Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
All Sarnia City Council Members have now been set up with a @sarnia.ca e-
mail account. Mark Dillon, our Corporate Manager of Information
Technology, has offered to provide training on Monday, April 10, 2017 at
2:30 p.m. in Committee Room #2, prior to the Regular Council Meeting.
If you are unable to attend the April 10th session or require additional
training, Mark is available for one-on-one training and should be contacted
at mark.dillon@sarnia.ca or 519-332-0330 extension 3246 to make
arrangements. The training will offer an overview of using the @sarnia.ca e-
mail including mobile device set-up, calendar and scheduling features.
Policy Statement
The purpose of this policy is to define standards, procedures, and
restrictions for end users who have legitimate business uses for
connecting a personally-owned mobile device to The City of Sarnias
corporate network. This mobile device policy applies, but is not limited,
to all devices and accompanying media that fit the following
classifications:
Smart phones
Other mobile/cellular phones
Tablet computers
E-readers
Portable media devices
PDAs
Portable gaming devices
Ultra-mobile PCs (UMPCs)
Laptop/notebook computers
Any mobile device capable of storing corporate data and
connecting to a network
The policy applies to any hardware and related software that is not
corporately owned or supplied, but could be used to access corporate
resources. That is, devices which all City Full time and part time Staff,
Council, contractors and other 3rd parties, hereafter referred to as
users have purchased for personal use but also wish to use in the
business environment.
Page 1 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Applicability
This policy applies to all City of Sarnia users, and agents who use
a personally-owned mobile device to access, store, back up, or
relocate any organization or client-specific data. Such access to this
confidential data is a privilege, not a right, and forms the basis of the
trust The City of Sarnia has built with its citizens, supply chain
partners and community partners. Consequently, employment at The
City of Sarnia does not automatically guarantee the initial or ongoing
ability to use these devices to gain access to corporate networks and
information.
The policy addresses a range of threats to, or related to the use of,
enterprise data:
Threat Description
Page 2 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Responsibilities
The Corporate Manager of Information Technology for The City of
Sarnia has the overall responsibility for the confidentiality, integrity,
and availability of corporate data.
Affected Technology
Connectivity of all mobile devices will be centrally managed by The
City of Sarnias IT department and will use authentication and strong
encryption measures. Although IT will not directly manage personal
devices, end users are expected to adhere to the same security
protocols when connected to non-corporate equipment. Failure to do
so will result in immediate suspension of all network access privileges
so as to protect the citys infrastructure.
Page 3 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Access Control
1. IT reserves the right to refuse, by physical and non-physical
means, the ability to connect personal mobile devices to
corporate and corporate-connected infrastructure. IT will engage
in such action if such equipment is being used in a way that puts
the citys systems, data, or users at risk.
Page 4 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Security
5. Employees using mobile devices and related software for
network and data access will, without exception, use secure data
management procedures. All mobile devices must be
protected by a strong password; a PIN is not sufficient. All
data stored on the device must be encrypted using strong
encryption. See The City of Sarnias password and encryption
policy at https://cosintranet.com for additional background.
Employees agree to never disclose their passwords to anyone,
even to family members, if business work is conducted from
home.
Page 5 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
9. Any mobile device that is being used to store City of Sarnia data
must adhere to the authentication requirements of City of
Sarnias IT department. In addition, all hardware security
configurations must be pre-approved by City of Sarnias IT
department before any enterprise data-carrying device can be
connected to the corporate network.
Page 6 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Organizational Protocol
15. IT can and will establish audit trails, which will be
accessed, published, and used without notice. Such trails will be
able to track the attachment of an external device to the
corporate network, and the resulting reports may be used for
investigation of possible breaches and/or misuse. The end user
agrees to and accepts that his or her access and/or
connection to The City of Sarnias networks may be
monitored to record dates, times, duration of access, etc.,
in order to identify unusual usage patterns or other
suspicious activity. This monitoring is necessary in order to
identify accounts/computers that may have been compromised
by external parties.
18. Every mobile device user will be entitled to, and expected
to attend, a training session about this policy. While a mobile
device user will not be granted access to corporate resources
using a mobile device without accepting the terms and
conditions of this policy, employees are entitled to decline
signing this policy if they do not understand the policy or are
uncomfortable with its contents.
Page 7 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Policy Non-Compliance
Failure to comply with the Personal Mobile Device Acceptable Use
Policy may, at the full discretion of the organization, result in the
suspension of any or all technology use and connectivity
privileges, disciplinary action, and possibly termination of
employment.
Page 8 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Employee Declaration
Page 9 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Page 10 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Acceptable Use Policy
Revision History
Page 11 of 11
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Remote Wipe Waiver
Policy Statement
The purpose of this waiver is to define remote wipe technology and to
ensure that employees understand and agree to using it in the event
that a remote wipe is necessary. This waiver is to be signed in
conjunction with the Personal Mobile Device Acceptable Use Policy.
The overriding goal of this policy is to protect the integrity of The City
of Sarnias data, as outlined in the Personal Mobile Device Acceptable
Use Policy found at https://cosintranet.com. Therefore, all users
employing a mobile device that has been connected to City of Sarnias
corporate network, and/or capable of backing up, storing, or otherwise
accessing corporate data of any type, must agree to this remote wipe
waiver.
Applicability
This waiver applies to the same devices and users outlined in the
Personal Mobile Device Acceptable Use Policy.
Remote Wipe
When a remote wipe is initiated by the IT department, the users
mobile device will be wiped of all data and restored to its factory
Page 1 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Remote Wipe Waiver
Page 2 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Remote Wipe Waiver
Employee Declaration
I, [ ], have read and understand the above
Personal Mobile Device Remote Wipe Waiver, and consent to have my
device wiped if City of Sarnias IT department deems it necessary.
Page 3 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Remote Wipe Waiver
Page 4 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Personal Mobile Device
Remote Wipe Waiver
Revision History
Page 5 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Approved Mobile Device List
Purpose
The purpose of this policy is to define a range of standard mobile devices approved
for connection and use on the City of Sarnias network for business purposes.
Providing this list enables staff to be familiar with supporting users on this device
list as well as ensuring that devices connecting to the City of Sarnias network
follow standard security practices and are up to date.
Scope
All devices issued by the City of Sarnia to users must fall within the acceptable
parameters listed below. Additionally, any device connected under the Personal
Mobile Device Acceptable Use Policy will be verified as part of that policy to
comply with these same standards.
Any personal device that meets all of the above requirements is eligible to be
connected to the Citys network through the Personal Mobile Device Acceptable
Use Policy.
1 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Approved Mobile Device List
The following is a list of City owned devices that can be supplied by the City of
Sarnia to eligible users:
Policy Statements
The follow policies apply to city owned and managed devices
1. Devices should not be tampered with in any way that prevents their normal
operation which includes but is not limited to (custom firmware, rooting, jail-
breaking, adding storage media or personal SIM cards)
2. Location services are to be kept on at all times
3. Devices will be encrypted when assigned, tampering with or removing
encryption is prohibited
4. Devices will be required to have a lock screen and password setup
5. Updates should be applied as they become available
6. If any assistance is needed in maintenance or setup of your city owned
device please contact IT or email it@sarnia.ca for assistance
The following policies apply to personally owned devices that are approved to be
connected to the citys network
1. Per the Personal Mobile Device Acceptable Use Policy and the Personal
Mobile Device Remote Wipe Waiver city IT staff will have the ability and
authority to remotely administrate, locate and wipe your personal device
2. It is your responsibility to keep your device within the guidelines of this
document. If you are unable to do so please contact IT or email it@sarnia.ca
for assistance, failure to do so will result in suspension of access
3. If you are unsure if youre device meets the requirements in this document
please contact IT or email it@sarnia.ca and setup an appointment
2 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Approved Mobile Device List
Non-Compliance
Violations of this policy will be treated like other allegations of wrongdoing at The
City of Sarnia. Allegations of misconduct will be adjudicated according to
established procedures. Sanctions for non-compliance may include, but are not
limited to, one or more of the following:
3 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Approved Mobile Device List
Employee Declaration
4 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Approved Mobile Device List
5 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Approved Mobile Device List
Revision History
6 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Password Policy
Purpose
The purpose of this policy is to define requirements and procedures surrounding
authorized access of protected information held by the City of Sarnia.
Passwords are the primary form of user authentication used to grant access to The
City of Sarnias information systems. To ensure that passwords provide as much
security as possible, they must be carefully created and used. Without strict usage
guidelines, the potential exists that passwords will be created that are easy to
break, thus allowing easier illicit access to The City of Sarnias information
systems, and thereby compromising the security of those systems.
Scope
Every individual with privileged access to The City of Sarnias information systems
via username, password, token or otherwise will be covered under this policy.
1 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Password Policy
Policy Statements
The following policies apply to all privileged access controls:
Non-Compliance
Violations of this policy will be treated like other allegations of wrongdoing at The
City of Sarnia. Allegations of misconduct will be adjudicated according to
established procedures. Sanctions for non-compliance may include, but are not
limited to, one or more of the following:
2 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Password Policy
Employee Declaration
3 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Password Policy
4 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Password Policy
Revision History
5 of 5
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Anti-Virus Policy
Purpose
A virus is a piece of potentially malicious programming code that will cause some
unexpected or undesirable event. Viruses can be transmitted via email or instant
messaging attachments, downloadable Internet files, and portable media. Viruses
are usually disguised as something else, and so their presence is not always
obvious to the computer user. A virus infection can be very costly to The City of
Sarnia in terms of lost data, lost staff productivity, and/or lost reputation.
Scope
This policy applies to all computers that are connected to the City of Sarnias
network via a standard network connection, wireless connection, modem
connection, or virtual private network connection. This includes both city-owned
computers and personally-owned computers attached to the Citys network. The
definition of computers includes desktop workstations, laptop computers, handheld
computing devices, and servers.
Policy Statements
1. Currently, The City of Sarnia has Kaspersky anti-virus for both client and
server machines. Licensed copies of Kaspersky can be obtained by
contacting the IT department. The most current available version of the anti-
virus software package will be taken as the default standard.
1 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Anti-Virus Policy
2. All computers attached to the City of Sarnias network must have standard,
supported anti-virus software installed. This software must be active,
scheduled to perform virus checks at regular intervals no greater than 24
hours, and have its virus definition files kept up to date.
Relevant Procedures
1. Always run the standard anti-virus software provided by Kaspersky.
3. Never open any files or macros attached to an email from a known source
(even a co-worker) if you were not expecting a specific attachment from that
source.
5. Many executable files, zip files and other files with a large potential to do
harm are automatically blocked by our email spam service. If you need
access to a legitimate file that was emailed to you but stripped from the
email please contact IT for assistance.
2 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Anti-Virus Policy
7. Avoid direct portable drive (e.g. memory stick) sharing with read/write
access. Always scan a portable drive for viruses before using it.
9. Avoid storing critical data on portable storage or local storage (your C drive).
Always store critical data on a network share so that it will be backed up in
case it is damage, or encrypted by a malicious program.
Non-Compliance
Violations of this policy will be treated like other allegations of wrongdoing at the
City of Sarnia. Allegations of misconduct will be adjudicated according to
established procedures. Sanctions for non-compliance may include, but are not
limited to, one or more of the following:
3 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Anti-Virus Policy
Agreement
4 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Anti-Virus Policy
5 of 6
City of Sarnia IT Department
City of Sarnia
Information Technology Policy
Anti-Virus Policy
Revision History
6 of 6
City of Sarnia IT Department