Mendocino County Grand Jury
• 2015-2016
Mendocino County Policy 22 Who Has Access?
⚠️ Translation Notice: This content has been automatically translated. The original English text is the official version. Translation may contain errors.
⚠️ Este contenido ha sido traducido automáticamente. El texto original en inglés es la versión oficial. La traducción puede contener errores.
Findings and Recommendations 4 findings
F1
Policy 22 is obsolete and requires updating and formal adoption by the BOS.
Related Recommendations (3)
R1
Policy 22 be updated by the IT department in cooperation with County Administration and adopted by the BOS as soon as possible. This policy update should define the circumstances by which email access is requested and granted, and must require maintenance of a log of all such transactions. (F1 –
R2
The County acquire email software that adequately allows for super-user segregation of certain sensitive email accounts and provides management access to employee email only under circumstances as defined by County policy. (F1- F3).
R3
The County adopt in its revised Policy 22, a best business practice to restrict the Mail Auditor function to one vetted employee. (F1-F3).
F2
The current Unlimited Mailbox software does not adequately allow for super-user segregation of certain sensitive email accounts, e.g. Sheriff, DA, County Counsel, Board of Supervisors, Grand Jury.
Related Recommendations (2)
R2
The County acquire email software that adequately allows for super-user segregation of certain sensitive email accounts and provides management access to employee email only under circumstances as defined by County policy. (F1- F3).
R3
The County adopt in its revised Policy 22, a best business practice to restrict the Mail Auditor function to one vetted employee. (F1-F3).
F3
The limitations of the County email software that allows unrestricted super-user access to employee email by County management puts the County at risk for violating the protected nature of some communications, lends itself to abuse by County management, and exposes the County to unnecessary liability.
Related Recommendations (2)
R2
The County acquire email software that adequately allows for super-user segregation of certain sensitive email accounts and provides management access to employee email only under circumstances as defined by County policy. (F1- F3).
R3
The County adopt in its revised Policy 22, a best business practice to restrict the Mail Auditor function to one vetted employee. (F1-F3).
F4
The current bargaining ground rule that allows employee access to the County’s email system for the purposes of bargaining is in direct conflict with provisions of Policy 22, which does not permit email use for non-county business.
Related Recommendations (1)
R4
The County’s bargaining agent and the union consider modifying the mutually agreed-upon ground rules to prevent unlimited employee use of the County’s email system for the purpose of bargaining, at the earliest opportunity. (F4). Required responses: Pursuant to Penal Codes §933 and §933.05, responses are required from the following: Board of Supervisors – (All Findings and Recommendations) Chief Executive Officer – (All Findings and Recommendations) Requested responses: Pursuant to Penal Codes §933 and §933.05, responses are requested from the following: County Counsel – (All Findings and Recommendations) IT Manager –Findings (1-3) and Recommendations (1-3) Reports issued by the Civil Grand Jury do not identify individuals interviewed. Penal Code §929 requires that reports of the Grand Jury not contain the name of any person or facts leading to the identity of any person who provides information to the Civil Grand Jury.