Or. Admin. Code § 291-086-0050 - Standards for Use of Information Technology by Adults in Custody

(1) No adult in custody shall be permitted to enter, view, update, or manipulate information within information technology systems except as authorized by the functional unit manager or designee and their specific AIC access to information technology form (CD 1426A).

(2) Once an adult in custody has been granted access to an information technology system, the adult in custody shall not be allowed to use the system without specific assignment by supervising employees. No adult in custody shall create, modify, or change programs or scripts that will be used on the department's adult in custody network without the approval of the Assistant Director of Operations and the Information Security Officer or their designees.

(3) An adult in custody shall be supervised at all times while using information technology.

(4) An adult in custody shall only use approved information technology which has been approved and authorized in accordance with these rules.

(5) An adult in custody shall not repair or modify information technology systems except as part of an approved and authorized program.

(6) An adult in custody shall not be allowed direct access to printers or multi-function devices. Printers and multi-function devices for adult in custody use shall be caged or secured to eliminate direct adult in custody access. All print outs shall be reviewed by supervising employees.

(7) An adult in custody shall not view, gather, or store personal data relating to any person other than themselves, unless authorized by the program that are participating in.

(8) An adult in custody shall not control or possess any computer media except that which has been reviewed, approved, and authorized by supervising employees.

(9) An adult in custody shall not utilize information technology outside of the unit or area for which they are approved.

(10) An adult in custody shall not share or divulge their user account password for any reason. When performing routine system checks, the adult in custody supervisor will have the adult in custody enter their password into the system.

(11) An adult in custody shall not be allowed to manage any programs that affect adult in custody assignments or allocations.

(12) No adult in custody shall create or maintain content that is published to an official department website, Oregon Corrections Enterprises website, or external website unless reviewed by supervising employees prior to publishing and as part of an approved and authorized program.

(13) Adults in custody approved for information technology access shall have no expectation of privacy or confidentiality when using information technology. Department of Corrections shall monitor all aspects of Department of Corrections IT systems and such monitoring may occur at any time, without notice, and without the user's permission.

(14) No adults in custody will be present in any room with information technology systems without supervising employees being present.

(15) Adults in custody are prohibited from password protecting files.

(16) Adults in custody shall not use information technology to conduct or otherwise operate a business without authorization.

(17) Adults in custody are prohibited from accessing any wireless network used in the administrative operations of the Department of Corrections or any wireless network used by individuals, organizations, or other entities outside of the Department of Corrections.

(18) Adults in custody are prohibited from consuming food or beverages when using or around information technology.

(19) Adults in custody approved for access are prohibited from using information technology for the following:

(a) To violate copyright laws;

(b) To harass or threaten anyone;

(c) For any illegal activity;

(d) To commit any violation of the department's rules on Prohibited Conduct and Processing Disciplinary Actions (OAR 291-105);

(e) To access pornography;

(f) To access any materials that would not be allowed to be received via the mail in accordance with the department's rules on Mail (AIC) (OAR 291-131);

(g) To upload any program or introduce any virus into any information technology system;

(h) To impersonate any other person, falsely represent themself, or make any other false statement in connection with information technology use;

(i) To intentionally or negligently destroy, damage, or cause a malfunction of any information technology system;

(j) To contact anyone with whom they have a no contact order or who is a victim of a crime committed by them;

(k) To contact anyone on behalf of another adult in custody for any reason; or

(l) To allow another adult in custody access to the individual's user account, user ID, password, or storage locations.

(20) Adults in custody who violate any of these aforementioned prohibitions are subject to any or all of the following: termination of approval for information technology access, disciplinary or other administrative action, or criminal prosecution.

Notes

Or. Admin. Code § 291-086-0050

DOC 17-1999, f. 9-24-99, cert. ef. 10-1-99; DOC 4-2000, f. & cert. ef. 1-13-00 thru 6-19-00; DOC 15-2000, f. & cert. ef. 6-19-00; DOC 10-2004(Temp), f. & cert. ef. 9-28-04 thru 3-27-05; DOC 4-2005, f. 3-18-05, cert. ef. 3-21-05; DOC 23-2024, amend filed 10/14/2024, effective 10/14/2024

Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075

Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075