GENERAL ORDERS LINCOLN POLICE DEPARTMENT
SUBJECT: INFORMATION TECHNOLOGY SECURITY
TITLE: ACCEPTABLE USE POLICY
EFFECTIVE DATE: JUNE 1, 2025
REVISION DATE:
ACCREDITATION: ALABAMA ASSOCIATION OF CHIEFS OF POLICE (AACOP)
APPROVAL: CHIEF DARREN E. BRITTON
ACCEPTABLE USE POLICY
1100.1 PURPOSE AND SCOPE
This policy outlines the acceptable use of computer equipment at the Lincoln Police Department, including all facilities owned or controlled by the Lincoln Police Department. These rules are in place to protect the employee, authorized users, and Lincoln Police Department. Inappropriate use exposes Lincoln Police Department to risks, including virus attacks, compromise of network systems and services, policy violations, and legal issues.
This policy applies to the use of information, electronic and computing devices, and network resources to conduct Lincoln Police Department business that interacts with internal networks and department systems, whether owned or controlled by Lincoln Police Department, the employee, or a third party and applies to all employees, contractors, consultants, temporaries, and other workers at Lincoln Police Department, including all personnel affiliated or employed with third parties and agencies, and applies to all equipment owned, controlled, or leased by Lincoln Police Department.
All employees, contractors, consultants, temporary, and other workers at the Lincoln Police Department and its subsidiaries are responsible for exercising good judgment regarding the appropriate use of information, electronic devices, and network resources in accordance with Lincoln Police Department policies and standards, local laws, and applicable regulations. Exceptions to this policy are documented in section 1100.5.2 of this policy.
1100.2 DEFINITIONS
BLOGGING – posting to a website containing a writer's or group of writers' experiences, observations, opinions, etc., and often having images and links to other websites.
HONEYPOT – a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.
HONEYNET – a network set up with intentional vulnerabilities; its purpose is to invite attack so that an attacker's activities and methods can be studied and that Information can be used to increase network security.
PROPRIETARY INFORMATION – also known as trade secrets, is Information deemed confidential.
REMOTE ACCESS – the ability to access a computer or a network remotely through a network connection.
SPAM – unsolicited or undesired electronic messages
VPN –(Virtual Private Network) extends a private network across a public network, enabling users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
1100.3 POLICY
This policy will assist in establishing and maintaining a culture focused on the security of Lincoln Police Department's Information Technology Infrastructure and ensure the integrity of the sensitive data accessed through department resources.
The Information Technology Unit is responsible for overseeing the acceptable use of Information Technology equipment and access to all related services and systems owned by or assigned to the Lincoln Police Department and is committed to protecting Lincoln Police Department's employees, partners, and the department from illegal or damaging actions by individuals, either knowingly or unknowingly.
Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of the Lincoln Police Department. These systems are to be used for law enforcement purposes or any other purposes authorized by the Information Technology Unit, and the City of Lincoln Chief of Police (see 1100.5.2 of this policy for exceptions). Please review the City of Lincoln Employee Handbook or the City of Lincoln and/or Lincoln Police Department policies for further details.
1100.4 GENERAL USE AND OWNERSHIP
(a) Lincoln Police Department proprietary information stored on electronic and computing devices, whether owned, controlled, or leased by Lincoln Police Department, the employee, or a third party, remains the sole property of Lincoln Police Department. You must ensure through legal or technical means that all department information is protected in accordance with the Protection Policy.
(b) You have a responsibility to promptly report the theft, loss, or unauthorized access and\or disclosure of Lincoln Police Department information, computer systems, equipment, programs, and all other services as soon as reasonably possible. Any real or suspected violations should be reported to your direct supervisor and the Information Technology Unit as outlined in the Helpdesk Policyand the Protection Policy.
(c) You may access, use or share Lincoln Police Department information only to the extent it is authorized and necessary to fulfill your assigned job duties. Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Each decision is responsible for creating guidelines concerning personal use of Internet/Intranet/Extranet systems, which require the approval of the Information Technology Unit, and the Chief of Police. In the absence of such policies, refer to the City of Lincoln Employee Handbook and the Lincoln Police Department's Policy Manual to guide employees on personal use, and if there is any uncertainty, employees should consult Information Technology Unit.
(d) For security and network maintenance purposes, authorized individuals within Lincoln Police Department may monitor equipment, systems, and network traffic at any time, per Information Technology Unit's Audit Policy.
Lincoln Police Department reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.
1100.4.1 SECURITY AND PROPRIETARY INFORMATION
(a) All mobile and computing devices that connect to the internal network must comply with the Minimum Access Policy.
(b) No one shall connect a computer to the department's network unless it meets technical and security standards set by the Information Technology Unit, and the Chief of Police, or prior authorizations have been obtained.
(c) System-level and user-level passwords must comply with the Password Policy. Providing access to another individual, either deliberately or through failure to secure its access, is prohibited.
(d) All computing devices must be secured with a password-protected screensaver with the automatic activation feature set to 15 minutes or less. You must lock the screen or log off when the device is unattended.
(e) Postings by employees from an Lincoln Police Department email address to newsgroups should contain a disclaimer stating that "the opinions expressed are strictly their own and not necessarily those of the Lincoln Police Department or the City of Lincoln" unless posting is in the course of business duties.
(f) Employees must use extreme caution when opening e-mail attachments received from unknown senders, which may contain malware.
(g) Any computer equipment, programs, and services for the Lincoln Police Department, including all facilities owned or controlled by the City of Lincoln and/or the Lincoln Police Department or authorized agents or representatives, which has or has the potential to access any data that is confidential or proprietary information, trade secrets or any other sensitive information must be turned over to the Information Technology Unit for secure and proper disposal as outlined in the Data Destruction Policy. Any exceptions to this policy must be approved by Information Technology Unit, and the Chief of Police (See section 1100.5.2 of this policy).
(h) Use of personal communication devices use to conduct Lincoln Police business must adhere to all applicable city and department policies whether the device is a department or personally owned.
1100.4.2 UNACCEPTABLE USE
System and Network Activities
The following activities are strictly prohibited, with no exceptions:
(a) Members shall not modify any computer or system hardware (This includes removing, adding, or altering computer hardware in any way.), networks, applications, system files, or other users' files without obtaining prior authorization from the Information Technology Unit.
(b) Members shall not store personal files on nor attach flash drives, CD-Roms, external hard drives, or any other type of portable removable memory devices to department computers without prior authorization.
(c) Members are not allowed to bypass or modify software, physical protections, or any other restrictions placed on computers, networks, software, applications, or files, except for their own files or applications they manage.
(d) Violations of the rights of any person or department protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Lincoln Police Department.
(e) Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Lincoln Police Department or the end user does not have an active license is strictly prohibited.
(f) Accessing data, a server or an account for any purpose other than conducting Lincoln Police Department business, even if you have authorized access, is prohibited.
(g) Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.
(h) Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
(i) Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.
(j) Using an Lincoln Police Department computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.
(k) Making fraudulent offers of products, items, or services originating from any Lincoln Police Department account.
(l) Making statements about warranty, expressly or implied, unless it is a part of normal job duties.
(m) Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties as approved by the Information Technology Unit, or the Chief of Police. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
(n) Port scanning or security scanning is expressly prohibited unless prior notification to Information Technology Unit is made and approved.
(o) Executing any form of network monitoring which will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job/duty.
(p) Circumventing user authentication or security of any host, network, or account.
(q) Introducing honeypots, honeynets, or similar technology on the Lincoln Police Department network.
(r) Interfering with or denying service to any user other than the employee's host (for example, denial of service attack).
(s) Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
(t) Providing information about, or lists of, Lincoln Police Department employees, third-party partners, or vendors to parties outside the Lincoln Police Department without authorization from the Information Technology Unit, or the Chief of Police.
1100.4.3 EMAIL AND COMMUNICATIONS ACTIVITY
When using department resources to access and use the Internet, users must realize they represent the department. Whenever employees state an affiliation to the department, they must also clearly indicate that "the opinions expressed are my own and not necessarily those of the Lincoln Police Department or the City of Lincoln." Questions may be addressed to the Information Technology Unit. Examples of unacceptable use of email and communication:
(a) Sending unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).
(b) Any form of harassment via email, telephone, or paging, whether through language, frequency, or size of messages
(c) Unauthorized use, or forging, of email header information.
(d) Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies.
(e) Creating or forwarding "chain letters," "Ponzi," or other "pyramid" schemes of any type.
(f) Use of unsolicited email originating from within Lincoln Police Department's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by Lincoln Police Department or connected via Lincoln Police Department's network.
(g) Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).
1100.4.4 BLOGGING AND SOCIAL MEDIA
(a) Blogging and the use of Social Media by employees, whether using Lincoln Police Department's property and systems or personal computer systems, is also subject to the terms and restrictions set forth in this Policy and the Department's Social Media Policy. Limited and occasional use of Lincoln Police Department's systems to engage in blogging is acceptable, provided that it is done in a professional and responsible manner, does not otherwise violate Lincoln Police Department's policy, is not detrimental to Lincoln Police Department's best interests, and does not interfere with an employee's regular work duties. Blogging and Social Media Posts from Lincoln Police Department's systems are also subject to monitoring.
(b) Lincoln Police Department's Confidential Information policy and/or Non-Disclosure Agreement also applies to blogging. As such, Employees are prohibited from revealing any Lincoln Police Department confidential or proprietary information, trade secrets, or any other material covered by Lincoln Police Department's Confidential Information policy and/or Non-Disclosure Agreement when engaged in blogging.
(c) Employees shall not engage in any blogging that may harm or tarnish the image, reputation, and/or goodwill of Lincoln Police Department and/or any of its employees. Employees are also prohibited from making any discriminatory, disparaging, defamatory, or harassing comments when blogging or otherwise engaging in any conduct prohibited by the City of Lincoln's Discrimination and Sexual Harassment policy located in the city Employee Handbook ch. 1, sec. 1.6, pg 7.
(d) Employees may also not attribute personal statements, opinions, or beliefs to Lincoln Police Department when engaged in blogging or posting on social media. If an employee is expressing his or her beliefs and/or opinions in blogs or social media, the employee may not, expressly or implicitly, represent themselves as an employee or representative of the Lincoln Police Department. Employees assume any and all risks associated with blogging and making social media posts.
(e) Apart from following all laws pertaining to the handling and disclosure of copyrighted or export-controlled materials, Lincoln Police Department's trademarks, logos, and any other Lincoln Police Department intellectual property may also not be used in connection with any blogging activity or social media activity unless expressly authorized by the Chief of Police. (See section 1100.5.2 of this policy)
(f) Social Media, in its various forms, garner expectations similar to Blogging. Employees who engage in the use of social media on behalf of the Lincoln Police Department are expected to follow all guidelines found in the Use of Social Media Policy.
1100.4.5 REMOTE ACCESS
(a) Remote access to computers, systems, programs, and services owned, controlled, or leased by the City of Lincoln or Lincoln Police Department, the employee, or a third parties, and other law enforcement agencies, falls under the Information TechnologyRemote Access Policy, and the Audit Policy. Remote access relates to any program or service that allows access to a computer or network without the need to interact physically with those systems.
(b) In general, remote access to department assets is prohibited for all department employees, temporaries, personnel affiliated or employed with third parties, and other law enforcement agencies who use any computers, systems, programs, and services owned, controlled, or leased by the City of Lincoln or Lincoln Police Department.
(c) Exceptions to this policy are also covered in the Remote Access Policy as related to normal department operations and duties of the Information Technology Unit, and those with prior documented approval from the Information Technology Unit, and the Chief of Police. (See section 1100.5.2 of this policy)
(d) If a vendor needs to remotely access computers, systems, programs, and services owned, controlled, or leased by the City of Lincoln or Lincoln Police Department, they must be approved by the Information Technology Unit. A list of approved vendors will be maintained by the Information Technology Unit, and those vendors must be approved by the Information Technology Unit, and the Chief of Police, and will be maintained on the Approved Remote Access Vendor Addendum.
(e) VPN access is provided for specific purposes for employees of the Lincoln Police Department or approved restricted VPN connections for vendor-related needs. Employee access to the VPN must be approved by Information Technology Unit. VPN access for vendors or third parties must be approved by the Information Technology Unit, and the Chief of Police, as stated in the Remote Access Policy. There are no exceptions to this policy due to the potential security risks for the department's network.
1100.5 POLICY COMPLIANCE
Compliance Measurement
The Information Technology Unit team will verify compliance to this policy through various methods, including but not limited to, application specific reports, internal and external audits, and feedback as necessary.
1100.5.1 USER ACCESS TRACKING
All access to computers, systems, programs, and services owned, controlled, or leased by the City of Lincoln or Lincoln Police Department will be documented for audit purposes related to this policy, as well as audit purposes related to the Password Policy, Audit Policy, Data Protection Policy, and the Minimum Access Policy.
1100.5.2 EXCEPTION
Any exception to the policy must be approved by the Information Technology Unit, and the Chief of Police in advance in writing by submitting an Information Technology Security Policy Exception/Addendum Request Form will used to track any changes and\or exceptions to the Information Technology Security Policy.
1100.5.3 NON-COMPLIANCE
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
These policies and operating procedures are not designed to cover every possible scenario or situation in society, but rather to define standard operating procedures for members of the Lincoln Police Department. These guidelines are subject to past, present and future judicial review. These guidelines can be amended and or repealed by the Chief of Police as necessary. The policies and procedures herein provided supersede all previous policies and orders.