(From the Enterprise Information Security Policies located on the Georgia Technology Authority site) 

PURPOSE

To establish an enterprise policy regarding appropriate use of State of Georgia information technology (IT) resources.

SCOPE

All Agencies of the State of Georgia. This policy applies to all employees, contractors, vendors, customers, and others who utilize, possess or have access to State of Georgia IT resources.

POLICY

State of Georgia information technology resources are provided to authorized Users to facilitate the efficient and effective performance of their duties. The use of such resources imposes certain responsibilities and obligations on Users and is subject to state government policies and applicable state and federal laws. It is the responsibility of Users to ensure that such resources are not misused.

STANDARDS

· To comply with this policy, Users shall refrain from inappropriate use of State of Georgia information technology resources at all times, including during breaks or outside of regular business hours.

· Inappropriate usage includes (but is not limited to) actual or attempted usage of information technology resources for:

Ø Conducting private or personal for-profit activities. This includes use for private purposes such as business transactions, private advertising of products or services, and any activity meant to foster personal gain;

Ø Conducting unauthorized not-for-profit business activities;

Ø Conducting any illegal activities as defined by federal, state, and local laws or regulations;

Ø Creation, accessing or transmitting sexually explicit, obscene, or pornographic material;

Ø Creation, accessing or transmitting material that could be considered discriminatory, offensive, threatening, harassing, or intimidating; Georgia Technology Authority Enterprise Information Security Policies Page 15

Ø Creation, accessing, or participation in online gambling;

Ø Infringement of any copyright, trademark, patent or other intellectual property rights;

Ø Performing any activity that could cause the loss, corruption of or prevention of rightful access to data or the degradation of system/network performance;

Ø Conducting any activity or solicitation for political or religious causes;

Ø Unauthorized distribution of state data and information;

Ø Attempts to subvert the security of any state or other network or network resources;

Ø Use of another employee’s access for any reason unless explicitly authorized; or,

Ø Attempts to modify or remove computer equipment, software, or peripherals without proper authorization.

Ø Attempts to libel or otherwise defame any person

· Agencies may establish more stringent policies and procedures consistent with this Enterprise Policy and associated Standards.

· Each Agency reserves the right to retrieve and read any data composed, transmitted or received through online connections and/or stored on their respective servers and /or property. (See enterprise security policy 8.7.3).

GUIDELINES

State Agencies provide IT equipment as necessary to employees and others for the efficient and effective performance of their duties. IT equipment is provided to carry out job duties, facilitate business-related research and access to information, and also to enhance communication with customers, vendors, colleagues and others receiving services/products from, doing business with, or seeking information from the State. Occasional personal use of Internet connectivity and e-mail that do not involve any inappropriate use as described above may occur, if permitted by the Agency. Any such use should be brief, infrequent, and shall not interfere with User’s performance, duties and responsibilities.

AUTHORITY, ENFORCEMENT, EXCEPTIONS (see Section 1)

· Violations of this Policy and associated Standards may result in disciplinary action, termination, or criminal prosecution. Georgia Technology Authority Enterprise Information Security Policies Page 16

· Occasional access to information or websites of the Georgia Lottery Corporation shall not constitute nor be considered inappropriate use.

TERMS AND DEFINITIONS (see Section 2)

“Information Technology Resources” or “IT Resources” means hardware, software, and communications equipment, including, but not limited to, personal computers, mainframes, wide and local area networks, servers, mobile or portable computers, peripheral equipment, telephones, wireless communications, public safety radio services, facsimile machines, technology facilities including but not limited to, data centers, dedicated training facilities, and switching facilities, and other relevant hardware and software items as well as personnel tasked with the planning, implementation, and support of technology.

VERSION HISTORY

Original Policy established 09/10/02 Revised 12/30/02