EN BANC
A.M. No. 05-3-08-SC
RE: COMPUTER GUIDELINES AND POLICIES
Gentlemen:
Quoted hereunder, for your information, is a resolution of this Court dated MAR 15 2005.
The Court Resolved to NOTE the Letter dated 4 February 2005 of the Computerization Committee, submitting hard and soft copies of the draft Computer Guidelines and Policies which would provide general rules and procedures to an efficient, effective and secured use of the Information Technology (IT) facilities and resources.
The Court further Resolved to APPROVE the aforesaid draft Computer Guidelines and Policies, to wit:
Computer Guidelines and Policies
BACKGROUND
These general guidelines are being issued to guide authorized users to an efficient, effective and secured use of the computer system of the Supreme Court (SC) as part of the Information and Communications Technology (ICT) program of Chief Justice Hilario G. Davide, Jr. These guidelines are being initiated by the Management Information Systems Office (MISO) and approved by the SC Committee on Computerization* in accordance with the vision and mission of the Court.
SECTION I. PURPOSE
These policies aim to provide general guidelines to all users/employees of the judiciary in using the Information Technology (IT) facilities and resources of the Supreme Court (SC).
SECTION II. GENERAL POLICY STATEMENT
The use of IT facilities and computer resources provided by SC entails responsibility to use these resources in an efficient, ethical and lawful manner consistent with the mission and vision of the Court. To this end, every user must use SC's computer resources in a responsible, professional, and ethical manner and within legal and proper boundaries.
SECTION III. SCOPE AND APPLICATION
These policies and guidelines shall apply to all personnel employed by, or contracted by the SC and the Lower Courts (LC), its agencies and offices, including trainees, who are authorized to use IT facilities and resources.
These guidelines cover the proper use of the IT facilities and resources of the Judiciary, which includes but not limited to all IT equipment, software, data in all formats, accessories, networking facilities, and services whether central or remote [including information retrieval services for the public such as web browsing through the worldwide web (www) and file transfer (upload/download).
For purposes of implementing these policies, any other equipment, computer unit, or external network, when attached to, or used to access and/or interact with any component of the IT facilities and resources of the Court, shall also be considered part of the Court's IT system.
SECTION IV. DEFINITION OF TERMS
The definition of terms herein provided may be updated from time to time to include new equipment and services as well as new perspectives and developments in the use of IT facilities and resources.
For purposes of these guidelines, the following terms and phrases shall be understood as follows:
Access - means to connect to a computer system or server that enables one to get online and to browse, retrieve data, and communicate electronically through an internet service provider (ISP) via a modem or through network such as an Office local area network (LAN).
Authorized Users - refer to all employees, consultants, temporary workers, and other persons authorized by the Court to use its computer resources including but not limited to the following:
1. current employees of SC either permanent, casual, or contractual;
2. others whose access and usage are specifically authorized to use a particular computer or network resource by the Court or the MISO;
3. individuals connecting to a public information service.
Electronic Mail (E-mail) - refers to electronically transmitted mail.
IT Facilities and Resources - include but are not limited to all IT equipment, software, data in all formats, accessories, networking facilities, and services, whether central or remote, including information retrieval services for the general public.
Internet - refers to a system of linked computer networks, global in scope, that facilitates data communication services such as remote login, file transfer, electronic mail, and news/groups. The Internet is a way of connecting existing computer networks that greatly extends the reach of each participating system.
Local Area Network (LAN) - refers to a network that connects computers in a small pre-determined area like a room, a building, or a set of buildings. LANs can also be connected to each other via telephone lines, and radio waves. Workstations and personal computers in an Office are commonly connected to each other with a LAN. These allow them to send/receive files and/or have access to the files and data. Each computer connected to a LAN is called a node.
Minimal Additional Expense - is a user's limited allowable personal use of government office equipment such as when government is already providing equipment or services and the use of such equipment or services will not result in any additional expense to the Government, but only normal wear and tear or small amounts of electricity, ink, toner or paper. Minimal additional expenses include, making a few photocopies, use of a computer printer to print a few pages of material, infrequently sending personal e-mail messages, or limited use of the Internet for personal reasons.
Network - refers to a communications system that links two or more computers. It can be as simple as a cable strung between two computers a few feet apart or as complex as hundreds of thousands of computers around the world linked through fiber optic cables, phone lines and satellites or other electronic means.
Official Government Business - refers to usage in the performance of work-related duties and/or officially authorized activities.
Personal Use - refers to use other than official government business.
Private Files - refer to information that a user would reasonably consider as private. These include the contents of electronic mail boxes, private file storage areas of individual users, and information stored in other areas that are not public, even if no measure has been taken to protect such information.
Privilege - means that employees may use government property to create a more supportive work environment. However, these policies shall not create a right to use government office equipment for non-government purposes. The privilege shall not extend to modifying such equipment, including loading personal software or making configuration changes.
User Account - refers to a unique identifier which may consist of an account name and a password. This allows the account holder to access network facilities and resources either through a local area network (LAN) or the Internet.
SECTION V. IT FACILITY AND RESOURCES SECURITY MANAGEMENT UNDER THE MIS OFFICE
The authority and responsibility to install, upgrade or modify any hardware or software rests solely on the MISO and its personnel duly authorized by the chief of MISO.
V.1 The IT facilities and resources
The IT facilities and resources include but are not limited to the following:
1. All cabling used to carry voice and data.
2. All devices to control the flow of voice and data communication, such as hubs, routers, firewalls, switches, and the like.
3. Monitors, storage devices, modems, network cards, memory chips, keyboard, cables and accessories.
4. All computer software including applications, utilities, tools, and databases.
5. All output devices including printers, fax machines, CD writers and similar devices or equipment.
V.2 Responsibilities
The MISO shall have the following duties and responsibilities in implementing these policies:
1. Software Upgrades. The following are considered modifications: installing patches provided by the software supplier or downloaded from the internet; installing anti-virus; installing new versions of the operating system or any Office applications, e.g., word-processing or spreadsheet applications.
2. Systems Inspection and Deletions. The MISO or its authorized personnel may delete files or software that are unauthorized, provided that this deletion or modification is done in the presence of the user or his immediate supervisor.
3. Hardware Maintenance. The MISO or its authorized personnel is the only authorized entity to inspect any ICT equipment. Equipment, software or services under warranty shall not be altered or inspected by unauthorized personnel.
4. Equipment Movements. The MISO or its authorized personnel is the only entity permitted to move or transport equipment from one location to another, except for mobile computers such as notebooks, laptops, and wireless user devices.
5. Authority to Secure Equipment and Services. The MISO or any authorized personnel, shall have the responsibility to maintain security of internet resources against intrusion and destruction. It is tasked to research security and disaster recovery matters to maintain a high degree of reliability of the systems.
SECTION VI. USER RESPONSIBILITY
In using or accessing government computer equipment and resources, users must comply with the following guidelines:
VI.1 System Access Requirements
Access privilege through a user account shall be extended to all authorized users of the Court. An authorized user shall be given a unique login name and password to gain access to the Court's IT facilities and resources,
User ID/Name. The MISO shall issue a standardized naming convention and format of usernames.
Responsibility for Passwords. Users shall be responsible in safeguarding their passwords for access to the computer system. Individual passwords shall not be printed, stored online, or given to others. Users shall be responsible for all transactions made using their passwords. No user shall access the computer system by using another user's password or account.
Exception: Justices, judges, office or agency heads of the SC may approve the use of the IT facilities and resources beyond the scope of this access policy under the following conditions:
1. the intended use of IT facilities and resources serves a legitimate office interest;
2. the intended use of IT facilities and resources is for the individual's educational purposes and development;
3. the use and time of access will be properly logged and reported to the MISO including the username used for such purpose. No new username or password shall be issued during such use.
4. the authorized user shall be held accountable for damages that may be arise due to the improper use of the password as provided herein.
VI.2 User Limitations
Accessing Other User's Files. A user shall not access, alter or copy a file belonging to another user without first obtaining permission from the owner of the file. Ability to read, alter, or copy a file belonging to another user does not imply permission to read, alter, or copy such particular file. Users shall not use the computer system to "snoop" or pry into the affairs of other users by reviewing the files and email.
Accessing Other Computers and Networks. A user's ability to connect to other computer systems through the network or a modem shall not imply a right to connect to those systems or to make use of those systems unless specifically authorized by the operators of those systems.
Use of Other Public Information Services. Each user is responsible to ensure that the use of outside IT resources and networks, such as the Internet, shall in no way compromise the security of SC's IT/computer resources. This duty includes taking reasonable precautions, as provided but not limited to those stated in this policy, to prevent intruders from accessing the court's network without proper authorization and to prevent the introduction and spread of viruses.
VI.3 Security Guidelines
Ownership and Right to Monitor. All IT facilities and resources as defined herein are owned by the SC. For this purpose, the Court reserves the right to monitor and/or log all network-based activities. The user shall be responsible to surrender all passwords, files, and/or other required resources if requested to do so, by proper authorities in the presence of his/her office head, or persons authorized by the Court.
The Supreme Court reserves the right to hold the users liable for damages caused by the user's failure to protect the confidentiality of his or her password in accordance with these guidelines.
Reporting of Troubles or Problems. Users shall report to the MISO suspected abuse, damage to, or problems with their files. Failure to cooperate may result to cancellation of access privileges, or other disciplinary actions. Users shall fully cooperate with system administrators in any investigation of system abuse.
Contact Person or Unit. Exception and trouble reports shall be made or relayed to the MISO so that appropriate action can be taken to address the problem.
System Managers/Administrators to Employ Monitoring Tools to Detect Improper Use. Electronic communications may be disclosed within an agency or department to employees who have a need to know in the performance of their duties. Agency officials, such as system managers and supervisors, may access any electronic communications.
SECTION VII. VIRUS PREVENTION
VII.1 General Guidelines
Each user shall take reasonable precautions to ensure that he or she does not introduce viruses into SC's computer network. All materials received on floppy disk or other magnetic or optical medium and all materials downloaded from the Internet or from computers or networks that do not belong to the Court MUST be scanned for viruses before being placed into the computer system.
VII.2 Authorized Anti-Virus Program
No anti-virus programs are allowed to be installed in any SC computer, whether standalone or networked, except those prescribed by the MISO or the personnel authorized by the Office Head.
Installation. Users may install these anti-virus programs subject to instructions, which shall be made available by the MISO or the authorized personnel. The installation can be made through the network.
Announcements and Updates. The MISO shall be responsible for the daily updating of the anti-virus program located in the servers. The MISO shall periodically give advisories to all users to keep them informed of the best practices to combat viruses.
VII.3 User Responsibility in Anti-Virus Protection.
The user shall be responsible to keep his or her anti-virus programs updated regularly -at least every week using only prescribed programs by the MISO.
Accessing the Internet. To ensure security and avoid the spread of viruses, users authorized to access the Internet through a computer attached to SC's network shall do so through an approved Internet firewall.
SECTION VIII. INTERNET USE POLICY
The internet can be a valuable source of information and research. Thus, certain users or offices may be provided with access to the internet to assist them in the performance of their jobs. Use of the Internet, however, must be tempered with good judgment in order to maximize its allocated time of usage, without creating unnecessary network traffic.
VIII.1 Authorized Internet connection.
Only authorized personnel are allowed to have an Internet access or connection to their computer. This account, approved by the Chief Justice, is provided to the users so as to facilitate the task of gathering information. Direct connection to the internet without proper approval from the Chief Justice is strictly prohibited and users found violating this policy may be held responsible for any security breaches and possible virus propagation and intrusion on the network. The use of prepaid internet connections and such other modes without prior authority from the Court is strictly prohibited.
Authorized users shall access the internet by using computers that are NOT connected to the LAN of the SC to avoid the spread of viruses that may be downloaded from the internet. A user may access the internet using a computer that is connected to the LAN of the SC, provided that a written approval from the Office of the Chief Justice duly endorsed by the MISO is secured. A user accessing the internet through a computer connected to LAN without such approval may be held liable for security breaches or virus intrusion that may occur in the network.
VIII.2 Remote Access Privileges.
The Supreme Court through the MISO provides remote connection to authorized users to the network resources and to the internet, subject to the following conditions:
User-maintained Equipment. The authorized user shall be responsible for the computer, modem and phone line, and all accessories that are used to connect to the SC IT resources and the internet.
User Account and Password. Authorized users shall be provided a user account and password to connect to the remote services. The user shall be responsible to keep this user account and password confidential, and to keep all information regarding remote network access confidential. Propagating remote access details is considered a security breach and shall constitute ground for administrative sanction.
SECTION IX. E-MAIL AND OTHER INTER-OFFICE ELECTRONIC COMMUNICATION FACILITIES
IX.1 Users' Duty of Care
Users shall endeavor to make each electronic communication truthful and accurate. Reasonable care in drafting e-mail and other electronic communications shall be observed as with any other written communication. Any document created or stored on the computer system may be subject to review and inspection upon authority of the Court.
IX.2 Prohibited Uses
The following shall be considered prohibited acts:
1. Sending, receiving, downloading, displaying, printing, or otherwise, disseminating material that is sexually explicit, profane, obscene, harassing, fraudulent, racially offensive, defamatory, or such other similar unlawful information;
2. Disseminating or storing commercial or personal advertisements, solicitations, promotions, destructive programs (that is, viruses or self-replicating code), political information, or any other unauthorized material;
3. Sending mass mailings or chain letters, spending excessive amounts of time on the internet, playing on-line and intranet games, engaging in online chat groups or otherwise creating unnecessary network traffic; and
4. Such other acts or communications that damage the integrity, reliability, confidentiality and efficiency of the IT facilities and resources as well as other records and documents of the Supreme Court.
IX.3 No Privacy in Electronic Communications.
Users must never consider electronic communications to be private or secure. E-mail and other electronic communications may be stored indefinitely on any number of computers other than the recipient's.
The Supreme Court, reserves the right to monitor and/or log all network-based activities. The user is responsible for surrendering all passwords, files, and/or other required resources if requested to do so in the presence of his/her Office Head, or persons properly authorized by the Court.
SECTION X. PROPER USE AND PROHIBITED ACTS IN UTILIZATION OF THE INFORMATION TECHNOLOGY FACILITIES AND RESOURCES
X.1 General Principles in Proper Use.
A user may access only those services and parts of the IT facility and resources of SC that are related to or consistent with his or her duties and responsibilities. The IT facility and resources of SC shall only be used in accordance with its authorized purpose.
X.2 Prohibited Uses and Acts.
The following are considered violations in the utilization of the SC IT facilities and resources:
1. Use of the Court IT Facilities and Resources for Criminal Activities as Defined Under the Revised Penal Code and Other Special Laws, including but not limited to the E-Commerce Act of 2000 and the Intellectual Property Code.
2. Use of Copyrighted Material Without Attribution. These include but are not limited to copying, reproduction, dissemination, distribution, use, importation, removal, alteration, substitution, modification, storage, uploading, downloading, communication, publication or broadcasting of copyrighted material not property attributed; and infringement of intellectual property rights belonging to others through the use of telecommunications networks, which is a criminal offense under Section 33(b) of the Electronic Commerce Act.
Section 33 of RA8792, the E-commerce law, states " Piracy or the unauthorized copying, reproduction, dissemination, distribution, importation, use, removal, alteration, substitution, modification, storage, uploading, downloading, communication, making available to the public, or broadcasting of protected material, electronic signature or copyrighted works including legally protected sound recordings or phonograms or information material on protected works, through the use of telecommunication networks, such as, but not limited to, the internet, in a manner that infringes intellectual property rights shall be punished by a minimum fine of one hundred thousand pesos (P100,000) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years."
3. Morally Offensive and Obscene Use. Accessing, downloading, producing, disseminating, or displaying material that is offensive, pornographic, racially abusive, culturally insensitive, or libelous in nature. Material that is fraudulent, harassing, embarrassing, sexually explicit, profane, obscene, intimidating, defamatory, or otherwise unlawful or inappropriate shall not be sent by email or other form of electronic communication (such as windows messaging, bulletin board systems, news groups, chat groups) or displayed on or stored in the Supreme Court's computers. A user who encounters or receives this kind of material shall immediately report the incident to their supervisors.
4. Hacking, Spying or Snooping. Accessing or attempting to gain access to archives or systems of the Supreme Court that contain, process, or transmit confidential information as well as accessing, or attempting to access, restricted portions of the system, such as e-mail lists, confidential files, password-protected files, or files that the user has no authorization to open or browse shall be prohibited and shall carry the penalties under Section 33 of the E-commerce Law and shall be subjected to Administrative Sanctions independent of the penalties provided under the E-commerce Law.
Further, authorized users shall not exceed their approved levels of access, nor shall they disclose confidential information to unauthorized persons.
5. Plagiarism. Prohibited acts include, but are not limited to, copying a computer file that contains another person's work and submitting it for one's own credit, or, using it as a model for one's own work, without the consent or permission of the owner or author of the work; submitting the shared file, or a modification thereof, as one's individual work, when the work is a collaborative work, or part of a larger project; and such other related acts of cheating.
6. Uses for Personal Benefit, Business or Partisan Activities
a. Commercial Use. Use of the IT facility and resources of SC for commercial purposes, and product advertisement, for personal profit, unless allowed under other written Office policies or with the written approval of a competent authority.
b. Use for any partisan activities. Use of IT facility and resources of the SC for religious or political lobbying, for disseminating information or gathering support or contributions for social, political or cause-oriented group, which are inconsistent with the activities of the Court.
7. Acts that Damage the Integrity, Reliability, Confidentiality and Efficiency of the IT Facilities and Resources. These include but are not limited to:
a. Virus infection due to connection of the IT facilities and resources of the SC to any computer unit or external network;
b. Acts that attempt to crash, tie up, or deny any service on the IT facility and resources of the SC, such as, but not limited to: sending of repetitive requests for the same service (denial-of-service); sending bulk mail; sending mail with very large attachments such as videos and pictures; sending data packets that serve to flood the network bandwidth;
c. Concealment, deletion, or modification of data or records pertaining to access to the IT facility and resources of SC at the time of access, or alter system logs after such access for the purpose of concealing identity or to hide unauthorized use;
d. Concealment of identity, or masquerading as other users when accessing, sending, receiving, processing or storing through or on the IT facility and resources of SC.
8. Unauthorized Disclosure. Copying, modification, dissemination, or use of confidential information such as, but not limited to: mailing lists; employee directories of any sort; operations data; research materials, in whole or in part, without the permission of the person or body entitled to give it as well as searching, or providing copies of, or modifications to, files, programs, or passwords belonging to other users, without the permission of the owners of the said files, programs or passwords.
9. Distribution or Dissemination of Prohibited Materials, as considered under this policy include but are not limited to the following:
a. Any collection of passwords, personal identification numbers (PINs), private digital certificates, credit card numbers, or other secure identification information;
b. Any material that enables others to gain unauthorized access to a computer system. This may include instructions for gaining such access, computer code, or other devices.
c. Any material that permits an unauthorized user, who has gained access to a system, to carry out any modification of the computer programs or data stored in the system; and
d. Any material that incites or encourages others to carry out unauthorized access to or modification of a computer system.
10. Improvident Use of Resources. Users may not deliberately perform acts that waste computer resources or unfairly monopolize resources to the exclusion of others. These acts include, but are not limited to:
a. sending mass mailings or chain letters;
b. spending excessive amount of time on the internet;
c. playing online or network games;
d. engaging in online chat groups;
e. printing multiple copies of documents;
f. printing unnecessary documents, files, data, or programs;
g. repeated posting of the same message to as many newsgroups or mailing lists as possible, whether or not the message is germane to the stated topic of the newsgroups or mailing lists targeted.
h. sending large unsolicited files to a single e-mail address or other electronic communications facilities.
i. or otherwise creating unnecessary network traffic
11. Unauthorized Repair of IT Facilities and Resources. Only MISO personnel or personnel allowed by the court (suppliers, contractors, other similar agency) are authorized to repair, open, remove, disconnect or check the court's computer resources. Users are prohibited to open, remove, disconnect or detach any peripherals or devices, especially inside the computer, without the written approval of the Chief of MISO. Users who violate this policy may be held liable for any loss or damage to government office equipment or resources.
SECTION XI. UPDATE TO COMPUTER USE POLICY
The Supreme Court, through the MISO, may update the policy considerations provided herein as often as necessary.
SECTION XII. INCORPORATION OF OTHER RULES
All pertinent provisions of law, Civil Service rules and issuances of the Supreme Court governing or regulating the conduct of public officers and government employees and the use of information technology in government service and in the courts, are deemed incorporated into these guidelines.
Very truly yours,
(Sgd.) LUZVIMINDA D. PUNO
Clerk of Court
* The SC Committee on Computerization is composed of: Justice Artemio V. Panganiban (Chairman), Justice Consuelo Ynarez-Santiago, Justice Angelina Sandoval-Gutierrez, Justice Antonio T. Carpio, Atty. Ivan John E. Uy and Dir. Evelyn Toledo-Dumdum (members).