Policy Reference
| Category | IT Management |
| Approval Date | 01-29-2010 |
| Scope | All Personnel |
Purpose
City personnel must be authorized to utilize computer resources and access must be limited to the those necessary to perform the duties assigned to an employee.
Policy
- Employees will be permitted access to computer resources upon approval by the appropriate Department Director, supervisor, or designee(s). (406.4.1)
- ITS will maintain an inventory and identify city computer resource assets.
- ITS will record and maintain the approved computer resource assets individual personnel are authorized to use.
- All use of computer resources by personnel is subject to the "Information Technology Policies".
- All use of computer resources by personnel must be authenticated and no attempts should be made to circumvent procedures to gain access to any computer resources.
Compliance
- The organization must ensure usage policies have been developed for critical employee-facing technologies. § 12.3.a, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2
- The organization will ensure that all usage policies explicitly state management's approval for the use of devices.
- The organization must ensure the usage policies require users to be authenticated before the device can be used. § 12.3.2, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2