Administrative Manual - 208 Employee Performance and Conduct
208.10 Computer and Networking Use
- It is the policy of JSA/JLab that use of computer and networking capability is for Laboratory related purposes; i.e, all authorized work connected with the research, design, construction and operation of the Laboratory, its associated and authorized research, development, education, and associated administrative and support activities. Limited personal use is permitted, as long as it is not unreasonable or excessive, is appropriate, does not interfere with business needs or operations and does not compromise the security integrity of the system. The Lab has full and final discretionary authority to determine the appropriateness and reasonableness of JLab systems use.
- All electronic transmissions and records, including e-mail, computer files, web documents, etc., are Laboratory property and as such are subject to disclosure to Lab management on a need to know basis, as well as to law enforcement, government officials, or to other third parties in accordance with JSA's M&O contract for Jefferson Lab or federal or state law.
- JSA/JLab has the right to monitor and log any and all aspects of its computer systems including, but not limited to, monitoring Internet sites accessed, chat and newsgroups, file/data transfers and e-mail sent and received.
- JSA/JLab has the right to utilize software that makes it possible to identify and block access to Internet sites containing sexually explicit or any other material or activities deemed inappropriate in the workplace.
This policy applies to all forms of computer and networking use, whether accessed on or from Laboratory premises, accessed using Lab computer equipment (including Lab equipment located off site and at personal residences) or via Lab-paid access methods (including the Lab's dial-in Internet access and personal computers accessing the Internet via the Lab's network, but not including home broad band Internet access that is partially paid for by the Lab). The scope includes the development and execution of computer codes, document processing and printing, electronic mail, database and file storage, World Wide Web access and development, and network access.
- STANDARDS FOR USE OF COMPUTER AND NETWORKING CAPABILITY
- Posting content to the Web is a form of publication. No content may be posted to the Web if it would violate U.S. copyright laws or Jefferson Lab's intellectual property rights, or could in any way cause embarrassment to DOE, JSA or JLab.
- Personal software (e.g., personal holiday greeting card generators, screen savers, investment programs, etc.) shall not be placed on Laboratory computers. Work of a personal nature shall not be generated during work time. Individual professional home pages are to be used only at the discretion of management and are to be limited to work information.
- If engaging in a public professional forum, the user must differentiate and acknowledge that personal opinions are his/her own and not those of JSA/Jefferson Lab or the U.S. Department of Energy.
- Standards of behavior include but are not limited to:
- All staff shall use resources cooperatively with other computer users by monitoring background and interactive jobs to ensure that other users are not excluded from the use of central resources including networks. This could include releasing limited licenses after appropriate time periods so that others may access them, and making special arrangements through the Computer Center for high priority or high resource dependent jobs.
- Computers shall not be used for any activity involving personal financial gain (e.g., operating and advertising a commercial enterprise or professional service, gambling or stock trading, etc.)
- Computers shall not be used for the support of any activity not officially chartered by the Lab (e.g., clubs or private organizations) or for any other activity that might be construed as inappropriate use of taxpayer funded resources. Obscene, pornographic, offensive, threatening, harassing or intimidating materials shall not be entered into the computer or sent by electronic means.
- JLab employees may not knowingly use their web browser to access any page used for illegal activities or sexually explicit content or include a link to these types of pages from any page residing on a JLab server.
- Minor incidental personal use of computing resources by staff members for purposes unrelated to work assignments is
allowed, during work breaks, if such use is consistent with the following:
- Does not involve illegal activities
- Does not interfere with legitimate job activities or job performance
- Does not result in the occurrence of incremental cost to JLab or account for a significant use of laboratory resources
- Does not compromise security in any way
- Does not involve activities that could potentially embarrass JLab
- Does not involve activities for the purpose of generating personal income, such as operation of an active business or working in part-time or consulting position for compensation. (Management of passive personal finances and professional activities that do not require outside business approval [see Policy 208.03] are acceptable if approved as indicated in 208.10 Policy E.)
- Does not involve any direct lobbying activities or any partisan political activities such as using a jlab.org email account.
- Certain indirect incidental use may be acceptable if approved as indicated in 208.10 Policy E.
- ACCEPTABLE AND UNACCEPTABLE ACTIVITIES
- The following are examples of minor incidental personal use of computer systems during work breaks that are
acceptable and adhere to the Lab's established criteria.
- Education, self-training and professional development
- Personal research such as reading newspaper articles, checking airline prices, browsing sales catalogues, comparing prices, obtaining road maps, checking weather forecasts or road conditions
- Acquisition of personal items such as airline tickets, or catalogue items.
- The following are examples of inappropriate use of JLab resources that are prohibited and shall immediately subject the
responsible individual to disciplinary action up to and including termination of JLab employment.
- Supporting or accessing sites that ridicule others on the basis of race, creed, religion, sex, disability, nationality or sexual orientation
- Accessing explicit sexually oriented material (e.g., pornography)
- Endorsing any product
- Participating in any partisan activity
- Creating or forwarding chain letters or mass mailings not in connection with JLab business
- Violating licenses, copyrights or other computer related contracts
- Downloading or use of illegal or bootlegged software, movies or music (e.g., via "peer-to-peer" software)
- Using "hacker" software, password crackers or sniffers, without authorization.
- The following are examples of minor incidental personal use of computer systems during work breaks that are acceptable and adhere to the Lab's established criteria.
- QUESTIONS REGARDING SPECIFIC SITUATIONS
Since it would be impossible to include in the above lists all appropriate and inappropriate uses of JLab computers, questions related to specific issues or circumstances may be brought to the Chief Information Officer or Director of Human Resources for determination/approval.
- The JLab Computer Center is responsible for managing the central computational resources and for providing information to system users, personal computer users, and managers of standalone computing resources for system management and use. For activities associated with cyber security command and control, the Computer Center Manager and cyber security staff report to the Chief Information Officer. The Computer Center Manager and assigned staff are authorized by the Laboratory Director's Council to monitor the use of the computational resources in order to ensure the appropriate use and that all applicable policies and standards of use and security are upheld. The CIO, Computer Center Manager and staff are further authorized to take appropriate measures in cases of breach of use and security policies.
- The Laboratory's Webmaster oversees the contents of Jefferson Lab's web site. Page development is delegated to local webmasters, or individuals responsible for a specific topic.
- Department managers are responsible for delegating and overseeing the quality of the homepage for their department. In addition, supervisory staff shall collaborate with the Computer Center or webmaster to resolve any individual user issues.
- All staff are responsible for any activity associated with their user account, for ensuring the laws for copyright, licensing and trademark protection are followed, and complying with the standards for use of computer and networking capability as outlined below. In addition to commercial products, software developed at the Lab shall not be distributed beyond the Lab and its user collaborations without formal release authorization.
- JLAB WEB SITE
Page development is delegated to local webmasters, or individuals responsible for a specific topic. Local webmasters shall be identified at the bottom of the first page. They have the responsibility of maintaining quality, adhering to Lab standards for web publishing, adhering to fair copyright and trademark usage, linking local topics with other Lab pages, and ensuring individuals posting content are familiar with Lab standards and policies. Local webmasters are responsible for ensuring adherence to relevant security practices.
- Consistent with reporting to the CIO for cyber security command and control, monitoring and security measures are at the discretion of the Computer Center Manager and designated Computer Security Officer, who shall immediately report the offending behavior to Human Resources for further action, which may include immediate disconnection of an offending system from the network and immediate revocation of a user account.
- The complete applicable guidelines for use of the Jefferson Laboratory computational resources are available at http://cc.jlab.org/policies/ or in hard copy from the Computer Center.
- INADVERTENT INAPPROPRIATE USE
On occasion an individual may receive unsolicited e-mail or inadvertently access a site that is deemed inappropriate under this policy. The individual will not be held accountable under these circumstances; however, the individual must immediately delete such messages and/or contact the Computer Center for assistance if this unintended activity becomes prevalent.