of Sarnia who uses
a mobile device to access corporate resources to ensure that all
security protocols normally used in the management of data on
conventional storage infrastructure are also applied here. It is
imperative that any mobile device that is used to conduct City of
Sarnia business be utilized appropriately, responsibly, and ethically.
Failure to do so will result in immediate suspension of that users
account. Based on this requirement, the following rules must be
observed:
Access Control
1. IT reserves the right to refuse, by physical and non-physical
means, the ability to connect personal mobile devices to
corporate and corporate-connected infrastructure. IT will engage
in such action if such equipment is being used in a way that puts
the citys systems, data, or users at risk.
2. Prior to initial use on the corporate network or related

infrastructure, all mobile devices must be approved by IT.
The City of Sarnia will maintain a list of approved mobile devices
and related software applications and utilities. Devices that are
not on this list, found at: https://cosintranet.com may not be
connected to corporate infrastructure. If your preferred device
does not appear on this list, contact the helpdesk at
it@sarnia.ca. Although IT currently allows only listed devices to
be connected to enterprise infrastructure, it reserves the right to
update this list in future.
3. End users who wish to connect such devices to non-corporate

network infrastructure to gain access to enterprise data must
employ, for their devices and related infrastructure, security
measures deemed necessary by the IT department. Enterprise
data is not to be accessed on any hardware that fails to meet
The City of Sarnias established enterprise IT security standards.
4. All personal mobile devices attempting to connect to the

corporate network through the Internet will be inspected using
technology centrally managed by The City of Sarnias IT
Page 4 of 11
City of Sarnia
department. Devices that have not been previously approved by

IT, are not in compliance with ITs security policies, or represent
any threat to the corporate network or data will not be allowed
to connect. Devices may only access the corporate network and
data through Virtual Private Network (VPN) connection. The VPN
portal will be provided to users as required. Smart mobile
devices such as smart phones, tablets, and UMPCs will access
the corporate network and data using mobile ActiveSync or VPN
software installed on the device by IT.
Security
5. Employees using mobile devices and related software for
network and data access will, without exception, use secure data
management procedures. All mobile devices must be
protected by a strong password; a PIN is not sufficient. All
data stored on the device must be encrypted using strong
encryption. See The City of Sarnias password and encryption
policy at https://cosintranet.com for additional background.
Employees agree to never disclose their passwords to anyone,
even to family members, if business work is conducted from
home.
6. All users of mobile devices must employ reasonable physical

security measures. End users are expected to secure all such
devices whether or not they are actually in use and/or being
carried. This includes, but is not limited to, passwords,
encryption, and physical control of such devices whenever they
contain enterprise data.
7. Any non-corporate computers used to synchronize with these

devices will have installed up-to-date anti-virus and anti-
malware software deemed necessary by City of Sarnias IT
department. See anti-virus policy at https://cosintranet.com for
anti-virus requirements and recommendations.
8. Passwords and other confidential data as defined by The City of

Sarnias IT department are not to be stored unencrypted on
mobile devices.
Page 5 of 11
City of Sarnia
9. Any mobile device that is being used to store City of Sarnia data
must adhere to the authentication requirements of City of
Sarnias IT department. In addition, all hardware security
configurations must be pre-approved by City of Sarnias IT
department before any enterprise data-carrying device can be
connected to the corporate network.
10. IT will manage security policies, network, application, and

data access centrally using whatever technology solutions it
deems suitable. Any attempt to contravene or bypass that
security implementation will be deemed an intrusion
attempt and will be dealt with in accordance with City of
Sarnias overarching security policy.
11. Users will follow all enterprise-sanctioned data removal

procedures to permanently erase city-specific data from
such devices once its use is no longer required. See
(pending unwritten procedure) for detailed data wipe procedures
for mobile devices.
12. In the event of a lost or stolen mobile device, it is

incumbent on the user to report the incident to IT immediately.
The device will be remotely wiped of all data and locked to
prevent access by anyone other than IT. If the device is
recovered, it can be submitted to IT for re-provisioning. The
remote wipe will destroy all data on the device, whether it
is related to city business or personal. The City of Sarnia Remote
Wipe Waiver, which ensures that the user understands that their
personal data may be erased in the rare event of a security
breach, must be agreed with before connecting the device to
corporate resources.
Help & Support

13. IT reserves the right, through policy enforcement and any
other means it deems necessary, to limit the ability of end users
to transfer data to and from specific resources on the enterprise
network.
14. Users will make no modifications to the hardware or

software that change the nature of the device in a significant
Page 6 of 11
City of Sarnia
way (e.g. replacing or overriding the operating system) without

the express approval of The City of Sarnias IT department.
Organizational Protocol
15. IT can and will establish audit trails, which will be
accessed, published, and used without notice. Such trails will be
able to track the attachment of an external device to the
corporate network, and the resulting reports may be used for
investigation of possible breaches and/or misuse. The end user
agrees to and accepts that his or her access and/or
connection to The City of Sarnias networks may be
monitored to record dates, times, duration of access, etc.,
in order to identify unusual usage patterns or other
suspicious activity. This monitoring is necessary in order to
identify accounts/computers that may have been compromised
by external parties.
16. The end user agrees to immediately report to his/her

manager and The City of Sarnias IT department any incident
or suspected incidents of unauthorized data access, data
loss, and/or disclosure of city resources, databases, networks,
etc.
17. The City of Sarnia will not reimburse employees if they

choose to purchase their own mobile devices. Users will not be
allowed to expense mobile network usage costs.
18. Every mobile device user will be entitled to, and expected
to attend, a training session about this policy. While a mobile
device user will not be granted access to corporate resources
using a mobile device without accepting the terms and
conditions of this policy, employees are entitled to decline
signing this policy if they do not understand the policy or are
uncomfortable with its contents.
19. Any questions relating to this policy should be directed to

the Corporate Manager of Information Technology, at 519-332-
0527 x 3246 or it@sarnia.ca. A copy of this policy, and related
policies and procedures, can be found at (pending
documentation website).
Page 7 of 11
City of Sarnia
Policy Non-Compliance
Failure to comply with the Personal Mobile Device Acceptable Use
Policy may, at the full discretion of the organization, result in the
suspension of any or all technology use and connectivity
privileges, disciplinary action, and possibly termination of
employment.
The (i) Corporate Manager of Information Technology, (ii) City

Manager, (iii) Corporate Manager of Human Resources and (iv)
Director of Finance will be advised of breaches of this policy and will be
responsible for appropriate remedial action.
Page 8 of 11
City of Sarnia
Employee Declaration
I, [ ], have read and understand the above

Personal Mobile Device Acceptable Use Policy, and consent to adhere
to the rules outlined therein.
Employee Signature Date
Manager Signature Date
IT Administrator Signature Date
Page 9 of 11
City of Sarnia
Volunteer and Council Declaration

Personal Mobile Device Acceptable Use Policy, and consent to adhere
to the rules outlined therein.
Incumbent Signature Date
City Manager Signature Date
Page 10 of 11
City of Sarnia
Revision History
Version Date of Author Rationale

ID Change
1.0 2017-01-13 Mark Dillon (Corporate Document
Manager of IT) created
Page 11 of 11
City of Sarnia
Remote Wipe Waiver

Policy
Information Technology Steering Committee
Approver(s)
Related
N/A
Procedures
Storage
http://cosintranet.com
Location
Next Review
January 2nd, 2018
Date
Policy Statement
The purpose of this waiver is to define remote wipe technology and to
ensure that employees understand and agree to using it in the event
that a remote wipe is necessary. This waiver is to be signed in
conjunction with the Personal Mobile Device Acceptable Use Policy.
The overriding goal of this policy is to protect the integrity of The City
of Sarnias data, as outlined in the Personal Mobile Device Acceptable
Use Policy found at https://cosintranet.com. Therefore, all users
employing a mobile device that has been connected to City of Sarnias
corporate network, and/or capable of backing up, storing, or otherwise
accessing corporate data of any type, must agree to this remote wipe
waiver.
Applicability
This waiver applies to the same devices and users outlined in the
Personal Mobile Device Acceptable Use Policy.
Employees who do not wish to connect their personal mobile devices

to The City of Sarnias resources are free to refuse to sign this waiver.
The waiver only applies to employees and devices that have accessed
city resources.
Remote Wipe
When a remote wipe is initiated by the IT department, the users
mobile device will be wiped of all data and restored to its factory
Page 1 of 5
City of Sarnia
Remote Wipe Waiver
default settings. The wipe is not limited to corporate data. Data

that the employee has added to the device for personal use will also be
deleted. This data is not recoverable on the device itself, but can
usually be restored from a backup on another device (e.g. a personal
computer) if the mobile device remains in or returns to the users
possession, or a new device is able to store the backup. It is
recommended that users back up their personal data frequently
to minimize loss if a remote wipe is necessary.
A remote wipe will only be initiated if IT deems it absolutely necessary.

Examples of situations requiring remote wipe include, but are not
limited to:
Theft of the device.

Loss of the device.
Termination of employment in which the user has not already
cleared corporate data by another method.
Page 2 of 5
City of Sarnia
Remote Wipe Waiver
Personal Mobile Device Remote Wipe Waiver, and consent to have my
device wiped if City of Sarnias IT department deems it necessary.
Page 3 of 5
City of Sarnia
Remote Wipe Waiver

Personal Mobile Device Remote Wipe Waiver, and consent to adhere to
the rules outlined therein.
Page 4 of 5
City of Sarnia
Remote Wipe Waiver
Revision History
Version Date of Author Rationale

ID Change
1.0 2017-01-13 Mark Dillon (Corporate Document
Manager of IT) created
Page 5 of 5
City of Sarnia

Policy
Approver(s)
Related
N/A
Procedures
Storage
Location
Next Review
January 2nd, 2018
Date
Purpose
The purpose of this policy is to define a range of standard mobile devices approved
for connection and use on the City of Sarnias network for business purposes.
Providing this list enables staff to be familiar with supporting users on this device
list as well as ensuring that devices connecting to the City of Sarnias network
follow standard security practices and are up to date.
Scope
All devices issued by the City of Sarnia to users must fall within the acceptable
parameters listed below. Additionally, any device connected under the Personal
Mobile Device Acceptable Use Policy will be verified as part of that policy to
comply with these same standards.
All devices must be capable of:

Device must be in the current support list for their operating system. Device
providers tend to stop support after 2-3 years but this is not always the case
Device must be running the most current stable release, or one prior version
of the devices operating system
Device must have remote wipe capabilities
Device must not tampered with in a way that modifies their behavior from
their stock operating system (rooting, jail-breaking, custom firmware, etc)
Device must be capable of performing full encryption
Any personal device that meets all of the above requirements is eligible to be
connected to the Citys network through the Personal Mobile Device Acceptable
Use Policy.
1 of 6
City of Sarnia
The following is a list of City owned devices that can be supplied by the City of
Sarnia to eligible users:
# OS Type Manufacturer(s) Supported devices

1 iOS Apple iPhone 7, iPhone 7 plus, iPhone 6s,
iPhone 6s plus, iPhone SE
2 Android Blackberry, Google, Blackberry (Priv, DTEK50); Google
OnePlus, Sonim (Pixel, Pixel XL); Sonim (XP7):
3 BB 10 Blackberry Q20 (Classic)
Policy Statements
The follow policies apply to city owned and managed devices
1. Devices should not be tampered with in any way that prevents their normal
operation which includes but is not limited to (custom firmware, rooting, jail-
breaking, adding storage media or personal SIM cards)
2. Location services are to be kept on at all times
3. Devices will be encrypted when assigned, tampering with or removing
encryption is prohibited
4. Devices will be required to have a lock screen and password setup
5. Updates should be applied as they become available
6. If any assistance is needed in maintenance or setup of your city owned
device please contact IT or email it@sarnia.ca for assistance
The following policies apply to personally owned devices that are approved to be
connected to the citys network
1. Per the Personal Mobile Device Acceptable Use Policy and the Personal
Mobile Device Remote Wipe Waiver city IT staff will have the ability and
authority to remotely administrate, locate and wipe your personal device
2. It is your responsibility to keep your device within the guidelines of this
document. If you are unable to do so please contact IT or email it@sarnia.ca
for assistance, failure to do so will result in suspension of access
3. If you are unsure if youre device meets the requirements in this document
please contact IT or email it@sarnia.ca and setup an appointment
2 of 6
City of Sarnia
Non-Compliance
Violations of this policy will be treated like other allegations of wrongdoing at The
City of Sarnia. Allegations of misconduct will be adjudicated according to
established procedures. Sanctions for non-compliance may include, but are not
limited to, one or more of the following:
1. Disciplinary action according to applicable City of Sarnia policies;

2. Termination of employment; and/or
3. Legal action according to applicable laws and contractual agreements.
3 of 6
City of Sarnia
I, [ ] have read and understand the Approved Mobile Device

List Policy. I understand that if I violate the rules explained herein, I may face
legal or disciplinary action according to applicable laws or company policy.
4 of 6
City of Sarnia
I, [ ], have read and understand the above Approved mobile

device list, and consent to adhere to the rules outlined therein.
5 of 6
City of Sarnia
Revision History
Version ID Date of Author Rationale

Change
1.0 2017-01-17 Mark Dillon (Corporate Manager Document created
of IT)
1.1 2017-03-22 Mark Dillon (Corporate Manager Remove OnePlus
of IT) from approved
phone list (Bell
does not carry
this)
6 of 6
City of Sarnia
Password Policy

Policy
Approver(s)
Related
N/A
Procedures
Storage
Location
Next Review
January 2nd, 2018
Date
Purpose
The purpose of this policy is to define requirements and procedures surrounding
authorized access of protected information held by the City of Sarnia.
Passwords are the primary form of user authentication used to grant access to The
City of Sarnias information systems. To ensure that passwords provide as much
security as possible, they must be carefully created and used. Without strict usage
guidelines, the potential exists that passwords will be created that are easy to
break, thus allowing easier illicit access to The City of Sarnias information
systems, and thereby compromising the security of those systems.
Scope
Every individual with privileged access to The City of Sarnias information systems
via username, password, token or otherwise will be covered under this policy.
This Password Policy applies to all information systems, information components,

and technology users of The City of Sarnia. Any privileged access through means
of what you know (username, password, pin, etc.) and what you have (phone,
USB key, token, physical key, swipe card) is within scope of this policy. Examples
of systems for which authorized access is granted is as follows, but is not limited
to:
Mainframes, servers, and other devices that provide centralized computing

capabilities.
SAN, NAS, and other devices that provide centralized storage capabilities.
Desktops, laptops, smart phones, tablets, and other devices that provide
distributed computing capabilities.
Routers, switches, and other devices that provide network capabilities.
1 of 5
City of Sarnia
Password Policy
Firewalls, sensors, and other devices that provide dedicated security

capabilities.
Cloud services, including but not limited to, infrastructure as a service,
platform as a service, and/or software as a service.
Physical access controls and surveillance equipment
Field equipment, PLCs and other IoT (internet of things) devices.
Policy Statements
The following policies apply to all privileged access controls:
1. Passwords must be constructed according to set length and complexity

requirements. As such, passwords must be at least 13 characters in length,
there are no other special requirements.
2. Passwords will have a maximum lifespan. As such, passwords must be
replaced at an interval of 90 days.
3. Passwords may not be reused any more frequently than every 3rdpassword
refreshes. Reuse includes the use of the exact same password or the use of a
very similar password.
4. Passwords are to be used and stored in a secure manner. As such, passwords
are not to be written down or stored electronically if unencrypted. Passwords
are to be obscured during entry into information system login screens and are
to be transmitted in an encrypted format.
5. Passwords are to be individually owned and kept confidential and are not to
be shared under any circumstances.
Non-Compliance
Violations of this policy will be treated like other allegations of wrongdoing at The

2 of 5
City of Sarnia
Password Policy
I, [ ] have read and understand the IT password policy. I

understand that if I violate the rules explained herein, I may face legal or
disciplinary action according to applicable laws or company policy.
3 of 5
City of Sarnia
Password Policy
I, [ ], have read and understand the above Password

Policy, and consent to adhere to the rules outlined therein.
4 of 5
City of Sarnia
Password Policy
Revision History

Change
1 2017-01-17 Mark Dillon (Corporate Manager Document created
of IT)
5 of 5
City of Sarnia
Anti-Virus Policy

Policy
Approver(s)
Related
N/A
Procedures
Storage
Location
Next Review
January 2nd, 2018
Date
Purpose
A virus is a piece of potentially malicious programming code that will cause some
unexpected or undesirable event. Viruses can be transmitted via email or instant
messaging attachments, downloadable Internet files, and portable media. Viruses
are usually disguised as something else, and so their presence is not always
obvious to the computer user. A virus infection can be very costly to The City of
Sarnia in terms of lost data, lost staff productivity, and/or lost reputation.
As a result, one of the goals of The City of Sarnia is to provide a computing

network that is virus-free. The purpose of this policy is to provide instructions on
measures that must be taken by City of Sarnia employees to help achieve effective
virus detection and prevention.
Scope
This policy applies to all computers that are connected to the City of Sarnias
network via a standard network connection, wireless connection, modem
connection, or virtual private network connection. This includes both city-owned
computers and personally-owned computers attached to the Citys network. The
definition of computers includes desktop workstations, laptop computers, handheld
computing devices, and servers.
Policy Statements
1. Currently, The City of Sarnia has Kaspersky anti-virus for both client and
server machines. Licensed copies of Kaspersky can be obtained by
contacting the IT department. The most current available version of the anti-
virus software package will be taken as the default standard.
1 of 6
City of Sarnia
Anti-Virus Policy
2. All computers attached to the City of Sarnias network must have standard,
supported anti-virus software installed. This software must be active,
scheduled to perform virus checks at regular intervals no greater than 24
hours, and have its virus definition files kept up to date.
3. Any activities with the intention to create and/or distribute malicious

programs onto the City of Sarnias network (e.g. viruses, worms, Trojan
horses, email bombs, etc.) are strictly prohibited.
4. If an employee receives what he/she believes to be a virus or suspects that

a computer is infected with a virus, it must be reported to the IT department
immediately at it@sarnia.ca. Report the following information (if known):
virus name, extent of infection, source of virus, and potential recipients of
infected material.
5. No employee should attempt to destroy or remove a virus, or any evidence

of that virus, without direction from the IT department.
6. Any virus-infected computer will be removed from the network until it is

verified as virus-free.
Relevant Procedures
1. Always run the standard anti-virus software provided by Kaspersky.
2. Never open any files or macros attached to an email from an unknown,

suspicious, or untrustworthy source.
3. Never open any files or macros attached to an email from a known source
(even a co-worker) if you were not expecting a specific attachment from that
source.
4. Be suspicious of email messages containing links to unknown websites. It is

possible that the link is a malicious executable (.exe) file disguised as a link.
Do not click on a link sent to you if you were not expecting a specific link.
5. Many executable files, zip files and other files with a large potential to do
harm are automatically blocked by our email spam service. If you need
access to a legitimate file that was emailed to you but stripped from the
email please contact IT for assistance.
6. Never copy, download, or install files from unknown, suspicious, or

untrustworthy sources or removable media.
2 of 6
City of Sarnia
Anti-Virus Policy
7. Avoid direct portable drive (e.g. memory stick) sharing with read/write
access. Always scan a portable drive for viruses before using it.
8. If instructed to delete email messages believed to contain a virus, be sure to

also delete the message from your Deleted Items or Trash folder.
9. Avoid storing critical data on portable storage or local storage (your C drive).
Always store critical data on a network share so that it will be backed up in
case it is damage, or encrypted by a malicious program.
10. Regularly update virus protection on personally-owned home

computers that are used for business purposes. This includes installing
recommended security patches for the operating system and other
applications that are in use.
Non-Compliance
Violations of this policy will be treated like other allegations of wrongdoing at the

3 of 6
City of Sarnia
Anti-Virus Policy
Agreement
I[ ] have read and understand the anti-virus policy. I

understand that if I violate the rules explained herein, I may face legal or
disciplinary action according to applicable laws or city policy.
4 of 6
City of Sarnia
Anti-Virus Policy
I, [ ], have read and understand the above Anti-Virus

Policy, and consent to adhere to the rules outlined therein.
5 of 6
City of Sarnia
Anti-Virus Policy
Revision History

Change
1.0 2017-01-17 Mark Dillon (Corporate Manager Policy creation
of IT)
1.1 2017-03-22 Mark Dillon (Corporate Manager Remove promise to
of IT) recover stripped
files from emails
(Relevant
procedures #5).
We are currently
not capable of
doing this.
6 of 6

Memo To Council - Sarnia - Ca E-Mail Addresses and Sign-Off On IT Policies...

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Memo To Council - Sarnia - Ca E-Mail Addresses and Sign-Off On IT Policies...

Caricato da

Copyright:

Formati disponibili

DEPARTMENT CORRESPONDENCE

People Serving People

TO: Members of Sarnia City Council

FROM: Margaret Misek-Evans, City Manager

DATE: March 31, 2017

RE: Sarnia.ca e-mail accounts

By Monday, May 8, 2017, we expect Members of Council to use the Sarnia e-

Secondly, we have enclosed the following Information Technology Policies:

We thank you for your cooperation on these matters.

Attachments: Personal Mobile Device Acceptable Use Policy

Copy: Mark Dillon

The overriding goal of this policy is to protect the integrity of the

device or carried over an insecure network where it could potentially

Device Devices used to transfer or transport work files could be

Sensitive corporate data is deliberately stolen and sold by

Viruses, Trojans, worms, spyware and other threats could

Compliance Loss or theft of financial and/or personal and confidential

compliance with various identity theft and privacy laws.

Addition of new hardware, software, and/or related components to

This policy is complementary to any previously implemented policies

Other information technology staff members under the direction of the

All City of Sarnia employees are responsible to act in accordance with

Policy and Appropriate Use

2. Prior to initial use on the corporate network or related

3. End users who wish to connect such devices to non-corporate

4. All personal mobile devices attempting to connect to the

department. Devices that have not been previously approved by

6. All users of mobile devices must employ reasonable physical

7. Any non-corporate computers used to synchronize with these

8. Passwords and other confidential data as defined by The City of

10. IT will manage security policies, network, application, and

11. Users will follow all enterprise-sanctioned data removal

12. In the event of a lost or stolen mobile device, it is

Help & Support

14. Users will make no modifications to the hardware or

way (e.g. replacing or overriding the operating system) without

16. The end user agrees to immediately report to his/her

17. The City of Sarnia will not reimburse employees if they

19. Any questions relating to this policy should be directed to

The (i) Corporate Manager of Information Technology, (ii) City

I, [ ], have read and understand the above

Employee Signature Date

Manager Signature Date

IT Administrator Signature Date

Volunteer and Council Declaration

I, [ ], have read and understand the above

Incumbent Signature Date

City Manager Signature Date

IT Administrator Signature Date

Version Date of Author Rationale

Policy Owner Information Technology Department

Employees who do not wish to connect their personal mobile devices

default settings. The wipe is not limited to corporate data. Data

A remote wipe will only be initiated if IT deems it absolutely necessary.

Theft of the device.

Employee Signature Date

Manager Signature Date

IT Administrator Signature Date

Volunteer and Council Declaration

Incumbent Signature Date

City Manager Signature Date

IT Administrator Signature Date

Version Date of Author Rationale