RESPONSIBILITY AND AUTHORITY OF THE OFFICE OF MANAGEMENT AND FINANCE(OMF) - BUREAU OF INFORMATION TECHNOLOGY (BIT) AND THE CHIEF INFORMATION OFFICER (CIO) | Ordinance No. 176003 and City Code 3.15 - establishes the Bureau of Information Technology as a bureau of OMF and defines the responsibility and authority of the CIO, effective October 10, 2001.
The Bureau of Information Technology shall be supervised by a Chief Information Officer (CIO) and shall include such other employees as the Council may provide. The Bureau shall be responsible for the Information Technology Fund.
The Bureau of Information Technology shall:
Provide Information Technology (IT) strategic planning and IT consulting services, including budget preparation and analysis, system planning and procurement, resource allocation and project management for large information technology projects.
Design, implement and manage all IT hardware and software systems including system security measures.
Manage all citywide voice, video and data networks, excluding physical connectivity.
Design, implement and manage all citywide voice, video and data applications.
Manage all IT end user support services, including Help Desk and Desktop Support services.
Manage citywide Geographic Information Systems.
Provide all Internet and Intranet services to City Bureaus, offices, boards and commissions.
In cooperation with the Bureau of Purchases, review and approve the purchase of all information technology software, hardware and professional consulting services, with the exception of radio and telephone communication equipment.
Administrative Rule
The Bureau of Information Technology will manage and standardize the City’s Information Technology and Communications environment in support of the City's business processes.
Responsibility
The Bureau of Information Technology will implement the IT Administrative Rules.
|
IT ADMINISTRATIVE RULES | Introduction
The CIO, pursuant to the authority first set forth above, is responsible for establishing binding City technology policies and standards as well as procedures or guidelines.
Rule - A binding policy embracing the overall goals, and determining organizational decisions and actions. Each administrative rule answers the question “What shall be done in providing IT services to the City of Portland?”
Standard - Binding measurable criteria for compliance with policies and procedures
Administrative Rule
The process for establishment shall, to the extent practical, solicit the collective input, technical knowledge and business process expertise of City bureaus. However, in situations of fiscal or security emergencies - as determined by City Council - rules, preferred technology standards, procedures or guidelines may be established by the City of Portland Chief Administrative Officer (CAO) without seeking such input prior to publication.
Bureaus or individuals may make recommendations for new administrative rules by following the process outlined in the Administrative Rule Development section of this document.
Responsibility
These administrative rules will be reviewed annually by the CIO (or designee) and may be updated as necessary.
|
ADMINSTRATIVE RULE DEVELOPMENT | Introduction
The process for policy development shall follow the guidelines set out in the Office of Management and Finance Formation and Issuance of Citywide Administrative Services Rules
Administrative Rule
Within the parameters of the OMF rules development policy, the CIO, (or designee,) will facilitate stakeholder collaboration, preparation of the business case analysis, and documentation and reporting of stakeholder input to the CAO.
The CIO may use any mechanism(s) deemed appropriate to facilitate stakeholder collaboration in the policy development process. The CIO shall determine the scope of such collaboration, which may include, but is not limited to:
▪ Use of existing, established workgroups or forums;
▪ Establishment of new workgroups comprised of relevant personnel;
▪ Establishment of technical committees to provide expertise in the development of the policy/standard, including but not limited to, the preparation of technical standards and specifications, and/or assisting in the preparation of data or analysis for a business case analysis of proposed alternatives.
▪ Stakeholders may include Bureau Managers, business process managers, staff, and/or representatives from the private sector, or the general public.
Responsibilities
Development and/or revision of an administrative services rule is the responsibility of the CAO and directors of the citywide administrative services provider bureaus, or their designees, following these steps:
▪ Unless initiated by the CAO, notify the CAO when a new or revised rule is under consideration;
▪ Develop a problem definition and rule direction statement;
|
| |
▪ Note authority for rule and any existing rules or policies to be replaced;
▪ Identify key stakeholders;
▪ Include research of best practices in rule development;
▪ Draft rule and provide to CAO for review and initial approval;
▪ Distribute draft rule to identified stakeholders for review and comment. The review period will not be shorter than 15 days;
▪ Meet with bureaus and other identified stakeholders as needed to receive comments and feedback;
▪ CAO formally approves the rule and ensures it is disseminated to Council and to all City bureaus.
▪ The rule is submitted for Council approval.
|
ESTABLISHMENT OF INFORMATION TECHNOLOGY STANDARDS |
Introduction
Standards enable communication between Bureaus, create a single face of government for citizens provide for economies of scale in IT purchases, and facilitate consolidation of IT support services.
Standard infrastructure specifications (requirements) and definition and use of data are important in a large complex environment such as the City of Portland. Data definition and usage standards are essential to consistent and accurate data reporting and analysis.
A well-defined set of standards can reduce support costs and provide economies of scale while at the same time allowing the needed level of flexibility. Support costs can be minimized by setting standards for desktop configuration, software, network connections and backup procedures. Training costs can be reduced substantially by standardizing certain applications that will have widespread use.
Administrative Rule
The CIO or designated representative shall establish and periodically review appropriate standards for information technology in the City of Portland to ensure required performance and capabilities, and minimize support and training costs.
The planned and budgeted transition to enterprise standards should take into account the current environment and the priorities and business directions of Bureaus and Offices.
Responsibility
The CIO or designated representative shall maintain and publish a directory of Information Technology Standards which must include procedures for promulgating, reviewing and enforcing the City’s IT standards. (See IT Technology Standards)
The Bureau of Information Technology shall make all corporate IT policies, standards and procedures (excluding those related to system security) available via the City’s Intranet.
|
OWNERSHIP OF IT ASSETS | Introduction
Consistent, efficient, accountable management and maintenance of the City of Portland’s Information Technology environment can best be achieved through consolidated ownership of all corporate Information Technology assets by the Bureau of Information Technology.
A key to the City’s ability to work and communicate effectively is dependent on our capacity to gather, analyze and distribute data and information. Maintaining hardware/software assets at a consistent level is essential in order to meet the public’s service expectations, conduct efficient business operations, and achieve organizational goals.
Administrative Rule
The bureau of Information Technology owns and manages all IT assets with the exception of assets where it is determined by Council of the CAO that it is in the City’s best financial interest for a customer bureau to own the asset. IT assets are defined as corporate IT applications, corporate IT systems, and assigned IT equipment.
All new desktop equipment - thick, thin, tiered, client-server, peripheral, for normal business/staff use - will meet the minimum standards as determined by BIT. (See City of Portland Information Technology Standards)
Responsibility
BIT will charge rates for IT assets. These rates will include a replacement component or a debt service component, unless it is determined by Council or the CAO it is in the City’s best financial interest for a customer bureau to fund replacement resources on its own.
Ownership of IT assets will transition to BIT as assets are replaced. At the time of purchase the new asset will be booked to the BIT Fund. *
Prior to their time of replacement IT assets may still be owned by bureaus and their costs booked to the bureau’s fund. However, BIT will manage these IT assets during the transition period .
Upgrades to IT assets, or the purchase of additional IT assets, will be funded via cash transfers from the receiver bureau.*
IT equipment will be purchased by BIT and assigned to bureaus.*
(*Or as otherwise determined by the CAO or Council.)
|
CONSOLIDATION OF CORPORATE SYSTEMS | Introduction
A consolidated system for corporate business processes, including network management, data storage and retrieval, system security, accounting, financial, purchasing, and human resource management systems, enables more efficient monitoring, and management of the City’s assets, resources, and expenditures. It eliminates continued investment in duplicative systems and processes and reduces costs by reducing the effort required to acquire data, move data, manage data, and turn data into useful information.
Administrative Rule
All existing and future corporate information systems (those involving use of City owned information or business process by more than one bureau) that support business processes for accounting, financial, human resources, workflow management, data collection, and data management, will be consolidated into a single, coherent IT environment, unless specifically exempted by the CIO (or designated representative.)
Where services cross Bureau lines, the CIO or designated representative shall decide on how they will be integrated.
The CIO or designated representative, working collaboratively with affected bureaus, is authorized to implement the City's standards for system consolidation.
All upgrades to existing corporate administrative services systems - accounting, financial, human resources, purchases, etc - or related application development, shall require review by the CIO (or designated representative), the appropriate corporate business manager*, and the CAO.
All other software systems that are or determined to be “corporate systems,” over time will require review by the CIO or designee) and the CAO.
Responsibility
BIT and other OMF bureaus will work collaboratively with Bureaus to develop and implement retirement/migration plans, for legacy or proprietary systems. System retirement and migration resource requirements will be addressed via the Information Technology Fund.
(* Finance Director, Human Resources Director, Purchases Director, etc.)
|
HARDWARE AND SOFTWARE MAINTENANCE | Introduction
Information technology and data resources are critical assets. The City’s ability to effectively deliver services and communicate effectively is dependent on increasing our capacity to gather, analyze and distribute data and information. Maintaining hardware/software assets at the appropriate level is essential to meet the public expectations and achieve organizational goals effectively and efficiently
Administrative Rule
All City owned computer equipment and software will be selected and maintained in keeping with established standards while that equipment and software remains in normal business/staff use.
Responsibility
Only qualified persons designated or approved by the Bureau of Information Technology may provide hardware and software maintenance support. The Bureau of Information Technology will provide a level of technical support to desktop computer users sufficient to perform their job duties.
In situations where City-owned equipment is used by non-City entities and personnel, the Bureau or Office shall have an agreement outlining usage and maintenance responsibilities of each party.
Non-City owned hardware and software will not be maintained by the City unless a prior agreement has been made.
|
WEB PUBLISHING | Introduction:
The purpose of web publishing for the City and its Bureaus is to improve two-way communication with City officials and staff, provide efficient access to information about City services and programs, and offer a cost-effective alternative for conducting business with the City. City and Bureau web pages are established as a means for the City to provide information to the public. City web sites are not open forums for hyperlinks.
Administrative Rule:
The Bureau of Information Technology manages the infrastructure and basic presentation and navigation format for the City Internet and Intranet. Bureaus shall use a common format and navigation structure for all bureau specific Intranet and Internet sites.
All City of Portland Internet web sites shall support the City’s portal (PortlandOnline).
Only personnel authorized by the City may make changes to City sites.
City and Bureau Web sites will be designed and maintained to achieve these goals:
• The cumulative set of City Web sites (ci.portland and Bureau sites) form a coherent, cohesive whole;
• Meet the information and business needs of the different user audiences and visitors to the City's Web page;
• Benefit Portland residents, the City of Portland, and Internet users worldwide.
• Use graphics and page formatting to complement the text or aid in navigation;
• Meet federal Americans with Disabilities Act web access requirements
City Bureaus are authorized to publish information directly related to their Bureaus. Bureau Managers shall approve all such Web content and ensure they comply with existing policies and practices with regard to official City or Bureau communication, including review processes for correspondence and published materials. Bureaus shall ensure that material that is located on another web page is not duplicated. Rather, they shall provide a link to the authoritative source.
All material that is available on the City’s Internet site shall also be available on the City’s Intranet.
Responsibility
City boards or commissions shall coordinate Web publishing with their sponsoring City agency.
Bureaus shall limit the content of their Web pages to their area of responsibility. If Bureau responsibilities overlap or are shared, the Bureaus should confer to ensure to avoid duplication and to ensure the best integration, accuracy and timeliness of information.
Bureaus and Offices shall maintain an archive of version records of all material posted on the Internet or Intranet.
The City may from time to time establish hyperlinks to non-City web sites (typically those established by community, public-interest or other similar entities) when the City determines that a linked site will enhance or supplement information the City is providing on its web pages about the City’s programs, policies, mission and objectives. Such links may be established by City staff only where the above criteria are met, and the linked sites are consistent with City code and policies.
All City web sites must include the most current Disclaimer statement from the City Attorney’s office.
All City web sites must include an e-mail link to a Webmaster for the site.
|
INFRASTRUCTURE
E-GOVERNMENT INFRASTRUCTURE | Introduction
E-government is a process by which the City offers services electronically. It allows citizens, businesses and employees easy access to government and streamlined business processes. E-government interactions are often categorized in terms of citizen or business to government, government to citizen or business, and government to government. This transformation will evolve from a basic web presence to a fully connected integrated digital environment where citizens, government and employees can seamlessly interact with the City 24 hours a day, 7 days a week.
This IT Administrative Rule involves the development of a secure infrastructure to address three primary goals:
• The standardization of development tools and processes
• The integration of corporate business processes
• The development of a single City web portal.
Administrative Rule
The Bureau of Information Technology shall maintain a standardized and secure e-government infrastructure and environment. This includes providing common service modules that all entities shall use to implement digital signatures, electronic payments and similar online tasks.
BIT is the City of Portland’s sole authority for the security infrastructure for providing electronic certificates, digital signatures and encryption environment.
Upon its availability, all City financial transactions will be processed through a single transaction tool which will be integrated with the City’s financial management system and/or data repository system.
The E-Government initiative is centered on a web portal called PortlandOnline.
PortlandOnline provides a single portal to reach all existing web services provided by Bureaus today as well as features which will enhance service and information delivery options for users and service provider
Those features are supported at the corporate and Bureau levels through standardized components, applications, enterprise-wide infrastructure, and business processes.
Responsibility
The CIO will use an appropriate mechanism(s) to facilitate stakeholder collaboration in the transformation of business processes to support Portland Online. The scope of such collaboration may include, but is not limited to:
▪ Use of existing, established workgroups or forums;
▪ Establishment of new workgroups comprised of relevant personnel;
▪ Establishment of technical committees to provide expertise in the transformation of the business process, including but not limited to, the preparation of technical standards and specifications, and/or assisting in the preparation of data or analysis for a business case analysis of proposed alternatives.
▪ Stakeholders may include City managers, staff, and/or representatives from the private sector, or the general public.
|
INFORMATION SECURITY | Introduction
Information technology systems and networks are a dynamic and integral part of business at the City of Portland. The City has invested substantially in human and financial resources to create these systems. BIT is responsible for managing and maintaining the security of the City’s Information Technology systems. The policy is established to:
• Protect this investment
• Safeguard the information contained within these systems
• Reduce business and legal risk
• Ensure compliance with statutory and contractual requirements
Administrative Rule
All IT assets shall be physically secure to prevent unauthorized physical access, and to prevent environmental hazards such as power fluctuations, extreme heat, cold, etc.
All City data and other network resources and assets shall be secure from unauthorized access.
A Disaster Recovery or Business Continuity Plan is maintained to identify and mitigate risks, ensure that City data will survive a natural or man-made disaster and that City business can resume operating as quickly as possible.
As per Bureau of Human Resources Administrative Rules Section 4.8, each employee, supervisor, and manager is responsible for protecting the integrity and security of City IT resources.
Responsibility
Security and monitoring for City IT assets, including a citywide standard for passwords, shall be conducted according to procedures set out in BIT Operations Procedures.
Resources to support the Business Continuity Plan will be identified through the IT Fund Project Identification and Prioritization Process.
See also Network Access
|
VIRUS PROTECTION | Introduction
Computer viruses can be transferred by disk, by local and wide area network transfers, by connections to the Internet, by email and a variety of other ways. Computer viruses can quickly spread to destroy or corrupt data. Overall service to internal and external customers of Bureaus and Offices can be drastically affected by contracting a virus. Safety demands stringent efforts to safeguard City owned data and equipment from viruses.
Administrative Rule
Virus protection software and tools are installed and operational at all times on City of Portland computers and servers, and shall be kept up to date.
As per BHR Administrative Rules Section 4.8, City employees will observe safe practices regarding the use of computers to minimize the risks of viruses.
Responsibility
The Bureau of Information Technology has full responsibility to procure and install virus protection according to current City standards and institute measures to ensure the protection is always up to date.
With assistance from the Bureau of Information Technology, Bureau and Office managers shall ensure that employees are provided with information on safe practices for virus protection and that safe practices are observed.
The Bureau of Information Technology shall maintain procedures for dealing with a virus outbreak to minimize damage and restore full operations as quickly as possible.
|
NETWORK ACCESS | Introduction
Access to resources on the City network is essential for City employees to do their job. At the same time, security considerations require that access is limited to only those persons whose responsibilities require access, and to only those resources required.
Administrative Rule
Access to the City’s network and applications will be made available to all Bureaus, Offices and locations and follow a standard process to determine access requirements for:
• City personnel
• Citizens and business partners
• Contracted support
City employees will be given access to only those specific resources actually required to accomplish their job as determined by Bureaus managers or designees.
Non-City employees will not be given access to the City’s network, except on a case-by-case basis or by Council action (e.g. Intergovernmental Agreements). Any non-City employee receiving permission to access the City’s network must abide by all City Information Technology policies, standards and procedures.
Responsibility
Bureau and Office managers shall identify those employees who require access to the City network, including specific network resources.
Bureau and Office Managers are responsible for notifying the BIT Operations Manager (or designee) when an employee’s access to Network resources should be terminated.
For non-employees, the responsible Bureau Manager must identify network access requirements and BIT will provide the appropriate options.
|
REMOTE NETWORK ACCESS (FOR EMPLOYEES) | Introduction
Remote access is a generic term used to describe the accessing of an organization’s computer network by individuals not located at the organization’s offices. This may take the form of traveling employees, employees who regularly work from home, or employees who work both from the office and from home. In many cases, both the company and the employee may benefit from the increased flexibility provided by a remote access program. As with any innovation, however, the benefits may be countered by risks if the purposes and methods of the program are not fully understood by all participants.
Policy
Remote access to the City network by City employees is authorized when business activities require it, subject to approval by Bureau or Office management.
Only City-owned computers shall be used for remote network access. (This does not apply to use of OWA - Outlook Web Access.)
Exceptions to this policy are evaluated and may be granted on a case-by-case basis by the CIO or designated representative.
Responsibility
Bureaus or Offices must use the BIT Operations Remote Access Service Request form to notify BIT of employees whose responsibilities require BIT to set up remote access to the City network.
The Bureau of Information Technology is responsible for setting up remote access in the manner that is consistent with the appropriate security measures.
|
SOFTWARE LICENSING/COPYRIGHTS | Introduction
Most software applications are protected by laws and software user agreements that prohibit copying the application for personal or other use. Violations of these laws and agreements could result in adverse consequences to the City.
Administrative Rule
City of Portland Bureaus and Offices will comply with all applicable software copyright and licensing laws.
The City of Portland shall properly license all software used and/or stored on City equipment..
Unauthorized and non-licensed software, once identified, shall be either properly licensed, or removed immediately from City systems.
Responsibility
BIT is responsible for software license maintenance (record keeping) for all corporate applications. Proof of purchase of software products requiring licensing shall be maintained on file for the life of the product.
Bureaus are responsible for software license maintenance for bureau-specific applications unless arrangements have been made for BIT to provide license maintenance.
All Bureaus and Offices shall comply with existing licensing and copyright laws.
Proof of compliance may include any or all of the following:
▪ Invoice showing purchase of operating system or software
▪ Invoice showing purchase of computer with operating system and software preinstalled.
▪ Site license or other agreement with a software manufacturer.
City-owned software that is required to perform work at another location shall be installed by BIT on City-owned equipment only. City-owned software must be removed when the City employee or contractor is terminated or no longer requires the software to perform his or her job.
An audit of software used on City hardware shall be conducted no less than once every two years.
|
SOFTWARE CHANGE | Introduction
A large number of software patches, and updates, primarily for security purposes, are made available by software vendors each month. It is imperative that the City has a uniform method for identifying changes to City software, and for reviewing, evaluating, testing and implementing changes to the configuration and software on City desktop computers and servers.
Administrative Rule
All software updates, patches, version upgrades and configuration changes shall be evaluated and tested prior to implementing such changes.
Affected software shall include:
• Operating systems
• Browsers
• Firmware (EEPROM) upgrades
• Network software
• Corporate applications
• Relational Database Management systems
Only changes authorized by BIT and recommended for implementation can be installed.
Responsibility:
BIT is responsible for identifying needed changes to corporate software, and for reviewing, evaluating, and testing changes such as patches, updates and version upgrades, to the configuration and software on City desktop computers and servers. All changes shall be either implemented by BIT personnel, or (whenever appropriate) by users after an explicit permission for implementing changes is granted by BIT with appropriate instructions
|
DATA, APPLICATIONS, AND PROCESSES
SOFTWARE APPLICATIONS LIFE CYCLE |
Introduction
The City shall adopt a consistent, cost effective, approach to application services to fully meet the City’s business requirements. This approach will include the initial request for service, the documentation developed as a result of the request, the Citywide Application Evaluation Review and the City Systems Development Methodology. These processes have been developed pursuant to Council direction in Ordinance 175331, adopting recommendations on the Administrative Services Review.
Application services include requests for modifications, enhancements or development of GIS, Web, client or server based applications. Application services also include any requests which might result in the purchase and implementation of a commercially available application system.
The policy goal in standardizing the application life cycle is to:
▪ Utilize a common, simplified, scalable method for the development, purchase, and implementation of applications
▪ Ensure the use of the Citywide Application Evaluation Process
▪ Set realistic expectations with customers regarding the budget, timelines and resource requirements related to application development, implementation and maintenance.
▪ Maintain a corporate systems perspective
Administrative Rule
All application services requests outside of a production failure or an emergency - as determined by the CIO or designee - shall be raised according to the Application Project Request procedure. This procedure can be found at the BIT Intranet Site.
The process starts with the submittal of information utilizing the Application Service Request form can be found at the BIT Intranet site.
Requests determined to be beyond the scope of normal system maintenance and of a magnitude which justifies the effort involved, will be documented utilizing the Project Intake Form in order to further define the need, the required resources, the priority and the funding for the project. The Project Intake Form can be found at the BIT Intranet site.
All applications shall be documented in the City's Application Evaluation database. All proposed application development projects shall be checked against the Application Development Clearinghouse to insure that no comparable tools already exist. Relevant tools/applications already in existence shall be examined for applicability to the task at hand. Documentation of this process can be found at the BIT Intranet site.
The City Systems Development Methodology will be used to define the activities to be carried out in a project, to introduce consistency among the many projects, to insure appropriate communications occur with all of the stakeholders and to provide checkpoints for management control and for "go/no go" decisions. The Systems Development Methodology can be found at the BIT Intranet site
Applications to be purchased or developed shall conform to applicable City standards. City IT Standards can be found at the BIT Intranet site.
Responsibility
An IT Application Lead, identified for each Bureau, has primary responsibility for documenting and maintaining requests for services in collaboration with bureaus’ personnel. IT Application Leads will maintain lists of Bureau Primary Application Contacts who have the authority to approve requested changes to Bureau applications. IT Application Leads will follow all IT Administrative Rules and Standards.
All applications shall be documented in the City’s Application Development Clearinghouse (ADC) database. The Clearinghouse Application shall be maintained by BIT. Data entry shall be the responsibility of all Application Development staff.
Each Bureau shall have a fiscal year work plan for application development services provided through a Service Level Agreement (SLA) with BIT. New projects shall be prioritized by the Bureau.
Applications to be purchased or developed shall conform to applicable City standards.
BIT will promote and facilitate partnerships among bureaus for application development.
|
SHARED DATA | Introduction
Access to accurate, consistent data is critical for the operational performance of the City’s Bureaus and Offices.
Administrative Rule
The City of Portland shall establish and maintain a repository for data (in single or multiple locations as appropriate) or hub for all corporate data with the exception of data defined as “confidential” by applicable City Code, State statute, Federal laws or binding legal agreement. See City Code 6.04.130
Responsibility
The Bureau of Information Technology shall be responsible for the maintenance of the corporate data repository or hub system, as well as the appropriate data access tools, for the City of Portland.
Owners of data are responsible for defining access privileges.
Working with the owners of the data, the Bureau of Information Technology is responsible for the internal procedures that ensure secure access to and protection of data stored in the business data repository system.
|
DATA BACKUP | Introduction
Data backup is a process that stores redundant copies of files from hard disk to removable media (usually tapes). The redundant copies of files are used or “recovered” when the original files are damaged or accidentally deleted. Any new files or files that have changed since the last backup are copied to removable media to assist in immediate restoration if data is lost.
Computer data obtained or generated while conducting City business are City property and represent a significant investment of time and financial resources.
Administrative Rule
The City of Portland shall backup any data on desktop systems or network storage devices according to the backup procedures developed by BIT personnel. Backup procedures will address the business needs of City’s Bureaus and Offices and follow established standards. Deviation from the standard backup schedule, duration of historical data storage, backup media and other established standards must be justified by business needs and pre-approved by either the CIO or BIT Operations Manager (or designee.)
Responsibility
BIT shall conduct backups of data systems as per best industry practices. BIT staff shall maintain documentation of procedures including:
▪ identification of individuals and alternates responsible for carrying out the process
▪ the frequency of backup
▪ identification of circumstances requiring review and/or modification of the procedure
Bureaus and individual employees are responsible for preserving work to a backed up network storage location. BIT will provide appropriate technology and training where necessary to accomplish related tasks.
|
DATA ARCHIVING | Introduction
BIT is not responsible for the formal archiving of the public records. Archiving is distinguished from data backups in that backups are for the purpose of restoring lost or damaged data to an electronic medium, while archiving is for the purpose of preserving public records.
Administrative Rule
Statutory requirements for data archiving do not permit the archiving of public records in electronic format. Only those documents in the form of paper or microfiche may be archived.
Statutory requirements for data archiving are contained in section 3.76.050 of the City Code. Requirements can be found at the City Auditor Intranet site.
Responsibility
Bureaus are responsible for familiarizing employees with the City’s Records Management procedures. These procedures can be found at the City Auditor intranet site.
|
OTHER ADMINISTRATIVE RULES
DOWNLOADING FROM THE INTERNET |
Introduction
Downloading is the transmission of a file from one computer system to another, usually smaller system.
Administrative Rule
City of Portland employees are authorized to download files from external sources onto City devices for City of Portland business purposes. Employees are not allowed to download and install any executable software files (programs, scripts, or other executables) without prior approval of BIT.
City of Portland employees will comply with all applicable software copyright and licensing laws and with all applicable City of Portland policies. See also “Software Licensing” and “Use of Internet Technologies”, in this document.
All software used and/or stored on City of Portland equipment shall be properly licensed by the City of Portland.
As per Human Resources Administrative Rules Section 4.8, City of Portland employees are expected to understand their ethical responsibilities in using the City of Portland ’s IT resources.
Responsibility
BIT shall provide all employees with instructions concerning dangers of viruses and the proper methods for avoiding them. See “Virus Protection” in this document.
|
DISPOSAL OF INFORMATION TECHNOLOGY EQUIPMENT | Introduction
As Information Technology hardware becomes obsolete or unserviceable, it shall be disposed of in a socially responsible and environmentally sound manner, and (where applicable) removed from the City’s fixed asset inventory.
Administrative Rule
IT hardware that is no longer needed, cannot be used elsewhere in the organization, or is no longer cost-effectively serviceable, may be disposed of in one of three ways:
▪ State Surplus - Decommissioned machines - retired from service with all licensed software (those not required to remain with the machine) and files completely removed - may be sent to the State of Oregon for disposal as surplus.
▪ Donation to non-profit organizations - Decommissioned City IT equipment -retired from service with all licensed programs (those not required to remain with the machine) files, and City of Portland identification removed- may be donated to a 501c3 non-profit organization with written permission of the donating Bureau's Director. The donation shall be documented, and shall include environmentally sound disposal of the equipment, and indemnification of the City from any further responsibility for the equipment, as written conditions of the donation.
▪ Discard - Send discarded items to a facility appropriately licensed for disposal or recycling of IT hardware as identified by BIT in collaboration with the Office of Sustainable Development.
Any proceeds from the sale of disposed IT assets will be used to offset the cost of replacing IT assets.
Responsibility
BIT is responsible for determining obsolescence and the decommissioning of all corporately owned IT hardware.
BIT is responsible for the disposal of obsolete corporately owned IT hardware.
Bureaus are responsible for disposal of all bureau owned IT hardware.
|
USE OF INTERNET TECHNOLOGIES | Introduction
Internet, Intranet and e-mail technologies (hereafter Internet Technologies) provide convenient, rapid, cost-effective communication with the public and other audiences, allow the City and Bureaus to provide information about services and programs, and enable the public to conduct business with the City.
The City Council encourages City employees and Bureaus to use Internet Technologies for information distribution, communication, business and research. Because of the rapid development of these technologies, City Bureaus should monitor and re-evaluate their use of Internet Technologies regularly.
City Bureaus should also consider the importance of on-going training for employees using Internet Technologies for business purposes. Training is essential to stay up-to-date and skilled in the efficient immediate and long-term use of these technologies for City business.
Administrative Rule
Rules governing use of the Internet as well as IT hardware and software are contained in City of Portland Human Resources Administrative Rule 4.08 and 4.09 – Internet Technologies. These rules can be found at the Human Resources Intranet site.
All City employees will have access to the City’s Intranet via individual or shared City workstations provided that such access does not conflict with security requirements.
Responsibility
Bureau Directors or Administrators shall enforce the BHR Administrative Rules on the use of Internet Technologies by appropriate means.
Each Bureau Director or Administrator is responsible for their respective employees’ use of the Internet
The Bureau of Information Technology shall make all corporate IT policies, standards and procedures (excluding those related to system security) available to employees via the City Intranet.
Bureaus and Offices are responsible for ensuring City of Portland employees know how to access policy and procedural information related to the City of Portland ’s IT resources.
|
