Policy Text
SACRAMENTO POLICE DEPARTMENT
GENERAL ORDERS
GO 320.03
Page 1 of 4
320.03
COMPUTER DATA SECURITY SYSTEMS
02-28-17
PURPOSE
The purpose of this order is to provide guidelines for the security of electronic information and computer
equipment (hardware and software).
POLICY
It shall be the policy of the Sacramento Police Dep artment to provide for the security and integrity of
computerized systems and documents accessed by employees or authorized persons acting as agents of the
Department.
PROCEDURE
A. DEFINITIONS
1. COMPUTER SYSTEM - All computer hardware (attached or not attached to the Department Network),
software, removable media and resources owned, leased, rented, or licensed by the Sacramento Police
Department that are provided to Department employees for official use.
2. HARDWARE - Shall include, but is not limited to, comput ers, computer terminals, network equipment,
computer peripheral equipment , or any other tangible related devices generally understood to comprise
hardware.
3. SOFTWARE - Shall include, but is not limited to, a collection of computer programs, procedures , and
documentation that perform tasks on a computer system. This does not include files created by
individual users using software.
4. REMOVABLE MEDIA - Storage media which can be removed from its reader device, conferring
portability on the data it carries. Remo vable media shall include, but is not limited to hard drives, flash
drives, CDs, CD -Rs, DVD -Rs, memory sticks, and floppy discs.
5. ELECTRONIC FILES - Any temporary or permanent electronic document, information , or data residing
or located, in whole or in par t, on the Department computer system, including but not limited to
spreadsheets, calendar entries, appointments, tasks, notes, letters, reports, or messages.
6. NETWORK - The interconnected system of computers within the Department that allows various
computi ng systems to communicate with each other .
B. PUBLIC SAFETY INFORMATION TECHNOLOGY (PSIT)
1. PSIT shall
a. Ensure electronic information and computer systems are used for official business purposes only
and in compliance with Department policies and procedures and any pertinent Federal, State , and
local laws.
b. Ensure proper disposition and security of Departmental electronic informat ion, records, and
documents.
c. Be solely responsible for the movement and installation of all Department computer equipment.
d. Approve all c omputer -related purchases that are submitted to the Fiscal Division for procurement.
2. PSIT shall be responsible for
a. Entry, update, and/or deletion of employee network access and attributes when employees are
assigned or move from their assigned areas.
b. Initial and/or temporary updating of access code passwords.
c. Assisting the Internal Affairs Division (IAD) regarding computer system violations.
3. PSIT shall observe and report on the physical security of computer equipment. They shall do research
and make recomme ndations on compute r security changes, uses , or new applications.
C. RECORDS SECURITY
1. Each office/division shall establish procedures for the storage of confidential electronic media materials.
NOTE: All procedures shall be approved by the PSIT Manager prior to implementation.
2. Internal Affairs Division (IAD) reports and disciplinary actions shall be stored on a dedicated secured
server accessible only by IAD and , when permissible , PSIT.
SACRAMENTO POLICE DEPARTMENT
GENERAL ORDERS
GO 320.03
Page 2 of 4
a. Personnel preparing confidential personnel material shall submit removabl e media with the hard
copy and original notes to the originator of the material when preparation is complete.
b. Back up copies of confidential non -personnel material shall be secured in the appropriate division
supervisors' office in a manner to maintain data integrity and security.
3. The only information authorized to be stored on Department computer systems shall be
a. Department approved software.
b. Authorized software created by City/Department employees.
c. Electronic files commonly used by Department personnel.
d. Non-confidential documents/databases.
NOTE: Exceptions shall be approved by the appropriate Division Commander.
4. When using removable media employees shall
a. Only use removable media that has been approved by PSIT for departmental work.
b. Ensure that all departm ental materials stored on removable media is password protected.
5. Employees and volunteers shall
a. Complete an Employee Computer Security Acknowledgement form (SPD 214) before receiving
access to data.
b. Protect their assigned password and restrict it to their own official use.
c. Periodically change their assigned password to protect its confidentiality when prompted to do so.
6. Employees and volunteers shall not
a. Use another employee's password or attempt to access other employees’ accounts that are
password protect ed unless otherwise authorized.
b. Access criminal history files for pre -employment, licensing, or certification purposes, except as
provided for by law.
c. Access any computer databases or manual records for other than law enforcement purposes.
d. Access computer databases on themselves or others for training or any other purposes.
e. Access, print, or reproduce a confidential record on any employee for other than law enforcement
purposes without supervisory authorization.
f. Store personal files or files of a non -busine ss nature on Department -issued computers or
removable media.
7. All electronic files stored on Department computers systems are subject to search.
8. Employees or volunteers misusing any computer system or manual records information are subject to
criminal prose cution as well as Departmental disciplinary action.
D. ACCESS TO PUBLIC SAFETY COMPUTERS AND TELECOMMUNICATION ROOMS
1. The Department is mandated by the California Department