In a commitment to transparency in government, the Colorado Open Records Act (CORA), C.R.S. 24-72-201 to 206, provides that all public records shall be open for inspection by any person at reasonable times, except as otherwise provided in Part 2 or as otherwise specifically provided by law. It is the policy and expectation of this agency that all users shall strictly adhere to the provisions of CORA as well as your agency's CORA policy, if any.

CORA provides that the release of any information to the public, supplied through automated processes, shall not take place unless the following events have transpired:

 

 • Written requisition delineating the desired information, records, or data must be received by the official custodian.
 • The official custodian must determine if the requested information, record, or data constitutes public record and its disclosure is within the law.

 

All data resulting from the activities of an agency using state-owned equipment is considered private data of that agency. Use and dissemination of this data is absolutely prohibited without proper authority being given. The appropriate Executive Director or the official custodian must provide written authority to the computer facility director prior to any data within the facility director's jurisdiction being released in any manner to any individual, government agency, or private concern. It is the facility director's responsibility to adopt adequate safeguards to protect data stored within the facility.

 

 

The integrity of the organization's data is of prime importance. All state IT resources, information, and data are the sole property of the State of Colorado and applicable statutes, policies and guidelines govern their use. The following terms and conditions are intended to protect the State of Colorado's data, and information and communications systems from unauthorized access, in accordance with the State of Colorado Cyber Security Policies, Acceptable Use of State Data & IT Resources Policy P·C1SP·018 (AUP), and your agency's Acceptable Use Policy, if any.

 

 

Per State Personnel Board Rule R-1-162, "It is the duty of state employees to protect and conserve state property. No employee shall use state time, property, equipment, or supplies for private use or any other purpose not in the interests of the State of Colorado."

 

State information or communication systems must be used in a responsible, lawful and ethical manner. Usage for personal or unauthorized activities is strictly prohibited and could result in criminal prosecution under applicable state and federal laws. State information technology, Internet access and communication systems must be used solely for purposes that serve state and/or agency mission and goals, and must be accessed only with a valid computer account.

 

You should have no expectation of privacy, rights or ownership in anything you may access, create, store, send, or receive within the state's network. This application constitutes your waiver and consent to monitoring, retrieval and disclosure of any information in the network for all purposes deemed appropriate by your agency or the Governor's Office of Information Technology (OIT), including the enforcement of agency rules.

 

You are responsible for cooperating with the state Chief Information Security Officer (CISO) or designee during any investigation of misuse of state information equipment, data or other violations of this compliance and policy
document.

 

You acknowledge that confidential information and/or reports will not be copied or discussed with family members, friends, professional colleagues, other employees, clients/customers, or any other person unless such person has been authorized to access that information. If unsure who is authorized to access the information, user will check with your direct supervisor or the point of contact responsible for the information.

 

Any violation of federal, state, assigned agency or the program's confidentiality requirements or this Agreement will be considered a breach of obligations and may result in disciplinary action, up to and including termination of employment, termination of contractual relationship, and/or other remedies allowed by law during or after your employment per the State of Colorado Personnel Rules.

 

You are responsible for the secure handling of sensitive personnel, financial and/or security related information you may be authorized to handle, and must conform to all related state and agency policies.

 

Transmission of material in violation of any state or federal law or regulation is prohibited.

 

Downloading or installing software that has not been approved by OIT is prohibited; this includes P2P software, Internet Browser plug-in, screen savers, PDA synchronization software, and encryption software. Software must be used in accordance with applicable licensing.

 

For audit or system security purposes, OIT may monitor all activity conducted on state equipment, during and after business hours.

 

Unauthorized activities that could compromise state systems or data are strictly prohibited. These activities include but are not limited to: network scanning (sniffing); vulnerability scanning; security testing; and modification of IP, proxy, DHC, DHCP, and other such settings; and password cracking.

 

Each account holder is assigned a unique usernames and password to access the network, systems and/or applications. You may not share your password with any other individual. Passwords must be a minimum of nine (9) characters, include a combination of alphanumeric characters, upper and lowercase and expire on a regular basis. You will therefore be required to reset your password on a periodic basis and must assume full responsibility for the security of your password.

 

By signing this form you agree to access only the information you need to do your job, and not to access or attempt to access files you are not authorized to use. You will not "browse" or otherwise use files or programs that exceed what is the minimum necessary to do your job. Your use and disclosures of information will be consistent with those permitted by applicable state and federal laws and rules.

 

Attempts to defeat security mechanisms are treated as a security incident and are potentially subject to civil and/or criminal penalties. You should report to your supervisor any observed attempts by others to defeat security mechanisms.

 

 

You must use e-mail solely for business-related communications. Abuse of e-mail may lead to suspension of your computing privileges and possible disciplinary action.

 

Chain mail is prohibited; Do not forward chain letters, games, virus alarms, or solicitations for donations.

 

Do not use your state e-mail address for non-related business activities such as receiving correspondence from commercial websites, participating in newsgroups, instant messaging with non-state employees, or any other activity resulting in receiving non-business related e-mail.

 

 

Employees are responsible for ensuring that the Internet is used in an effective, ethical, and lawful manner.

All Internet access is used for authorized purposes only and that Internet use is for valid business reasons.
Inappropriate use of the Internet is not allowed and will not be tolerated. Prohibited practices include:

 

 • Visiting Internet sites that contain offensive, obscene, pornographic, hateful and/or other objectionable materials; send or receive any material, whether by email, voice mail, memoranda or oral conversation, that is obscene, defamatory, harassing, intimidating, offensive, discriminatory, or which is intended to annoy, harass, or intimidate another person.

 

 • Playing games, gambling, sports, entertainment and/or streaming audio or video material not beneficial to the state.

 

 • Posting news to newsgroups, use of chat facilities, social networking sites, and participation in mail lists except as authorized by your agency policy, if any.

 

 • You shall not make unauthorized purchases or business commitments through the Internet that are not related to state business.