Office of the Chief Information Officer Enterprise Policy
CIO-087: Internet Usage Review Request Policy
Effective Date: 01/07/2009
Revision Date: 10/26/2016
Reviewed Date: 2/4/2019
Policy Statement: The Commonwealth Office of Technology (COT), Office of the Chief Information Security Officer (CISO), is responsible for establishing procedures for agencies to follow when requesting a review of a staff members’ internet usage.
Policy Maintenance: The COT, Office of the CISO, has the responsibility for the maintenance of this policy. Agencies may choose to add to this policy as appropriate, in order to enforce more restrictive standards. Therefore, staff are to refer to their agency’s internal policy, which may have additional information or clarification of this enterprise policy.
Authority: KRS 42.726 authorizes the COT to develop policies that support and promote the effective application of information technology within the executive branch of state government, as well as information technology directions, standards, and necessary management processes to assure full compliance with those policies.
Applicability: This policy is to be adhered to by all staff, including employees, contractors, consultants, temporaries, volunteers, vendors and other workers within the Executive Branch of state government.
Responsibility for Compliance: Agencies and staff outlined above in “Applicability” are expected to understand and follow these guidelines. Each agency is responsible for assuring that staff within their organizational authority are aware of the provisions of this policy. It is also each Executive Cabinet Agency's responsibility to enforce this policy.
Review Cycle: This policy will be reviewed at least every two years.
Policy: The COT Security Administration Branch within the Office of the CISO, is responsible for providing documentation of a staff members’ internet usage to an agency, upon receipt of a properly authorized request. The purpose of this policy is to provide procedures for cabinets/agencies to follow when requesting internet usage documentation.
Internet usage history, created or maintained by public agencies, meets the statutory definition of a public record in Kentucky. Internet usage history is also available to appropriate agency management for review of their staff members’ electronic communications and activities. The process of obtaining a staff members’ internet usage history will be handled by COT with appropriate sensitivity and will be in accordance to all applicable privacy limitations in current open records statutes.
An agency may request a review of a staff members' internet usage by submitting an Internet Usage Review Request Form (COT-F087) to the, COT Security Administration Branch (COTSecurityEmail_InternetUsageReviews@ky.gov) or the Commonwealth Service Desk (Commonwealthservicedesk@ky.gov).
The request should be initiated by the subject staff members’ direct manager or above and must be signed by executive management within the staff members’ management chain. The request should then be sent to the requesting cabinet's Legal Office for review and approval. After obtaining the appropriate Legal Office signed approval, the Internet Usage Review Request Form should be forwarded to the COT, Security Administration Branch at COTSecurityEmail_InternetUsageReviews@ky.gov. The Security Administration Branch will log the request and send it to the COT Chief Information Security Officer, or his designee, for final approval.
Upon final approval, COT will provide the individual identified as the Agency Legal Counsel/Contact with documentation on the staff members’ internet usage. Once the documentation has been provided to the agency, it is the agency’s responsibility to maintain the documentation as an official copy. Due to the large volume of internet usage that COT manages on a daily basis, COT is not responsible for storing, retaining, or regenerating this documentation.
Agencies should be aware that COT only retains 90 days of Internet Usage.