IN.gov - Skip Navigation

Note: This message is displayed if (1) your browser is not standards-compliant or (2) you have you disabled CSS. Read our Policies for more information.


Subscribe for e-mail updates
Print This Page Rate This Page Suggest a Link E-mail This Page HELP Find a Person Find an Agency

IOT > Security > Information Resources Use Agreement > Information Resources User Agreement FAQs Information Resources User Agreement FAQs

The following frequently asked questions (FAQs) have been prepared in accordance with the
Information Security Framework. These FAQs are intended to provide guidance to workforce members on the secure and appropriate personal use of Information Resources.

Workforce members will not be considered to have violated ethics rules for de minimis personal use of information resources if such use is consistent with the IRUA. Clarifications of the guidelines stipulated in the IRUA are included in the FAQs below.

The use of information resources is prohibited until a workforce member submits a signed copy of the IRUA to the state CISO.

Categories:

  1. General Questions
  2. Internet
  3. Email
  4. Appointment, Contacts, Personal Data Assistants (PDAs)
  5. Passwords
  6. Remote Access/Working from Home
  7. Music and Media

General Questions

What should I do if I am not sure whether the Security Policies, IRUA or the Frequently Asked Questions allow me to do what I want to do?
You should submit a request to your agency's information security liaison and should not engage in the desired use until approved.

The CISO or a CISO designee will review and respond to such requests within two business days. (Those requests that implicate de minimis use will be reviewed with the Office of Inspector General.) These FAQs will be updated as necessary. (If you have a question relating to the public access laws, you may wish to contact the Public Access Counselor.)

To what and to whom do these Security Policies and IRUA apply?
The Security Policies and IRUA apply to all employees, managers, contractors, interns, volunteers and others who are authorized to access Information Resources to provide government services to state agencies. (collectively defined as "workforce members").

The term "Information Resources" is defined as "all hardware, software, data, information, network, personal computing devices, support personnel and users within state agencies." The term "state agencies" is defined as that term is defined in IC 4-13.1 -- which is essentially the executive department, including the administrative branch -- and also includes any entity the Indiana Office of Technology serves. (Thus, the legislative and judicial departments and those bodies, separate corporate and politic, that do not use the services of the IOT are not covered by these policies.)

If an answer to one of the FAQs provides that a particular use is "permitted," do I need to know anything else?
There are three overriding points to remember in all cases:

  1. Supervisor May Restrict All Use. As provided by the IRUA and as detailed below, limited personal use of Information Resources is permitted as long as the Workforce Member's work product does not, in the opinion of the Workforce Member's supervisor, suffer. A supervisor may, at any time, further restrict personal use.
  2. No Inappropriate Material. Under no circumstances are Information Resources to be used for the viewing or circulation of (a) obscene, offensive, or discriminatory material; (b) material for outside commercial gain; (c) material for political activity; or, (d) material that would damage or compromise the security of the State or its Information Resources. (Hereinafter the material in subparts (a) through (d) is referred to as "Inappropriate Material.")
  3. Your Use May Be Monitored. Your use of Information Resources can be monitored by the State at any time; you have no "right to privacy" in your use of Information Resources; and, while there are certain narrow exceptions to the Indiana Access to Public Records Act, documents (including e-mails) are likely to be subject to public disclosure.

Internet Use

May I adjust my internet browser security settings?
No. Internet security settings are designed to protect Information Resources from all kinds of threats such as viruses, spy ware, etc.

May I delete my temporary Internet files, clear my history, and or delete cookies?
Yes. Deletion of such files will free up space on the local hard drive, but such deletion is not required, as approved Web browsers automatically clear these items at regular intervals. Note: clearing these items does not preclude the state from monitoring use.

May I download or install applications onto my computer?
No. Only personnel authorized by IOT may install applications onto state Information Resources.

May I browse Websites for personal use?
Yes, subject to the Appropriate Use and de minimis use policies.

May I check on items I have for sale on a site like eBay or Amazon.com?
No. Monitoring items you are selling falls under the category of "outside commercial activity," and thus is prohibited.

May I download necessary free applications or other files that would assist me in my work (e.g., Avery has free templates for some labels)?
Not without permission. Only personnel authorized by IOT may install applications onto state Information Resources. The following have been approved by the CISO:

  • Avery label templates from avery.com
  • Adobe updates

No application may be downloaded without the prior approval of the CISO or a CISO designee. To request approval from the CISO, please contact your agency's information security liaison.

Email Use

May I send and receive personal e-mail from Websites like Hotmail?
Yes.

May I send personal e-mail (to set up lunch, etc.) from my state e-mail account?
Yes, subject to the Appropriate Use and de minimis use policies.

May I use or download another application to check email?

No. Only the state e-mail account and pre-approved Web mail may be used.

Should I respond to a spam message to follow its "unsubscribe" instructions?
No. Often following "unsubscribe" instructions in spam merely confirms to the person sending the spam that they have reached a valid email address, and thus could actually increase spam. The appropriate action is to report the receipt of spam to the IOT Helpdesk so they may then attempt to block it.

Appointments, Contacts, Personal Data Assistants (PDAs)

May I place personal appointments on my calendar in Microsoft Outlook or on my state-issued Personal Data Assistant (PDA) (e.g., Blackberry)?
Yes. Electronic calendars are useful tools for scheduling meetings because other users can see when you are not available, and thus it is helpful to place times that you will be unavailable for personal reasons on your calendar as well. If desired, you may mark personal appointments as "Private" by checking the box in the bottom right corner in the appointment dialog box.

May I store personal email addresses and phone numbers in my Microsoft Outlook account or on my state-issued Personal Data Assistant (PDA) (e.g., Blackberry)?
Yes. As noted below, however, while you may send personal emails in accord with the de minimis personal use provisions of the Information Resources Use Agreement, personal e-mail should be sent from pre-approved Web-based email systems.

May I synchronize my personal PDA to my work computer?
Yes, as long as (1) the syncing only involves syncing e-mails, contacts, appointments, and/or tasks and (2) the syncing of the PDA has been approved by CISO or a CISO designee.

Passwords

May I share my passwords with my assistant for e mail?
No. Due to the sensitive nature of computer files, sharing computer passwords is prohibited. You can set up your e-mail files, however, to permit your assistant to read, author, or edit your e-mail and calendar items. For assistance, please contact the IOT help desk.

Remote Access / Working from Home

May I load work I have completed at home onto my state computer by means of a jump drive or a burned CD?
Yes. Any files loaded on to your state computer must be check for viruses and other malicious code.

May I copy files from my state computer onto a CD, floppy disk, or flash drive, etc. to work on at home?
Yes, subject to the confidentiality of the information. If you need to do this often, you should ask your manager if you could be issued a state laptop or, if you have Internet access from home, if you can have Citrix or Virtual Private Network (VPN) access. For smaller files, you can also e-mail files to yourself and access state Web mail (https://extranet.in.gov/Webmail/base/) to download and edit the file. If the data include confidential data, the data must be encrypted.

May I "Remote Desktop" to my home computer?
No. Connecting to a Remote Desktop outside of the state's firewall opens Information Resources to security risks.

Music and Media

May I listen to music or Internet radio on my computer?
Under certain circumstances, yes. Listening to music on a state computer is permissible so long as the music is played directly from a CD. You may not download music from a CD onto your computer. You may not listen to Internet radio. The following uses of Internet radio have been pre-approved by the CISO:

  • Legislative liaisons and other employees whose work necessitates being up-to-date with the General Assembly may listen to the General Assembly online.