Information Technology Acceptable Usage Policy

Policy number: 2025-02

Effective date: January 22, 2025

Last revision date: January 22, 2025

On this page

  1. Purpose
  2. Scope
  3. Definitions
  4. Legislative Authority
  5. Policy Administration
  6. Policy Communication
  7. Policy Enforcement and Compliance
  8. Reference

1. Purpose

This Information Technology (IT) Acceptable Usage Policy (AUP) guides users at The Corporation of Haldimand County’s (the County) on the acceptable ways in which information technology assets, infrastructure, and solutions should be used. It seeks to balance users ability to benefit fully from information technology with the County's need for secure and effectively allocated IT resources.

2. Scope

This policy applies to anyone who utilizes Haldimand County information technology assets, infrastructure, and solutions including Members of Council, Members of all Boards and Committees, Volunteers, Volunteer Firefighters, and all Employees of Haldimand County including full-time, part-time, casual, unionized, non-unionized, and Library staff.

This policy applies to all Haldimand County information technology assets, infrastructure, and solutions.

This policy rescinds and replaces Policy No. 2001-08 Information Technology Acceptable Usage Policy.

3. Definitions

3.1  “User” includes anyone who is authorized to utilized any IT information technology asset, infrastructure, or solution of any kind.

3.2  “Infrastructure” includes IT infrastructure components such as servers, storage systems, networking devices, operating systems, and their related software tools.

3.3  “Solution” includes any IT service(s) which map, organize, or manage systems, platforms, and/or data to provide value to the County. IT solutions involve nearly every technology and process the County uses, such as payment platforms, websites, products, and application stacks.

3.4  “Assets” includes any IT device including workstations, laptops, tablets, mobile devices, mobile phones, IT peripherals, or Internet-of-things devices owned and/or maintained by the County.

3.5  “PHIPA” means The Personal Health Information Protection Act.

3.6  “MFIPPA” means Municipal Freedom of Information and Protection of Privacy Act.

4. Legislative Authority

This policy extends and aligns with the Haldimand County Employee Code of Conduct No. 2024-09 and the Council Code of Conduct No. 2024-08, and Electronic Data Collection & Use Policy No. 2022-04.

This policy is in alignment with the recommendations put forth by the Canadian Centre for Cyber Security (the Cyber Centre) and the Government of Canada’s “Government in a digital age” initiatives.

This policy is in alignment with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 1.1.

5. Policy Administration

Corporate information technology assets are provided to enable Haldimand County operations. Anyone who utilizes Haldimand County information technology assets, infrastructure, and solutions are required to utilize those technology assets, infrastructure, or solutions responsibly and respectfully.

Additionally, individuals defined in this policy scope, are responsible for using Haldimand County information technology assets, infrastructure, and solutions in a professional manner and must not engage in activities that are illegal, unethical, or in violation of the Corporation of Haldimand County policies.

All information, stored on or passing through, the Haldimand County’s information technology assets, infrastructure, and solutions remains the property of the municipality. The County reserves the right to access this information in order to ensure compliance with its corporate policies and practices.

6. Policy Communication

This policy will initially be communicated to all staff, via email, from their relevant manager. Future communications to new employees will be via the established Human Resources on-boarding processes.

This policy will be posted to the intranet and on the public website.

Upon adoption of this policy, any user as defined in the policy scope, out of compliance will be required to comply based on the tenets set out in this policy.

Innovation & Technology Services will audit user compliance to this policy and report breaches to the Information Technology Governance Committee.

7. Policy Enforcement and Compliance

The policy ensures the effective and lawful use of information technology assets, infrastructure, and solutions to support Haldimand County’s operations while minimizing risks. Compliance is critical to maintaining the integrity and security of the County’s IT infrastructure and data.

Violations of this policy will be referred to the employee's supervisor. Additionally, the internal Innovation & Technology Governance Committee will be notified of violations in a way which aligns with the Electronic Data Collection & Use Policy No. 2022-04. Violations of this policy may result in disciplinary action imposed by the relevant supervisor, the Chief Information Officer, and/or the Manager, Human Resources. In addition to this policy, all employees must adhere to all relevant legislation, including MFIPPA and PHIPA.

8. Reference

This policy should be read alongside other relevant IT policies including the Digital Account Cybersecurity Policy, the Corporate Mobile Device Usage Policy, applicable collective agreements and policies governing non-union employees, various health and safety policies and guidelines, relevant and applicable legislation, and any other policy that may become applicable and/or relevant.

Contact Us

Haldimand County
53 Thorburn Street South
Cayuga, Ontario
Canada, N0A 1E0

Phone: 905-318-5932

After hours (Road, Sewer, Water or Park & Public Facilities Emergencies): 1-888-849-7345

This website uses cookies to enhance usability and provide you with a more personal experience. By using this website, you agree to our use of cookies as explained in our Privacy Policy.