Category: IS POLICY & PROCEDURE Subject: Use of Computers and Communications Systems Classification: Management Approved Policy Owner: WFH Chief Information Officer Approved by: WFH President and CEO Effective: May 1, 2009 ____________________________________________________________________________________ POLICY: It is the policy of Wheaton Franciscan Healthcare (WFH) that WFH computers and communication systems are used only for business purposes. RATIONALE: This policy establishes the guidelines that define appropriate use of WFH computing systems. It is designed to be in furtherance of WFH’s Mission, Vision and Values as follows: Value of Respect – Our Value of Respect calls us to act in a manner that will not negatively impact the stability of information systems on which other members of the workforce rely. It is important to understand that changes made to any system in a networked environment can easily affect not only that system, but all other systems attached to the same network. Our desire is to provide reliable computer systems and networks for people to work within their daily activities. It is also important to understand that many programs and e-mail attachments are a threat to the integrity of the entire WFH network. Frequently, programs received via e-mail from outside sources appear quite innocent and harmless, but they have already created a variety of problems for the WFH network, hardware and users. They cause memory problems, freeze PC’s, and stop other applications from running correctly. Value of Integrity – Our Value of Integrity requires us to understand and comply with the laws, regulations and policies in place to govern the use of WFH computing systems. This includes those laws relating to copyright of software licenses and documents, images and other materials acquired electronically. Value of Stewardship – Our Value of Stewardship calls us to respect the resources entrusted to us by making decisions about our time and works resources that avoid waste and duplication. SCOPE: This policy applies to WFH’s owned and managed regions and joint ventures that utilize WFH’s information technology. PROCEDURE: WFH Information Services (IS) defines the permissible software packages, operating systems, and settings/configurations that users may run on WFH workstations. IS is responsible for contracting, installing, maintaining, and managing licenses for authorized software packages and operating systems, whether these are installed on individual computers, hosted at the Common Data Center, or made available through an Application Service Provider (ASP). Workforce members must not install software packages, change operating system configurations, upgrade existing operating systems, or install new operating systems on WFH workstations. Copying software is not permitted. In addition, computer equipment supplied by WFH must not be altered or added to in any way (e.g., upgraded processor, expanded memory, or added circuit boards). IS Use of Computers and Communication Systems Page 1 of 2 Requests for software and hardware changes are to be forwarded to IS Customer Service and Support (Help Desk). The IS designee will analyze the request in accordance with established policies and procedures. If approved, implementation will be provided; if rejected, the requestor will be notified with the reason(s) for rejection. IS uses automated management software and systems to remotely determine which software packages are resident on WFH computers, to manage software licenses, and to assist in the maintenance of computer systems and networks. Any unapproved software that is found on WFH computer systems will be removed; if/when possible, advance notification will be given so that required functionality is not unexpectedly removed, however this notification is neither required nor negotiable. Outside users (vendors, guests, speakers, physicians, etc.) must use computer equipment (laptops, projectors, etc.) provided by the WFH/Regional department when they come into our facilities to do presentations or demonstrations. Outside users may not connect to the internal WFH network. If Internet connectivity is needed, some facilities are equipped with a 'guest network' that outside users may connect to and use. If there is no guest network available, or if other connectivity is needed, the WFH/Regional department must contact IS Customer Service and Support (Help Desk) – in advance if possible - to see if arrangements can be made for access. Not all areas within WFH facilities will be able to offer these options to outside users. To ensure computer viruses are not propagated to and through WFH computer systems and networks, workforce members are not to forward or execute programs received from sources not specifically approved by IS. This includes programs that may be received via e-mail or downloaded from the Internet. Additionally, all workstations must have virus screening programs enabled, which are used to scan all software and all e-mail attachments. If users suspect infection by a computer virus (i.e. spyware, virus, Trojans, worms), they must immediately stop using the involved computer and call IS Customer Service and Support (Help Desk) for additional diagnosis and to eradicate the virus. Users must not attempt to eradicate the virus themselves. Any exceptions for personal incidental use of WFH computers or communications systems must have the approval of the department director or higher-level management. Such exceptions can only be approved when such use does not: a. Consume more than a trivial amount of resources that could otherwise be used for business purposes; b. Interfere with workforce member productivity; c. Preempt any business activity; d. Involve any type of solicitation; e. Involve any type of outside, for-profit business activity; f. Violate any restrictions noted in these or other company policies; g. Engage in inappropriate behavior (e.g. written attacks, threats, harassment, acquisition and/or use of materials or information inconsistent with WFH’s Mission, Vision and Values); h. Violate any laws or regulations governing such usage; i. Potentially embarrass WFH or any of its affiliates. j. Require changes to firewall, proxies, or other systems or devices Replaces: IT Regulations 002, 003, 004 and 006 Cross reference: Solicitation, Distribution of Literature and Facility Access policy Information System Access policy Review Period: Two (2) years Original Policy Date: May 1, 2005 Dates Updated: January 2007; May 1, 2009 IS Use of Computers and Communication Systems Page 2 of 2