State of Utah Telecommuting Policy

Approved by the Information Technology Policy and Strategy Committee

November 16, 1995

Telecommuting is a method of reducing air pollution, reducing congestion, conserving energy, increasing employee productivity and efficiency, and retaining a creative, experienced, and diverse work force. This policy is intended to apply to formalized, contractually-agreed upon telecommuting projects where working at an alternate location is a routinely scheduled occurrence. It is not intended for ad hoc, short-term situations where state employees work at home on special occasions to complete specific projects.

Recommended Policy

  1. Telecommuting is neither a universal employee right nor a universal employee benefit; telecommuting is a management option which may be made available to some employees when a mutually beneficial situation exists for the state, the agency, and the employee. Telecommuting contracts may be terminated at any time the beneficial situation ceases to exist for the state or the agency.
  2. Employees may be compelled to telecommute as a condition of employment or continuing employment. The telecommuting employee's work location, work hours and work assignments are a management option. A telecommuting employee may be assigned to a non-conventional office arrangement to optimize office space.
  3. Each agency must establish a telecommuting policy within the framework of state policy.
  4. Every state employee involved in a formal telecommuting project must complete and agree to a telecommuting contract.
  5. Telecommuters will not provide primary care during contractually-agreed upon telecommuting hours for children or elders who would otherwise require a provider's care.
  6. Telecommuting employees should be encouraged to use state-supplied computers for telecommuting, if feasible. No state employee should be compelled to use privately-owned computer equipment. If state equipment is used, the employee must exercise reasonable care for the equipment. The employee may be held liable for damage caused by negligence. If employee-supplied computers are used, the employee must release the state and agency from any and all liability.
  7. Telecommuting employees must comply with all applicable laws, state administrative rules, state policies, and agency rules. The employee may not copy or distribute state-provided software. The employee may not install unauthorized hardware or software on state-owned equipment.

Telecommuter Rules and Policies

Utah Administrative Code - R365-3 Software Copyright, Control, and Licensing

R365-3-5(1) Each state agency and its employees shall comply with computer software licensing agreements and federal laws, including copyright and patent laws.

R365-3-59(2) Provide enough legally purchased copies of computer software to enable all employees to meet managements expectations and reduce any necessity for computer software piracy.

Utah Administrative Code - R365-4 Information Technology Security

  1. Each agency shall implement a computer security program.
  2. Establish a level of security that is consistent with the value and sensitivity of the information technology asset.
  3. Warn anyone who accesses a computer network that:
    1. Unauthorized use may result in prosecution; and
    2. Electronic mail is non-confidential;
    3. Require each employee, contractor and anyone else who is given access to an information technology asset to certify that he understands:
      1. The proper use of the information technology asset; and
      2. His/her obligation to protect the information technology asset.

State of Utah - Information Resource Management Handbook II-203 1 (4/87)

  1. Personal use of the central mainframe is not permitted.
  2. Personal use of departmental systems where funding is based upon a fixed allocation of costs rather than day-to day usage is allowable with written permission.
  3. Personal use of PCs requires written permission from the employee's direct supervisor or other agency director. The following criteria must be met:
    1. Use must offer an opportunity for the employee to increase his/her knowledge. The employee must not accept compensation from any source for the work performed.
    2. Payment for the cost of consumables should be the responsibility of the employee.
    3. Work must be performed after hours, on the employee's personal time.
    4. State facilities for permanent storage of data should not be used.
    5. Work must not conflict with normal agency production.
  4. Software developed on state-owned equipment shall be the property of the state.
  5. Written permission must include the following information:
    1. Name;
    2. Identification of the applicable hardware/software;
    3. Description of planned use and expected benefits;
    4. Person granting permission; and
    5. Effective dates

Utah Administrative Code - R307 Employer-Based Trip Reduction Program

Any federal, state or local entity, or any other public department, district or agency in Salt Lake or Davis counties must reduce the measurable vehicle miles driven by commuting employees. The drive-alone rate must be reduced by twenty percent over the next six years. Telecommuting is one method of reducing drive-alone rates. Other methods are mass transit, ride share, biking and walking. Telecommuting is an option, not a mandate.

Recommendations for Telecommuting Security, Utah Security Users Group, 1995

POINT OF ENTRY VALIDATION

  1. Only dial-in to systems specifically set-up for telecommuting.
  2. Knowledge of dial-in numbers should be limited.
  3. Encryption should be used as the situation requires.
  4. Daily access logs should be created.
  5. File servers that telecommuters attach to should be physically and logically isolated.
  6. Additional software should be considered to enhance the Novell security.
  7. An additional password should be required at point of entry.
  8. Call-back systems may be employed.

NETWORK SECURITY

  1. Each LAN must be kept reasonably secure.
  2. Login ID's should be assigned only to authorized employees and those authorized to access the State's resources.
  3. Each Login ID must have a password.
  4. Passwords should be changed every 30 to 90 days.

SECURITY POLICIES

  1. Confidential data may be used at home. Each agency must have appropriate policies regarding confidential data use at home.
  2. Access to confidential information must be limited and the employee must comply with Government Records Access and Management Act (GRAMA).
  3. All diskettes must be scanned for virus.
  4. Agency data may be uploaded and downloaded.

PHYSICAL SECURITY

  1. Password protected screen savers and password protected booting should be considered. Diskettes and papers should be kept in a locked, secure place.
  2. Surge protectors should be used by all telecommuters.