Confidential — for Internal Use Only
Associate Handbook August 2016 |
99
CHAPTER 9
INFORMATION SECURITY
ICMA‑RC’s corporate data and computer resources are vital assets. Information Security Department is
responsible for protecting the confidentiality, integrity, and availability of all ICMA‑RC’s information
processing activities, but all associates play a part.
All information traveling over ICMA‑RC’s computer networks is a corporate asset, and the corporation
prohibits the unauthorized access, disclosure, duplication, modification, diversion, loss, misuse or theft of this
information. Further, it bears mention that information belonging to third parties (e.g., information entrusted
to ICMA‑RC in confidence) is also included in this prohibition, as ICMA‑RC is contractually obligated to
keep the information of our clients and partners secure.
In an effort to safeguard ICMA‑RC’s information resources, Information Security & Technical Operations
(ISTO) Division has developed a suite of ICMA‑RC policies all associates must follow. These policies
provide guidance on all levels of interaction with ICMA‑RC’s data and information systems. While there is
no substitute for familiarity with every ISTO-sponsored policy — all of which are available on ICMA‑RC’s
intranet under the heading Computer Security Policies — the following policies provide guidance most
applicable to and most referenced by the largest number of ICMA‑RC associates.
Acceptable Use Policy
This policy provides guidance at the highest level for how ICMA‑RC expects its associates to interact with its
technology and handle its data. Associates will find in its pages handling instructions for sensitive data, password
restrictions, reporting requirements for when equipment is stolen, and social media restrictions. Readers will also
find prohibitions against distributing offensive material, unauthorized access attempts, and probing electronic
security measures. All associates must read and sign the ICMA‑RC Acceptable Use Policy annually.
Internet Use Policy
This policy provides detailed guidance on acceptable Internet use on or through ICMA‑RC information
systems. Specifically, the document provides direction on the use of proper security controls when
transmitting ICMA‑RC data, as well as information regarding ICMA‑RC Internet-monitoring practices. This
document also details ICMA‑RC Web-surfing limitations, and prohibitions against excessive personal Internet
use, illegal use, and attempts to circumvent ICMA‑RC’s Internet security controls.
Password Security Policy
In the ICMA‑RC Password Security Policy (and its associated standard), you will find the corporation’s
password complexity requirements, including specific, minimum construction standards user and
administrator passwords must meet to be acceptable. You will also find information regarding ICMA‑RC
password testing, handling, and limitations on password use.
Remote Access Policy
The ICMA‑RC Remote Access Policy defines the minimum acceptable measures required for accessing