- Last Updated
- May 31, 2022
Introduction
This policy describes the use of technology used to access organizational information, including the use of personal devices for this purpose.
2. Acceptable Use of Division Hardware and Systems
Division hardware (such as computers, tablets, cell phones, and USB drives) and networks (such as wireless networks and physical networks) may be used for personal use provided that such use is outside of program hours,, legal, does not compromise anyone’s confidentiality, and would not reflect poorly on the organization if the activity became common knowledge. The Division reserves the right to limit personal activities on Division hardware and networks at any time and in any manner it sees fit.
Division printers, including Braille embossers, may be used for printing personal documents outside of program hours, provided the person printing the document pays the fee, as set by the Division from time to time, for this service.
Division phones may be used for personal use outside of program hours, provided the person using the phone pays the fee, as set by the Division from time to time, for this service and provided that such use is legal, does not compromise anyone’s confidentiality, and would not reflect poorly on the organization if the use became common knowledge. Emergency phone calls, however, are free of charge in all circumstances.
Division email, information, and communication systems may not be used for personal use.
Division owned hardware may be taken off COBD premises with prior written permission from the Director of Operations or IT Services.
3. Acceptable Use of Personal Hardware to Access Division Email, Information, and Communication Systems
Personal hardware may be used for accessing the email, information, and communication systems where organizational data is stored provided that:
a. Such systems are enrolled in the Division’s mobile device management system or a special exemption has been granted by IT Services for this requirement;
b. Such devices remain enrolled in the Division’s mobile device management system if applicable;
c. Such devices are protected by passwords and/or biometric authentication systems meeting the requirements set out and updated from time to time by IT Services; and
d. Third-parties are forbidden from accessing the organizational data stored on such devices.
4. Acceptable Use of Personal Hardware to Conduct Division Meetings
Personal hardware may be used in the conducting of Division meetings provided that:
a. The Division Board of Directors and staff use the mailing lists assigned to each entity, Division Board of Directors and staff respectively, on the “COBD.group” domain to plan all formal meetings of the entity;
b. Only COBD-hosted accounts may be used to conduct virtual meetings of the Division Board of Directors and staff; and
c. The Division’s phone system must be used at all times by staff when contacting members of the Division’s Board of Directors about the Division’s Board of Directors by telephone.
5. Configuration Management
Configuration management tracks an organization’s hardware, software, and related information; e.g., software versions and updates installed on the Division’s computer systems or computer systems managed by the Division, network addresses belonging to these hardware devices, and a log of warrantees for Division-owned hardware devices.
A complete record of all devices owned or managed by the Division is kept that includes:
- a list of software installed on the system with the software versions noted;
- network addresses belonging to the system;
- all hardware information about the system; and
- a log of warranties for Division-owned hardware devices.
6. Updates and Change Control
Change control is a systematic approach to modifying software applications or systems, patch installation, or network upgrades. Change control reduces the risk when introducing new technology (hardware or software) or changes to existing technology (e.g., software changes, operating system updates, firmware updates) by ensuring that testing and analysis are performed to understand the impacts of the change and by having procedures defined for the deployment of changes to ensure an orderly transition.
IT Services will test and analyze updates to major software packages used by the Division for compatibility, usability, and accessibility before applying these updates to systems owned or managed by the Division. IT Services will ensure all updates to systems owned and managed by the Division are applied systematically and in a timely fashion to avoid disruption of services, security vulnerabilities, and other side-effects.
7. Review
This policy will be reviewed at least annually and updated as needed.
