Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
11 Personnel Security<br />
Sections 11.1 and 11.2 constitute the State <strong>of</strong> Kansas’ Personnel Security <strong>Policy</strong>. This policy<br />
is to be accompanied by defined Personnel Security Mandatory and Non-Mandatory<br />
Procedures and Baselines that are distributed in a companion document.<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
11. Personnel Security <br />
11.1. Acceptable Usage<br />
11.1.1. Establish Acceptable Usage Baselines (6 sets) (6 sets)<br />
11.2. Personnel Operations<br />
11.2.1. Establish Pre-Hiring Processes (4 sets) (3 sets)<br />
11.2.2. Hire Employees in a Structured Fashion (3 sets) (1 set)<br />
11.2.3. Transfer Employees in a Structure Fashion (4 sets) (2 sets)<br />
11.2.4. Terminate Employees in a Structured Fashion (3 sets) (1 set)<br />
11.1 Acceptable Usage<br />
The State <strong>of</strong> Kansas requires users <strong>of</strong> its information systems to conduct themselves<br />
appropriately in regards to upholding and maintaining the security <strong>of</strong> the State’s<br />
information systems and the information they hold. To that end it defines acceptable<br />
usage <strong>of</strong> State information systems and information.<br />
Acceptable usage policies clearly indicate what information system users are and are<br />
not allowed to do. The potential exists that, without these policies, information<br />
system users could violate information security and avoid punitive actions by claiming<br />
to not know about any restrictions in place. This can make it extremely difficult to<br />
enforce the measures outlined in the policy and ultimately lead to a complete<br />
disregard <strong>of</strong> the policy.<br />
The State <strong>of</strong> Kansas will issue, in a separate document, acceptable usage policies<br />
covering the following items:<br />
• Information System usage (which shall include s<strong>of</strong>tware restrictions)<br />
• Data usage<br />
• Internet usage<br />
• E-mail usage<br />
• Telephone and <strong>of</strong>fice equipment usage<br />
Also included within these policies will be an indication <strong>of</strong> the formal sanctions that<br />
can and will be taken against information system users that violate the acceptable<br />
usage policies or any other component <strong>of</strong> this document. Sanctions can include up to<br />
immediate and permanent dismissal with cause.<br />
As a requirement <strong>of</strong> information system access, and as a component <strong>of</strong> security<br />
awareness training, all information system users, whether employees or third parties,<br />
will be required to provided signed acceptance <strong>of</strong> the acceptable usage policies. A<br />
34