Use of Technology Policy

Last Updated
May 31, 2022

Introduction

This policy describes the use of technology used to access organizational information, including the use of personal devices for this purpose.

2. Acceptable Use of Division Hardware and Systems

Division hardware (such as computers, tablets, cell phones, and USB drives) and networks (such as wireless networks and physical networks) may be used for personal use provided that such use is outside of program hours,, legal, does not compromise anyone’s confidentiality, and would not reflect poorly on the organization if the activity became common knowledge. The Division reserves the right to limit personal activities on Division hardware and networks at any time and in any manner it sees fit.

Division printers, including Braille embossers, may be used for printing personal documents outside of program hours, provided the person printing the document pays the fee, as set by the Division from time to time, for this service.

Division phones may be used for personal use outside of program hours, provided the person using the phone pays the fee, as set by the Division from time to time, for this service and provided that such use is legal, does not compromise anyone’s confidentiality, and would not reflect poorly on the organization if the use became common knowledge. Emergency phone calls, however, are free of charge in all circumstances.

Division email, information, and communication systems may not be used for personal use.

Division owned hardware may be taken off COBD premises with prior written permission from the Director of Operations or IT Services.

3. Acceptable Use of Personal Hardware to Access Division Email, Information, and Communication Systems

Personal hardware may be used for accessing the email, information, and communication systems where organizational data is stored provided that:

a. Such systems are enrolled in the Division’s mobile device management system or a special exemption has been granted by IT Services for this requirement;
b. Such devices remain enrolled in the Division’s mobile device management system if applicable;
c. Such devices are protected by passwords and/or biometric authentication systems meeting the requirements set out and updated from time to time by IT Services; and
d. Third-parties are forbidden from accessing the organizational data stored on such devices.

4. Configuration Management

Configuration management tracks an organization’s hardware, software, and related information; e.g., software versions and updates installed on the Division’s computer systems or computer systems managed by the Division, network addresses belonging to these hardware devices, and a log of warrantees for Division-owned hardware devices.

A complete record of all devices owned or managed by the Division is kept that includes:

  • a list of software installed on the system with the software versions noted;
  • network addresses belonging to the system;
  • all hardware information about the system; and
  • a log of warranties for Division-owned hardware devices.

5. Updates and Change Control

Change control is a systematic approach to modifying software applications or systems, patch installation, or network upgrades. Change control reduces the risk when introducing new technology (hardware or software) or changes to existing technology (e.g., software changes, operating system updates, firmware updates) by ensuring that testing and analysis are performed to understand the impacts of the change and by having procedures defined for the deployment of changes to ensure an orderly transition.

IT Services will test and analyze updates to major software packages used by the Division for compatibility, usability, and accessibility before applying these updates to systems owned or managed by the Division. IT Services will ensure all updates to systems owned and managed by the Division are applied systematically and in a timely fashion to avoid disruption of services, security vulnerabilities, and other side-effects.

6. Review

This policy will be reviewed at least annually and updated as needed.