Information Resources User Agreement FAQs
These FAQs are intended to provide guidance to workforce members on the secure and appropriate use of Information Resources.
Categories:
- General Questions
- Internet
- Appointment, Contacts, Personal Data Assistants (PDAs)
- Passwords
- Remote Access/Working from Home
- Music and Media
General Questions
What should I do if I am not sure whether the Security Policies, IRUA or the Frequently Asked Questions allow me to do what I want to do?
Consult with your management before proceeding. They will give the necessary guidance.
To what and to whom do these Security Policies and IRUA apply?
The Security Policies and IRUA apply to all employees, managers, contractors, interns, volunteers and others who are authorized to access Information Resources to provide government services to state agencies. (collectively defined as "workforce members").
I have contractors working for me, do they need to complete the Information Resources Use Agreement?
The standard for determining if a contractor must complete is whether or not their duties require an Active Directory (AD) ID. Those needing an AD login ID will be required to take the training. Agencies may identify additional resources needing the training that do not have an AD ID.
Can I use the State’s Public Wireless Network to bypass the rules of the Internet filter or to surf at lunch or on breaks?
The State’s Public Wireless Network is an Information Resource. It was designed to allow vendors and contractors that need Internet access the capability of benefitting the State through easy and convenient connectivity. Workforce members’ use of the Public Wireless Network is subject to the IRUA as is any other state resource. When it comes to the use of any State provided Information Resource, which includes the State’s Public Wireless Network, the following apply:
- Supervisors may restrict all use. Limited personal use of Information Resources is generally permitted as long as the Workforce Member's work product does not, in the opinion of the Workforce Member's supervisor, suffer. A supervisor may, at any time, further restrict personal use.
- No Inappropriate Material. Under no circumstances are Information Resources to be used for the viewing or circulation of (a) obscene, offensive, or discriminatory material; (b) material for outside commercial gain; (c) material for political activity; or, (d) material that would damage or compromise the security of the State or its Information Resources. (Hereinafter the material in subparts (a) through (d) is referred to as "Inappropriate Material.")
- Your Use May Be Monitored. Your use of Information Resources can be monitored by the State at any time; you have no "right to privacy" in your use of Information Resources; and, while there are certain narrow exceptions to the Indiana Access to Public Records Act, documents (including e-mails) are likely to be subject to public disclosure.
Internet Use
May I adjust my internet browser security settings?
No. Internet security settings are designed to protect Information Resources from all kinds of threats such as viruses, spyware, etc.
Should I be worried if I tried to access a web page that is blocked?
Accidents happen. In most cases there is nothing to worry about. IOT does not actively monitor for attempts to go to blocked sites. If your attempt to visit a site was blocked was innocent that is usually fairly obvious by examining other Internet use.
May I download or install applications onto my computer?
No. Only personnel authorized by IOT may install applications onto state Information Resources.
May I browse Websites for personal use?
Yes, subject to the Appropriate Use and your agency’s de minimis use policies.
May I check on items I have for sale on a site like eBay or Amazon.com?
No. Monitoring items you are selling falls under the category of "outside commercial activity," and thus is prohibited.
May I download necessary free applications or other files that would assist me in my work (e.g., Avery has free templates for some labels)?
Not without permission. Only personnel authorized by IOT may install applications onto state Information Resources. You may apply security patches or application updates if directed by IOT or your agency to do so. Avery templates are permitted.
Email Use
May I send and receive personal e-mail from Websites like Hotmail?
Yes as long as this is within your agencies de minimis policy. However, you should be very careful. You can be disciplined if you infect your work computer through negligence including through accessing your personal email.
May I send personal e-mail (to set up lunch, etc.) from my state e-mail account?
Yes, subject to the Appropriate Use and your agency’s de minimis use policies.
May I use or download another application to check email?
No. Only the state e-mail account and pre-approved Web mail may be used.
Should I respond to a spam message to follow its "unsubscribe" instructions?
No. Often following "unsubscribe" instructions in spam merely confirms to the person sending the spam that they have reached a valid email address, and thus could actually increase spam. The appropriate action is to report the receipt of spam to the IOT Postmaster so they may then attempt to block it.
Appointments, Contacts, Personal Data Assistants (PDAs)
May I place personal appointments on my calendar in Microsoft Outlook or on my state-issued Personal Data Assistant (PDA) (e.g., Blackberry)?
Yes. Electronic calendars are useful tools for scheduling meetings because other users can check your availability. Thus it is helpful to place times that you will be unavailable for personal reasons on your calendar as well. If desired, you may mark personal appointments as "Private" by checking the box in the bottom right corner in the appointment dialog box.
May I store personal email addresses and phone numbers in my Microsoft Outlook account or on my state-issued Personal Data Assistant (PDA) (e.g., Blackberry)?
Yes. As noted below, however, while you may send personal emails in accord with the de minimis personal use provisions of the Information Resources Use Agreement, personal e-mail should be sent from pre-approved Web-based email systems.
May I synchronize my personal PDA to my work computer?
Yes, as long as (1) the syncing only involves syncing e-mails, contacts, appointments, and/or tasks and (2) the syncing of the PDA has been approved by your agency in conjunction with the CISO.
Passwords
May I share my passwords with my assistant for e mail?
No. Due to the sensitive nature of computer files, sharing computer passwords is prohibited. You can set up your e-mail files, however, to permit your assistant to read, author, or edit your e-mail and calendar items. For assistance, please contact the IOT help desk.
Remote Access / Working from Home
How do I get work completed at home onto my state computer?
State information should not be stored on your home computers or any personal storage device. If you will work at home with State data it should always be stored on a State provided flash drive, not your PCs local drive. The drive you will be provided will be encrypted. You should report it if lost but the information will not be readable by anyone finding it. This drive must be turned in to your manager when your employment changes.
You should not burn information to CDs or DVDs. This creates an additional, easily lost, and likely unencrypted instance of State information.
May I copy files from my state computer onto a flash drive to work on at home?
Yes, as long as the flash drive is provided to you by your agency. Use of a personal flash drive is strictly prohibited. You should not copy work files to take home onto a CD or DVD.
Can I email files to my personal account to work on over the weekend?
No. State information should not be emailed to personal email accounts. An instance of that information is created and stored in a location outside of the State’s control. You can accomplish the same thing by mailing a copy of the information to your work account. It is then accessible via WebMail.
May I "Remote Desktop" to my home computer?
No. Connecting to a Remote Desktop outside of the state's firewall opens Information Resources to security risks.
May I use GoToMyPC or LogMeIn to access my work computer?
No. The approved methods of accessing the State network are Citrix and VPN services provided by IOT.
Music and Media
May I listen to Internet radio on my computer?
Internet radio is not available to users on the State network because of the potential increases in our cost of bandwidth. Internet radio is available to some users needing it to perform their job. However, this exception is to enable targeted use to meet a particular business need and not for general use. On weekends, when there is little bandwidth used, Internet Radio is available for those working as long as it is allowed by the agency.
CDs may be listened to during business hours with agency permission. CDs should not be copied to either local or network drives of state equipment.
- Contact IOT Customer Service.
- Submit an IOT Customer Service Ticket.
- Reset my GMIS password.
- Read the Information Resources Use Agreement (IRUA).
- Receive the IN.gov Update.
- Contractors and executive branch lobbyists sign up for Ethics Training
- Access my agency's invoice.
- Sign up for IT Training.
- Sign up for PC Training.
- Suggest an improvement for state IT.
