Quick Jump:  

Home
Up
Computer Q & A
Update Signup
EW Specific Tips
Links
Calendar
ETC Task Force
Spreadsheet Budgets
Contact Us
Site Map 

                 ND DHS E-mail Policy

 

Purpose

The North Dakota Department of Human Services’ (ND DHS) mission is to provide quality, efficient and effective human services, which improve the lives of people.  Electronic mail (e-mail) is a valuable tool that helps ND DHS accomplish this mission. This policy statement provides specific instructions on the ways to secure e-mail on the ND DHS personal computers and servers.

Scope 

The following guidelines apply to ND DHS employees and contractors and cover e-mail located on ND DHS personal computers and servers. The policy applies to stand-alone personal computers with dial-up modems as well as those attached to networks. 

Specific Policy

Company property

As a productivity enhancement tool, ND DHS encourages the use of electronic communication (voice mail, e-mail, and fax). E-mail and all messages generated on or handled by electronic communications systems, including back-up copies, are considered property of ND DHS, and are not the property of users of the e-mail.

Authorized usage

            ND DHS e-mail must be used only for business activities. Users are forbidden from using e-mail for charitable endeavors, private business activities, or amusement/entertainment purposes unless expressly approved by ND DHS. Employees are reminded that the use of government resources, including e-mail, should never create either the appearance or the reality of inappropriate use. The forwarding of jokes, chain letters, and similar items are prohibited.

Default privileges

            Employee privileges on e-mail must be assigned so that only those capabilities necessary to perform a job are granted. Any requests for further permission that needs to be granted must have the approval of the program director before being submitted to the Division of Information Technology (DoIT).

User separation

            The e-mail system must provide the ability to separate the activities of different users. For example, e-mail must employ unique user IDs and passwords to identify the communications and activity of a user. Generic accounts should not be used, as they do not identify the user. All ND DHS staff and authorized contractors must have unique usernames and passwords to access the e-mail system.

User accountability

            Regardless of the circumstances, individual passwords must never be shared or revealed to anyone else besides the authorized user. To do so exposes the authorized user to responsibility for actions the other party takes with the password. If users need to share computer resident data, they should utilize message-forwarding, public directories on servers, or other authorized information-sharing mechanisms. To prevent unauthorized parties from obtaining access to their own e-mail, users must choose passwords that are difficult to guess (not a dictionary word, not a personal detail, and not a reflection of work activities). 

No default protection

            Employees are reminded the ND DHS e-mail system is not encrypted by default. Encryption is translation of data into a secret code. To read an encrypted file, you must have access to a secret key that enables you to decrypt or read it. Encryption cannot be implemented if e-mail is sent outside of the ND DHS Lotus Notes network.

Respecting privacy rights

            Employees may not intercept or disclose, or assist in intercepting or disclosing, e-mail. ND DHS is committed to respecting the rights of its employees, including their reasonable expectation of privacy. However, ND DHS also is responsible for servicing and protecting its e-mail network. To accomplish this, it is occasionally necessary to intercept e-mail.

No guaranteed message privacy

            ND DHS cannot guarantee that e-mail will be private. Employees should be aware that electronic communications could, depending on the technology, be forwarded, intercepted, printed, and stored by others. Furthermore, others can access e-mail in accordance with this policy.

Regular message monitoring

            It is the policy of ND DHS NOT to regularly monitor the content of e-mail. However, the content of e-mail may be monitored and the usage of e-mail will be monitored to support operational, maintenance, auditing, security, and investigative activities. Users should structure their e-mail in recognition of the fact that ND DHS will from time to time examine the content of e-mail.

Statistical data

            Consistent with generally accepted business practice, DHS collects statistical data about e-mail. Using information gathered, DoIT staff monitors the use of e-mail to ensure the ongoing availability and reliability of these systems.

Incidental disclosure

            It may be necessary for DoIT staff to review the content of an individual employee’s communications during the course of problem resolution. IT staff may not review the content of an individual employee’s communications out of personal curiosity or at the request of employees that have not gone through the proper approval channels.

Message forwarding

            Recognizing that some information is intended for specific individuals and may not be appropriate for general distribution, e-mail users should exercise caution when forwarding messages. ND DHS sensitive information must not be forwarded to any party outside ND DHS without the prior approval of a program director and DoIT. Blanket forwarding of messages to parties outside of ND DHS is prohibited unless the prior permission of the program director and DoIT has been obtained.

Purging electronic messages

            Messages no longer needed for business purposes must be periodically purged by users from their e-mail mail files. Not only will this increase scarce storage space; it will also simplify record management and related activities. An employee’s performance of e-mail use will be kept swift and optimal with a well-managed mail file. If ND DHS is involved in a litigation action, all electronic messages pertaining to that litigation will not be deleted until the ND DHS Executive Director or his/her designated representative has communicated that it is legal to do so.

 

Responsibilities

            As defined below, ND DHS staff members responsible for e-mail security have been designated in order to establish a clear line of authority and responsibility. 

1.      DoIT staff must establish e-mail security policies and standards and provide technical guidance on e-mail security to ND DHS staff.

2.      DoIT staff must monitor compliance with personal computer security requirements, including hardware, software, and data safeguards. Program directors must ensure that their staffs comply with the personal computer security policy established in this document. DoIT staff must also provide administrative support and technical guidance to management on matters related to e-mail security.

3.      ND DHS program directors must ensure that:

bulletEmployees under their supervision implement e-mail security measures as defined in this document.

Contact point

            Questions about this policy may be directed to the ND DHS Lotus Notes Administrator.

Disciplinary process

            Violation of these policies may subject employees or contractors to disciplinary procedures up to and including termination.

 

Home • Up • Computer Q & A • Update Signup • EW Specific Tips • Links • Calendar • ETC Task Force • Spreadsheet Budgets • Contact Us • Site Map

Send mail to team@ewtechteam.com with questions or comments about this web site.