The URL can be used to link to this page

Home My WebLink AboutComputing Devices, Electronic Mail, and Internet UseIdaho Department of Correction Standard Operating Procedure Title: Computing Devices, Electronic Mail, and Internet Use 1 of 9 141.00.06.008 Version: 5.0 Adopted: 02/02/2001 Whitney Ascuena-Bolt, Chief of Staff, approved this document on 09/22/2025. plan. SCOPE This standard operating procedure (SOP) pertains to all Idaho Department of Correction (IDOC) employees. Section 5 pertains to residents housed in IDOC facilities. Version Summary was a revision within the last six months, then you may combine both summaries.] TABLE OF CONTENTS Scope ........................................................................................................................................ 1 Table of Contents ....................................................................................................................... 1 A. Statutory Authority ............................................................................................................ 2 B. Board of Correction IDAPA Rule ...................................................................................... 2 C. Governing Policy .............................................................................................................. 2 D. Purpose ........................................................................................................................... 2 E. Responsibility ................................................................................................................... 2 F. Definitions ........................................................................................................................ 3 G. Standard Procedures ....................................................................................................... 4 1. Introduction .................................................................................................................. 4 2. Use of Computing Devices ........................................................................................... 4 3. Artificial Intelligence ..................................................................................................... 4 4. Inappropriate Use of Computing Devices ..................................................................... 5 5. Prohibited Computing/Electronic Device Usage by Residents ...................................... 5 6. Authorized Software and Hardware .............................................................................. 5 7. Inappropriate Information and Images .......................................................................... 6 8. Internet ......................................................................................................................... 6 9. Electronic Mail .............................................................................................................. 6 10. Training .................................................................................................................... 7 Document Number: 141.00.06.008 5.0 Title: Computing Devices, Electronic Mail, and Internet Use Page Number: 2 of 9 Idaho Department of Correction 11. Confidentiality........................................................................................................... 7 12. IT Security and Operations Access ........................................................................... 7 13. Access for Inquiry or Investigation ............................................................................ 7 14. Violation of Policy ..................................................................................................... 9 H. References ...................................................................................................................... 9 A. STATUTORY AUTHORITY 1. Idaho Code § 20-217A, Appointment of Director – Salary – Powers and Duties 2. Idaho Code § 20-219, Probation and Parole Supervision and Training – Limited Supervision - Rulemaking 3. Idaho Code § 20-244, Government and Discipline of the Correctional Facility – Rules and Regulations B. BOARD OF CORRECTION IDAPA RULE None C. GOVERNING POLICY Policy 141, Computing Devices, Electronic Mail, and Internet Use D. PURPOSE 1. The purpose of this SOP is to establish standards for the use of computing devices, electronic mail, and internet for IDOC employees using department computing devices and software. 2. The purpose of section 5 is to establish guidelines restricting resident use of computing and other electronic communication devices. E. RESPONSIBILITY 1. Director or designee The director or designee is responsible for approving this SOP and ensuring its use and implementation. 2. Chief of the Management Services Division The chief of management services or designee is responsible for overseeing and monitoring the provisions herein. 3. IT Management The IT managers are responsible for implementing this SOP and for ensuring compliance. 4. SIU Chief Investigator The head of the special investigations unit or designee is responsible for conducting administrative investigations regarding compliance with this policy. 5. Deputy Attorneys General Document Number: 141.00.06.008 5.0 Title: Computing Devices, Electronic Mail, and Internet Use Page Number: 3 of 9 Idaho Department of Correction The deputy attorney general (DAG) are responsible, if authorized by the director or deputy director, to review information as described in this policy in connection with legal actions or external requests for information. F. DEFINITIONS 1. Artificial Intelligence: Artificial intelligence (AI) refers to computer systems that can work on their own to some degree. They can learn and improve after they are made. Based on the information they receive, they can make guesses, create content, give suggestions, or make decisions that can affect real-world or digital situations. 2. Client: A person who has been convicted of a crime against the laws of the state and ordered into the care and custody of the Board of Correction. The term client includes any use in Idaho law, Board of Correction rule, or IDOC policy or procedure of the terms “offender(s),” or any other term referring to a person on probation or parole supervision under the custody of the Board of Correction. 3. Computing Devices: Electronic devices controlled by a central processing unit (CPU) that can accept software, such as a computer, laptop, tablet, mobile phone, etc. 4. Correctional Management System (CMS): a digital platform used by correctional agencies to store, manage, and analyze comprehensive data about individuals throughout their entire criminal justice process, including intake, sentencing, incarceration, parole, and probation, allowing for informed decision-making regarding their supervision and rehabilitation. This includes systems such as Reflections, CIS, and Atlas. 5. Idaho Public Safety and Security Information System (ILETS): A dedicated data communications network that links local, state, and federal criminal justice agencies to state records and files and to the National Crime Information Center (NCIC) system. (The Idaho Public Safety and Security Information System was previously known as the Idaho Law Enforcement Teletypewriter/Telecommunication System.) 6. Local Area Network (LAN): A network of personal computers in a small area (such as an office) that are linked by cable, can communicate directly with other devices in the network, and can share resources. 7. Peripheral: An input device that sends data or instructions to the computer, such as a mouse, keyboard, printer, etc. 8. Personal Identifiable Information (PII): Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual. 9. Resident: A person who has been convicted of a crime against the laws of the state and ordered into the care and custody of the Board of Correction. Resident includes any use in Idaho law, Board of Correction rule, or IDOC policy or procedure of the terms “offender(s),” “prisoner(s)”, “inmate(s)”, “incarcerated person(s)”, or any other term referring to a person residing in a correctional facility in the care and custody of the Board of Correction. Document Number: 141.00.06.008 5.0 Title: Computing Devices, Electronic Mail, and Internet Use Page Number: 4 of 9 Idaho Department of Correction 10. Wide Area Network (WAN): A network of personal computing devices in a large area (such as statewide) that are linked by cable, can communicate directly with other devices in the network, and can share resources. 11. Wireless Local Area Network (WLAN): A network of personal computing devices in a larger area (such as statewide) that are linked wirelessly, can communicate directly with other devices in the network, and can share resources. G. STANDARD PROCEDURES 1. Introduction a. Technology and its applications, including the internet, continue to expand and to become more accessible. This expansion increases the opportunity for state employees to improve their productivity, effectiveness, and efficiency. However, as the use and accessibility of technology increases, so does the risk that the technology might be used inappropriately or inefficiently. b. These policies apply to the usage of all computing devices, peripherals, mobile devices, and software that are connected to or can be connected to the department Local Area Network (LAN), Wireless Area Network (WLAN), and/or the Wide Area Network (WAN). c. The management team has adopted these guidelines to govern information technology, which includes the LAN, WLAN, and WAN, to protect and prevent the abuse of state property, to ensure the continued and effective operation of the department, to promote increased employee productivity, to prevent software viruses, and to maximize the efficient use of IT staff time. 2. Use of Computing Devices a. IDOC staff members are encouraged to use the internet and electronic mail (e-mail) to further the mission of the department, to provide service to customers, and to promote professional development as referenced in Idaho Technology Authority (ITA) Policy P1060 – State Issued IT Devices b. Computing devices are for IDOC business use only, and staff should not expect their e- mail communications, documents, or other information to be private and should not use the e-mail system for matters that are not intended for public disclosure. Only the occasional personal use of e-mail in lieu of telecommunication is acceptable. c. Every employee is responsible for monitoring and prohibiting the misuse of department property. It is each employee’s responsibility to inform senders of inappropriate e-mails of the department's e-mail policy. Inappropriate use must be reported to management. 3. Artificial Intelligence a. Staff are prohibited from using criminal justice information, otherwise known as CJIS data, in any artificial intelligence (AI) application. b. Non-publicly available information contained in IDOC’s correctional management system, all information derived from Idaho Public Safety and Security Information System (ILETS), or any personally identifiable information (PII) is prohibited from all AI use. Document Number: 141.00.06.008 5.0 Title: Computing Devices, Electronic Mail, and Internet Use Page Number: 5 of 9 Idaho Department of Correction c. Any photographs, video, audio, or other digital content, to include those of staff, clients, or residents, is prohibited from AI use. 4. Inappropriate Use of Computing Devices It is unacceptable for department employees to use the facilities and capabilities of the computing devices and/or systems to: a. Conduct any non-approved business b. Solicit the performance of any activity that is prohibited by law c. Transmit materials, information, images, or software in violation of any local, state, or federal law d. Conduct any political activity e. Conduct any non-department supported fund raising or public relation activity f. Engage in any activity for personal gain or personal business transactions g. Make any unauthorized purchases h. Use any games on state government-provided computing devices and/or equipment i. Place advertisements or commercial enterprises including but not limited to: goods, services, or property j. Abuse electronic mail privileges k. Download attachments from unknown and/or unauthorized sources l. Share IDOC accounts and passwords. Do not allow someone to use your login and password and/or use someone else’s logon session m. Utilize network bandwidth for non-department activities that cause slowness or disruption such as, but not limited to, streaming non-work related media, downloading music, gaming, etc. 5. Prohibited Computing/Electronic Device Usage by Residents a. Residents may not use any computer or other electronic devices meant for staff use. Any such use may result in disciplinary action. b. The only exception is resident use of computers or other electronic communication devices for class or school in which case the resident must adhere to all school and facility rules regarding their use. 6. Authorized Software and Hardware a. Authorized software/hardware is that which is approved/purchased by the IDOC information technology (IT) staff. b. Unauthorized software/hardware is that which is installed without information technology’s approval or knowledge. c. End users are only allowed to install authorized software from the IDOC self-service repository. Document Number: 141.00.06.008 5.0 Title: Computing Devices, Electronic Mail, and Internet Use Page Number: 6 of 9 Idaho Department of Correction d. Only IT staff members are authorized to: i. Approve new hardware or software ii. Install or remove software applications iii. Install, remove, or change the configuration of hardware 7. Inappropriate Information and Images It is unacceptable to knowingly or intentionally submit, publish, display, transmit, retrieve, or store, on the department's network or on any department computing device and/or system, any information or image which is for non-IDOC business and: a. Violates or infringes on the rights of any other person, including the right to privacy b. Contains defamatory, false, inaccurate, abusive, obscene pornographic, profane, sexually oriented, threatening, racially offensive or other biases, discriminatory, or illegal materials c. Violates any law, regulation, or department policy d. Restricts or inhibits other users from using the system, or the efficiency of the computing device and/or systems e. Encourages the use of controlled substances or uses the system for criminal or any illegal purpose f. Contains statements, which might incite violence or which describe or promote the use of weapons or devices associated with terrorist activities purposes. 8. Internet Uses of the internet must comply with appropriate laws and regulations reflective of the department’s values and integrity. Users should identify themselves properly when using the internet and conduct themselves as professional representatives of Idaho state government. Each user is individually responsible for the content of any communication sent over or placed on the internet. 9. Electronic Mail a. Employees are reminded that electronic mail (e-mail): i. Can and probably will, be copied, saved, or seen by third parties, both internal and external to state government, so care should be given regarding content of the communication ii. May be monitored iii. Is subject to disclosure under the Idaho Public Records Act and any other department policies pertaining to records as described in the Idaho Technology Authority (ITA) Policy P1040 – Email and Electronic Messaging b. Agency-Wide Distribution List Criteria and Process: Document Number: 141.00.06.008 5.0 Title: Computing Devices, Electronic Mail, and Internet Use Page Number: 7 of 9 Idaho Department of Correction i. E-mails sent to agency-wide distribution lists are moderated to prevent misuse, ensure relevant use for agency business, and for disk space considerations. A group of moderators are assigned the task of approving e-mails to be sent to agency-wide distribution lists. ii. Approved e-mails sent to distribution lists are defined as agency-wide communications for business and safety concerns. E-mail sent to distribution lists that do not meet these criteria will be denied. 10. Training a. There will be mandatory IT training and education for all employees working at an IDOC facility. Trainings will consist of, but are not limited to: i. Computer basics ii. Acceptable use policy iii. Cybersecurity awareness training as outlined by the Idaho Technology Authority (ITA) Policy P4505 – Cybersecurity Awareness Training and Executive Order 2017- 02 – Findings of the Idaho Cybersecurity Cabinet Task Force. b. Employees should expect training when hired and on an annual basis, randomly throughout the year, and if necessary, outside training to cover security basics. 11. Confidentiality Employees who send e-mail messages containing confidential and/or privileged information must include the following statement in the body of the message: privileged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by replying to this e-mail and delete this message and any attachments from your computing device.” 12. IT Security and Operations Access IT team members have the right and responsibility (as it relates to their role/job function) to access/inspect any file stored on any electronic device that has the ability to be connected to the IDOC network (directly or indirectly) or connected to IDOC equipment. This access is required to preserve and address any immediate danger/impact to IDOC. 13. Access for Inquiry or Investigation a. Use of computing devices must comply with all executive orders, department policies, standard operating procedures, and state, federal, and local laws. Inappropriate use may be investigated in accordance with this SOP. The department has the right to inspect any and all files stored in secured areas of state networks, on any computing devices, or on any other storage medium that has the ability to connect to the State network (such as flash drives or external hard drives, CDs, DVDs, and other social media) in order to monitor compliance with this SOP. Document Number: 141.00.06.008 5.0 Title: Computing Devices, Electronic Mail, and Internet Use Page Number: 8 of 9 Idaho Department of Correction b. Inappropriate content (as described in section 7 of this SOP) used for investigation purposes must be saved on a site-specific “Investigations” directory located on the network or an external hard drive rather than the investigator’s own C or H drive. Consult your information technology department or your local investigations supervisor to find the proper location to store such content. c. Authorization No IDOC staff member or other individual is authorized to access files or otherwise inspect or investigate IDOC computing devices and/or storage mediums without proper authorization. Authorization to access IDOC computing devices, computing device files, storage medium, etc. must be obtained from the director or deputy director. d. Investigation i. With approval from the director or deputy director, SIU may search or review contents of state authorized electronic devices. ii. Advanced technical computing device forensic previews, computing device, cellular telephone examinations, and real-time information are available, in conjunction with an approved investigation for the following: 1) Presence of inappropriate information and images (as defined in section 7) on a department computing device 2) Detailed methodical examination of the hard drive or media upon submittal of a department computing device to a certified computing device forensics laboratory. This also includes extremely comprehensive forensic examinations when looking for difficult-to-find evidence or for specific exculpatory or incriminating evidence. 3) Access to an employee’s e-mail account activity through the e-mail archive server e. Inquiries Based on Legal Actions and External Requests The lead deputy attorney general (DAG) assigned to the department may approve searches for litigation needs. The lead DAG will act as approver for requests submitted by his/her legal team to review information obtained from computing devices, storage medium, e-mail, computing device files, text messages, and cellular telephone data in connection with legal actions or other external requests for information. f. HR Inquiries The director or deputy director may authorize the HR manager or designee to review information obtained from computing devices, storage medium, e-mail, computing device files, text messages, and cellular telephone data in connection with performance, disciplinary, or legal actions or other external requests for information. g. Information Technology Before providing any information or assistance to the SIU, or any other person, IT staff must confirm that the director or deputy director has approved the investigation, inquiry, or access. Evidence of this approval is provided through the Investigation and Information Request electronic form process. Document Number: 141.00.06.008 5.0 Title: Computing Devices, Electronic Mail, and Internet Use Page Number: 9 of 9 Idaho Department of Correction 14. Violation of Policy Employees violating this policy are subject to disciplinary action up to and including dismissal in accordance with SOP 205.07.01.001, Corrective and Disciplinary Action and/or investigation referral to law enforcement. H. REFERENCES 1. Policy 141, Computing Devices, Electronic Mail, and Internet Use 2. SOP 205.07.01.001, Corrective and Disciplinary Action 3. Executive Order No. 2017-02 – Findings of the Idaho Cybersecurity Cabinet Task Force [https://adminrules.idaho.gov/rules/2017%20Archive/ExOs/2017-02_ExOr_17-2.pdf] 4. Idaho Information Technology Services – Artificial Intelligence (AI) Governance Policy, Standard, and Guideline [https://its.idaho.gov/wp-content/uploads/2024/09/AI-PSG_FINALAug2025.pdf] 5. Idaho Technology Authority (ITA) Policy P1040 – Email and Electronic Messaging [https://ita.idaho.gov/wp-content/uploads/2025/07/p1040.pdf] 6. Idaho Technology Authority (ITA) Policy P1050 - Employee Internet Use [https://ita.idaho.gov/wp-content/uploads/2025/07/p1050.pdf] 7. Idaho Technology Authority (ITA) Policy P1060 – State Issued IT Devices [https://ita.idaho.gov/wp-content/uploads/2025/07/p1060.pdf] 8. Idaho Technology Authority (ITA) Policy P4505 – Cybersecurity Awareness Training [https://ita.idaho.gov/wp-content/uploads/2025/07/p1060.pdf] – End of Document –