top of page
This site was designed with the
.com
website builder. Create your website today.Start Now

The following YMCA policies govern the use and management of the information technology resources and services provided by the Ozarks Regional YMCA and apply to staff, members and guests.

Guest WiFi
PC Purchase Policy
Equipment Sign-Out
Password Policy
Internal Privacy Policy

GET HELP

Call: 417-862-8962

ext. 2121

Email: it@orymca.org

ACCEPTABLE USE
Data Security Incident Report

IT Policies

ACCEPTABLE INTERNET USE POLICY

 

The purpose of this policy is to establish acceptable and unacceptable use of electronic devices and network resources at Ozarks Regional YMCA (ORYMCA) in conjunction with its established culture of ethical and lawful behavior, openness, trust, and integrity.

 

Ozarks Regional YMCA provides computer devices, networks, and other electronic information systems to meet missions, goals, and initiatives and must manage them responsibly to maintain the confidentiality, integrity, and availability of its information assets. This policy requires the users of information assets to comply with company policies and protects the company against damaging legal issues.

 

Definitions:

  • “Users” are everyone who has access to any of ORYMCA’s IT systems. This includes permanent employees and also temporary employees, contractors, agencies, consultants, suppliers, customers and business partners.

  • “Systems” means all IT equipment that connects to the corporate network or access corporate applications. This includes, but is not limited to, desktop computers, laptops, smartphones, tablets, printers, data and voice networks, networked devices, software, electronically-stored data, portable data storage devices, third party networking services, telephone handsets, video conferencing systems, and all other similar items commonly understood to be covered by this term.

 

Scope:

  • This is a universal policy that applies to all Users and all Systems. For some Users and/or some Systems a more specific policy exists: in such cases the more specific policy has precedence in areas where they conflict, but otherwise both policies apply on all other points.

  • This policy covers only internal use of ORYMCA’s systems, and does not cover use of our products or services by customers or other third parties.

  • Some aspects of this policy affect areas governed by local legislation in certain countries (e.g., employee privacy laws): in such cases the need for local legal compliance has clear precedence over this policy within the bounds of that jurisdiction. In such cases local teams should develop and issue users with a clarification of how the policy applies locally.

  • Staff members at ORYMCA who monitor and enforce compliance with this policy are responsible for ensuring that they remain compliant with relevant local legislation at all times.

 

Use of IT Systems:

  • All data stored on ORYMCA’s systems is the property of ORYMCA. Users should be aware that the company cannot guarantee the confidentiality of information stored on any ORYMCA system except where required to do so by local laws.

  • ORYMCA’s systems exist to support and enable the business. A small amount of personal use is, in most cases, allowed. However it must not be in any way detrimental to users own or their colleagues productivity and nor should it result in any direct costs being borne by ORYMCA other than for trivial amounts (e.g., an occasional short telephone call).

  • ORYMCA trusts employees to be fair and sensible when judging what constitutes an acceptable level of personal use of the company’s IT systems. If employees are uncertain they should consult their manager.

  • Any information that is particularly sensitive or vulnerable must be encrypted and/or securely stored so that unauthorized access is prevented (or at least made extremely difficult). However this must be done in a way that does not prevent–or risk preventing–legitimate access by all properly-authorized parties.

  • ORYMCA can monitor the use of its IT systems and the data on it at any time. This may include (except where precluded by local privacy laws) examination of the content stored within the email and data files of any user, and examination of the access history of any users.

  • ORYMCA reserves the right to regularly audit networks and systems to ensure compliance with this policy.

​

Data Security:

  • If data on ORYMCA’s systems is classified as confidential this should be clearly indicated within the data and/or the user interface of the system used to access it. Users must take all necessary steps to prevent unauthorized access to confidential information.

  • Users are expected to exercise reasonable personal judgement when deciding which information is confidential.

  • Users must not send, upload, remove on portable media or otherwise transfer to a non- ORYMCA system any information that is designated as confidential, or that they should reasonably regard as being confidential to ORYMCA, except where explicitly authorized to do so in the performance of their regular duties.

  • Users must keep passwords secure and not allow others to access their accounts. Users must ensure all passwords comply with ORYMCA’s safe password policy. 

  • Users who are supplied with computer equipment by ORYMCA are responsible for the safety and care of that equipment, and the security of software and data stored it and on other ORYMCA systems that they can access remotely using it.

  • Because information on portable devices, such as laptops, tablets and smartphones, is especially vulnerable, special care should be exercised with these devices: sensitive information should be stored in encrypted folders only. Users will be held responsible for the consequences of theft of or disclosure of information on portable systems entrusted to their care if they have not taken reasonable precautions to secure it.

  • All workstations (desktops and laptops) should be secured with a lock-on-idle policy active after at most 10 minutes of inactivity. In addition, the screen and keyboard should be manually locked by the responsible user whenever leaving the machine unattended.

  • Users who have been charged with the management of those systems are responsible for ensuring that they are at all times properly protected against known threats and vulnerabilities as far as is reasonably practicable and compatible with the designated purpose of those systems.

  • Users must at all times guard against the risk of malware (e.g., viruses, spyware, Trojan horses, worms, backdoors) being imported into ORYMCA’s systems by whatever means and must report any actual or suspected malware infection immediately.

 

Unacceptable Use:

  • All employees should use their own judgment regarding what is unacceptable use of ORYMCA’s systems. The activities below are provided as examples of unacceptable use, however it is not exhaustive. Should an employee need to contravene these guidelines in order to perform their role, they should consult with and obtain approval from their manager before proceeding.

  • All illegal activities. These include theft, computer hacking, malware distribution, contravening copyrights and patents, and using illegal or unlicensed software or services.  These also include activities that contravene data protection regulations. 

  • All activities detrimental to the success of ORYMCA.  These include sharing sensitive information outside the company, such as research and development information and customer lists, as well as defamation of the company.

  • All activities for personal benefit only that have a negative impact on the day-to-day functioning of the business. These include activities that slow down the computer network (e.g., streaming video, playing networked video games). 

  • All activities that are inappropriate for ORYMCA to be associated with and/or are detrimental to the company’s reputation. This includes pornography, gambling, inciting hate, bullying and harassment.

  • Circumventing the IT security systems and protocols which ORYMCA has put in place.

  

Enforcement:

  • ORYMCA will not tolerate any misuse of its systems and will discipline anyone found to have broken the policy, including not exercising reasonable judgment regarding acceptable use. While each situation will be judged on a case-by-case basis, employees should be aware that consequences may include the termination of their employment.

  • Use of any of ORYMCA’s resources for any illegal activity will usually be grounds for immediate dismissal, ORYMCA will not hesitate to cooperate with any criminal investigation and prosecution that may result from such activity.

 

Policy Revision History

Version: 0.1

Effective Date: June 12, 2018

Authorized by: COO

Affected Provisions: --

​

​

​

​

​

Data Security Incident Report

 

Instructions:

Any ORYMCA employee that becomes aware of a Data Security Incident or Data Security Breach must immediately report his/her concerns by submitting this Data Security Incident Report Form to the Incident Response Contact or Group at IT@orymca.org of phone 417-862-8962 ext 2121, as well as notifying his/her immediate supervisor.

Equipment Sign-out Form

​

This form assigns primary responsibility for Ozark YMCA equipment to the borrower.  The borrower will be responsible for taking the necessary precautions to protect the equipment and to store it in a manner that provides adequate protection when it is not in use, thus not subjecting the equipment to possible theft or damage. If it is determined that loss or damage is a result of negligence, the borrower may be held financially responsible for the repair or replacement of the equipment.

ORYMCA Guest WI-FI Service Terms of Use and Acceptable Use Policy

​

  • Welcome to the ORYMCA Guest Wi-Fi Terms of Use Page. This ORYMCA wireless guest internet access (Service) is provided free of charge to you in accordance with the following terms:

 

  • Disclaimer ORYMCA is not responsible for content delivered through the Internet. ORYMCA is not responsible for sensitive information communicated through this public wireless connection, such as credit card, personal data, or banking information, etc. Please be sure that your device’s anti-virus and firewall software are up-to-date.

 

  • ORYMCA assumes no responsibility and shall not be liable for any loss of data, damage, or viruses/malware that may infect your device on account of your access to, or use of the public wireless connection. ORYMCA assumes no responsibility or liability for physical damage to, or theft of your device.

 

  • ORYMCA cannot guarantee that your hardware or software will work with the Y’s wireless connection. ORYMCA may collect and disseminate data usage at its sole discretion; including sharing the information with any law enforcement agencies.

 

  • Minors should only access the connection under parental or guardian oversight. Any restrictions, limitations, and monitoring of a minor’s access to the Y’s public wireless network is the sole responsibility of the parent or guardian.

 

  • Member agrees to respect all copyright laws and licensing agreement pertaining to material obtained from the Internet and ORYMCA is not responsible for member’s failure to do so. If you have problems accessing the Internet over the wireless connection, our staff cannot assist in making changes to the member’s network settings or perform any troubleshooting.

 

Version: 0.1

Effective Date: 6/12/2018

Authorized by: COO

Affected Provisions: --

​

​

​

Internal Privacy Policy

This ORYMCA Internal Privacy Policy (“Privacy Policy”) sets forth Ozarks Regional YMCA’s policies and procedures for protecting the privacy of Personal Data, as defined below. The Privacy Policy is applicable to all Ozarks Regional YMCA employees.

Effective Date: 06/12/20018

Category: PRIVACY

 

Contact(s):

Thomas Malotte

IT Network Coordinator

Ozarks Regional YMCA

cmalotte@orymca.org

IT@orymca.org

 

1.0    DEFINITIONS

“Data Controllers” are those people that determine how and whether Personal Information is processed. Ozarks Regional YMCA is a Data Controller for purposes of these procedures. When we share information with YMCA of the USA, both organizations are Data Controllers.

​

“Data Processors” are those people that process Personal Information on behalf of a Data Controller.

​

“Data Subjects” are the people to whom the Personal Data relates.

​

“Personal Data” is any information about an identifiable individual. Examples of Personal Data include (but are not limited to)

  • name, date of birth, and social security or other identity card number;

  • contact information such as mailing address, email address, and phone numbers;

  • credit card and financial account numbers;

  • health or medical information;

  • information contained in employee files, including employment history, evaluations, and information collected during the application and hiring process; and

  • Information related to employee benefits, such as the names of dependents, beneficiaries, and insurance policy information.

 

Properly anonymized and de-identified or aggregate data is not Personal Data.

“Process” is used very broadly to indicate performing any action on Personal Data, such as collecting, recording, organizing, storing, transferring, modifying, using, retaining, or deleting.

​

“Sensitive Personal Data” is Personal Data that relates to an identifiable person’s health, finances, sexual orientation, religious beliefs, or criminal record.

​

2.0    PERSONAL DATA MINIMIZATION AND PRIVACY BY DESIGN

Privacy protection is integral to ORYMCA’s processing of Personal Data because it helps to protect our members and to let them feel comfortable sharing information with us, and this information helps us to grow and improve our community.

​

We collect and process Personal Data in a number of ways, including from the following:

  • Members when they sign up to join ORYMCA, including name, address, and payment information, or when they use various services and join difference groups and activities.

  • Volunteers, employees, and applicants as part of their employment or application. This information may include job applications, employee records of training, documentation of performance appraisals, salary, and other employment records.

  • Nonmember guests who visit for certain activities.

  • Such processes should be designed to minimize the unnecessary collection or use of Personal Data. For instance, use an identification number in place of a Social Security number when possible, and use a partial Social Security number in place of the full number when possible. Likewise, the use of anonymized and de-identified or aggregate data is generally preferable to the use of Personal Data.

​

​

3.0    PROCEDURES

All employees must comply with the following procedures:

​

3.1    Data Collection and Consent

Prior to the collection and processing of Personal Data, ORYMCA must obtain consent from the Data Subject in a manner appropriate to the context. Most of the time, consent is implied from the circumstances. For instance, if members sign up for swim class, they expect the information to be used to organize the class and to communicate with them about the class, but they would not expect that information to be sold to local pizza chains for them to receive coupons. When Personal Data is used in ways that are not reasonably implied from the apparent circumstances, consent may be provided orally, in writing, or electronically, on an opt-in or opt-out basis generally, although uses of Sensitive Personal Data should have more clear opt-in consent.

Some people, such as children or persons with mental disabilities, may not be capable of providing personal consent to the collection, use, or disclosure of their own Personal Data. In those cases, we can rely upon the consent of those persons who are giving care to that person and who are entitled to consent on behalf of the individual in the given circumstances and in accordance with state and federal law. Personal Data should not be collected from children without clear parental or legal guardian written consent, and Sensitive Personal Data collection requires particularly clear consent to collect.

​

To provide notice and receive informed consent, disclose the following before collecting Personal Data when it is not otherwise clear from the circumstances:

  • the identity of the person or entity that is collecting the Personal Data (i.e., the Data Controller);

  • the purpose(s) for which the Personal Data is to be processed or used;

  • the methods by which the Personal Data is to be collected;

  • the scope of Personal Data that may be collected (e.g., types, over what time period, etc.); and

  • the identity of anyone to whom the Personal Data may be disclosed or transferred.

 

ORYMCA need not obtain consent from the Data Subject in the following limited circumstances:

  • in an emergency that threatens an individual’s life, health, or personal security;

  • when the Personal Data is available and collected from a public source;

  • when the processing is necessary for the performance of a contract to which the Data Subject is party, or in order to take steps at the request of the Data Subject prior to entering into a contract;

  • when the processing is necessary for compliance with  ORYMCA’s legal compliance obligations, such as to investigate and protect its legal interests;

  • when the processing is necessary in order to protect the vital interests of the Data Subject, narrowly construed;

  • in certain circumstances, when processing is necessary for the performance of a task carried out in the public interest;

  • When processing is necessary for ORYMCA’s legitimate business interests, as disclosed to the Data Subject, consistent with the fundamental rights and freedoms of the Data Subject; or

  • Where the intended collection, use, processing, and/or disclosure is otherwise permitted or not precluded by applicable law.

 

3.2    Withdrawal of Consent

In some circumstances, consent to the collection and use of Personal Data may be withdrawn, subject to contractual and legal restrictions and reasonable notice. In general, ORYMCA should allow and respect the withdrawal of consent to the greatest extent possible, such as with respect to the withdrawal of consent to receiving marketing materials or telephone calls.

​

Withdrawal of consent may have consequences, such as no longer being able to provide certain services or communicate in certain ways. In certain circumstances, consent may not be withdrawn with respect to certain necessary uses and disclosures of Personal Data, such as with respect to certain legal and contractual obligations.

 

Personal Data systems should be reasonably designed to allow for the effective withdrawal of consent. In particular, opt-out lists must be maintained, and communications must be scrubbed against these lists to be able to verify that recipients that they have expressed their wish not to receive are in fact, not receiving communications, even if they previously consented to receiving the communication. Compliance with such requests is particularly important with respect with any electronic and telecommunications (phone, fax, text, etc.) campaigns, consistent with the legal requirements applicable to the campaign. Awareness of the restrictions applicable to particular campaigns is the responsibility of the manager of that campaign, and it is their responsibility to consult with ORYMCA management and/or legal counsel in order to achieve full compliance in their specific circumstances.

​

3.3    Purpose Specification and Use Limitation

When Personal Data is used, ORYMCA must use the Personal Data in a way that is compatible with the purposes for which it was collected, or for a reasonably related purpose. If Personal Data needs to be used for another purpose or handled in a way that the Data Subject has not provided consent, the ORYMCA should obtain the consent of the Data Subject for the new or different use.

​

Only ORYMCA personnel or third parties working on behalf of ORYMCA with a legitimate business purpose may access or use Personal Data, and even those individuals may access such Personal Data only for legitimate purposes required by their positions. The more sensitive the Personal Data is, the greater the security should be to protect it.

 

3.4    Data Subject Access

ORYMCA should post a privacy notice so that Data Subjects can contact the appropriate person with inquiries or complaints regarding the use of their Personal Data. ORYMCA must make reasonable efforts to grant Data Subjects’ requests to access their Personal Data. In accordance with these procedures, Data Subjects may ask the ORYMCA whether it maintains Personal Data about them, and the contents, if any, of that data. If the ORYMCA denies access, it should provide the Data Subject the reasons for such denial and allow the Data Subject to challenge the denial.

​

3.5    Data Accuracy

ORYMCA should use its best efforts to process accurate Personal Data. To this end, Data Subjects may make reasonable requests for the correction of any incorrect or misleading Personal Data about them. To the extent reasonably feasible, we must, as appropriate, correct or destroy Personal Data that is inaccurate, misleading, or out-of-date. If ORYMCA does not make a requested correction, the request should be noted in the Data Subject’s file to the extent feasible and explained to the Data Subject.

 

 

3.6    Data Retention

ORYMCA should not keep Personal Data longer than necessary for the purpose for which it was collected. ORYMCA must securely destroy or erase Personal Data from its systems when it is no longer required to accomplish the purpose for which it was collected. ORYMCA also should endeavor to ensure the secure deletion and destruction of Personal Data stored or maintained by third parties. We may, however, retain some Personal Data in order to comply with applicable laws, regulations, rules, and court orders.

​

3.7    Security

ORYMCA takes reasonable administrative, technical, and physical measures to safeguard against unauthorized processing or use of Personal Data, and against the accidental loss of, or damage to, Personal Data. These measures include:

  • making available written plans to identify, prevent, detect, respond to, and recover from cybersecurity threats and incidents;

  • developing security authentication procedures for accessing all systems that store Personal Data;

  • maintaining patched, up-to-date anti-virus software, firewalls, and other computer security safeguards, and appointing appropriate personnel to be responsible for keeping such safeguards up-to-date;

  • requiring third-party data processors, vendors and other service providers who will be processing Personal Data on behalf of ORYMCA to maintain appropriate security measures;

  • maintaining appropriate records of access to and processing of Personal Data;

  • auditing Personal Data security at regular intervals (but no less than annually) and recording the results of such audits;

  • using appropriate protections, such as encryption, to protect Sensitive Personal Data in transit and when stored on portable computer media as necessary or appropriate;

  • utilizing appropriate and secure destruction methods of Personal Data as legally required; and

  • Talking all other reasonable measures as required from time to time by local laws and regulations.

 

3.8    Sharing Personal Data With Third Parties

The ORYMCA may share the Personal Data with its corporate affiliates, such as YMCA of the USA, and third parties that provide services to ORYMCA to the extent such third parties are contractually required to follow the procedures set forth herein, or substantially equivalent standards, and to protect Personal Data in accordance with all relevant laws, regulations and rules, and subject to any appropriate security measures and directions from ORYMCA. These requirements should also apply to any subcontractors engaged by third parties.

 

Personal Data may not be sold, transferred, or disclosed to other third parties except as authorized in writing by YMCA management.

​

Prior to disclosing Personal Data to a third party, the ORYMCA may provide the Data Subject the opportunity to choose whether his or her information may be disclosed to that third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the Data Subject.

​

In all instances, Sensitive Personal Data should not be disclosed to unaffiliated third parties or used for new purposes without explicit consent or the presence of other circumstances requiring or justifying such use.

​

3.9    Confidentiality

Employees and third-party contractors may not disclose information made available on ORYMCA’s systems and networks, including to other ORYMCA personnel, except as expressly authorized by the appropriate manager. The duty of nondisclosure and confidentiality extends to interactions with third parties, including other employees, customers, business partners, and vendors. This extends past employment with the ORYMCA as well.

​

3.10  Incident Reporting and Response

The suspected theft, loss, or unauthorized processing of data, including Personal Data, must be immediately addressed. ORYMCA must take steps to immediately investigate the cause of the security breach and make every effort to contain the breach. ORYMCA must follow the steps set forth in the Data Security Incident Response Plan when responding to security incidents.

​

3.11  Children’s Information

ORYMCA intends to collect or use personal information from children under the age of 13, it must first obtain the verifiable consent of their parents or guardians, such as through consent forms that the parent or guardian signs in person. Consent need not be obtained where information about children is provided by their parents or guardians.

 

4.0    PRIVACY INQUIRIES AND DISPUTES

ORYMCA must designate an individual to handle complaints and disputes regarding the use of Personal Data. ORYMCA must inform the individuals from whom it collects Personal Data of a phone number or email address that they may contact for complaints or disputes about how their Personal Data is handled. These complaints and disputes shall be addressed by ORYMCA management, who may decide when consultation with legal counsel is appropriate in anticipation of potential litigation with the Data Subject. Internal processing of requests for legal counsel would be subject to attorney-client privilege and attorney work-product doctrine protections to the extent applicable under state or federal law. The person(s) authorized to handle complaints and disputes is the IT Department at 417-862-8962 ext 2121 or via email IT@orymca.org.

 

5.0    COMPLIANCE WITH AND MODIFICATION OF PROCEDURES

ORYMCA employees who violate this Privacy Policy may be subject to disciplinary actions, up to and including termination of employment.

​

As is appropriate, ORYMCA may modify its procedures for the handling of Personal Data, but material changes to the handling of Personal Data cannot be applied retroactively without the express consent of the Data Subject unless consent was not necessary to collect and use the Personal Data.

​

To facilitate compliance with this Privacy Policy and to protect its workers, systems, information, and assets; ORYMCA may review, audit, monitor, intercept, access, and disclose information processed or stored on ORYMCA equipment and technology, or on personally owned devices permitted ORYMCA network access.

​

If you become aware of any actual or suspected breach of this Policy, notify the IT Department by calling 417-862-8962 ext 2121 or via email IT@orymca.org.       

​

If you have any questions about this guidance, or for additional information or training, please contact the IT Department at 417-862-8962 ext 2121 or via email IT@orymca.org .       

 

Our ORYMCA’s management may monitor, assess, and promote compliance with this Policy by

  • providing guidance regarding implementation of, and adherence to, the Policy;

  • assisting with the design of initiatives to minimize the collection and other processing of Personal Data;

  • designing and conducing appropriate privacy training;

  • serving as an initial point of contact for privacy and Personal Data protection issues;

  • handling privacy complaint investigations and resolutions;

  • providing guidance regarding contracts for processing Personal Data;

  • monitoring legal developments regarding privacy and data protection; and

  • providing our ORYMCA with an ongoing assessment of compliance with applicable laws and industry best practices.

 

6.0    TRAINING

Employees with access to Personal Data shall receive annual training on this Privacy Policy.

​

7.0    REFERENCES

For questions related to the implementation of this Policy, contact The IT Department by calling417-862-8962 ext 2121 or via email IT@orymca.org .

​

Version: 0.1

Effective Date: 6/12/2018

Authorized by: COO

Affected Provisions: --

​

​

​

​

​

Safe Password Policy:

Employees at Ozarks Regional YMCA (ORYMCA) must access a variety of IT resources, including computers and other hardware devices, data storage systems, and other accounts. Passwords are a key part of the IT Departments strategy to make sure only authorized people can access those resources and data.

​

All employees who have access to any of those resources are responsible for choosing strong passwords and protecting their log-in information from unauthorized people.

 

The purpose of this policy is to make sure all ORYMCA resources and data receive adequate password protection. The policy covers all employees who are responsible for one or more account or have access to any resource that requires a password.

 

Password creation:

  • All passwords should be reasonably complex and difficult for unauthorized people to guess. Employees should choose passwords that are at least eight characters long and contain a combination of upper- and lower-case letters, numbers, and punctuation marks and other special characters. These requirements will be enforced with software when possible.

  • In addition to meeting those requirements, employees should also use common sense when choosing passwords. They must avoid basic combinations that are easy to crack. For instance, choices like “password,” “password1″ and “Pa$$w0rd” are equally bad from a security perspective.

  • A password should be unique, with meaning only to the employee who chooses it. That means dictionary words, common phrases and even names should be avoided. One recommended method to choosing a strong password that is still easy to remember: Pick a phrase, take its initials and replace some of those letters with numbers and other characters and mix up the capitalization. For example, the phrase “This may be one way to remember” can become “TmB0WTr!”.

  • Employees must choose unique passwords for all of their company accounts, and may not use a password that they are already using for a personal account.

  • All passwords must be changed every 90 days, with the frequency varying based on the sensitivity of the account in question. This requirement will be enforced using software when possible.

  • If the security of a password is in doubt– for example, if it appears that an unauthorized person has logged in to the account — the password must be changed immediately.

  • Default passwords — such as those created for new employees when they start or those that protect new systems when they’re initially set up — must be changed as quickly as possible.

​

Protecting passwords:

  • Employees may never share their passwords with anyone else in the company, including co-workers, managers, administrative assistants, IT staff members, etc. Everyone who needs access to a system will be given their own unique password.

  • Employees may never share their passwords with any outside parties, including those claiming to be representatives of a business partner with a legitimate need to access a system.

  • Employees should take steps to avoid phishing scams and other attempts by hackers to steal passwords and other sensitive information. All employees will receive training on how to recognize these attacks.

  • Employees must refrain from writing passwords down and keeping them at their workstations. See above for advice on creating memorable but secure passwords.

  • Employees may not use password managers or other tools to help store and remember passwords without the IT Departments permission.

 

 

Version: 0.1

Effective Date: 6/12/2018

Authorized by: COO

Affected Provisions: --

​

​

​

​

​

​

Computer Equipment Purchasing Policy

​

Purpose:

The purpose of this policy is to outline the process by which Ozarks Regional YMCA (ORYMCA) acquires, replaces, and disposes of computer hardware equipment as well as the purchasing of personal computers and laptops for staff.

 

Scope:

This policy applies to all full-time and part-time employees and to the purchase of all computer equipment issued by ORYMCA.

​

Computer Equipment Purchases for ORYMCA

All computer equipment purchases must be coordinated with the IT Department and the Chief Operations Officer through the Web Portal, on www.orymca.org, before any purchases are made. The Chief Operations Officer and IT Department will have to approve the request. Any equipment purchased outside of this means will not be supported and must be returned from where it was purchased. We will not credit and/or pay your CC account if there is an equipment purchase on the statement, you may also be written up. The IT Department will coordinate with the Executive Directors to make sure the proper equipment is purchased for each job.

​

Computer Equipment Received via Grants or Gifts:

Departments receiving computer equipment as gifts from individuals, corporate sponsorships, and grants must work with the IT Department before accepting equipment donations, and or ordering equipment. Equipment gifts will be reviewed to ensure that the gift may be utilized in the ORYMCA environment and that ongoing support can be provided.

​

Computer Replacement Cycle:

Full-time and approved positions will be assigned one primary computer. The computer assigned to a user as their primary system will be the machine covered under the computer replacement cycle. Those users with non-primary computers may either be upgraded out of the IT Department computer redistribution pool or by other departmental funds.

 

The general guidelines for replacement of primary systems are:

  1. Full-time staff: Four years from the date of computer assignment

  2. Computers needed for part-time staff, temporary positions, and machines needed for projects or other temporary uses will be furnished out of the IT department redistribution pool of computers.

 

Computers that are part of the IT Department computer replacement cycle will be replaced with a new standard computer. The IT Department will also cover the costs of a new standard machine requested for a newly created position.

 

Standard Computer Configurations:

A standard configuration will be established by the IT Department and Executive Directors on an annual basis. Any upgrades to the hardware configuration beyond the scope of the standard configuration will be charged to the requesting department.

 

Executive Directors will receive a Windows Laptop and all full-time staff will receive a standard Windows desktop unless justification for an upgrade can be provided and approved by the respective Executive Director, and Chief Operations Officer. If equipment other than a Windows desktop is approved by the Chief Operations Officer, any monetary difference will be paid by the respective departmental funds. Any staff replacement personnel will inherit the computer used by the previous holder of that position, unless that computer was purchased or has been in use for four years.

​

Standard Software Installations:

Standard software on machines will include:

  1. Current supported version of Windows OS operating systems

  2. Current supported version of Microsoft Office Suite for Windows

  3. Antivirus software

  4. Runtimes

  5. Internet browsers

 

Additional Peripheral Devices:

Standard desktop configurations for PCs a CPU, monitor, keyboard, and mouse.

 

Standard laptop configurations for PCs will only include the laptop.

 

External monitors may be supplied depending on availability in redistribution. Laptop setups do not include carrying cases, docking stations, and monitor stands. If the department would like a docking station and or external monitor they must put in a request via the Web Portal for the equipment.

 

Follow this process to purchase a new equipment:

  1. Purchaser sends request through web portal on ORYMCA Staff Resource Website.

  2. IT and the COO will approve or deny the request.

  3. If approved IT will create a purchases ticket and will email the purchaser once the order has been placed.

  4. Once the computer is ready for pickup, IT will contact the purchaser to coordinate the pickup and installation of the new computer.

  5. Upon machine pickup, purchaser sign a copy of the completed paperwork for the IT Department to keep to finalize transfer of ownership.

 

Additional Questions:

All Questions can be emailed to IT@orymca.org  or you can contact the IT Department by phone at 417-862-8962 ext 2121.

 

Version: 0.1

Effective Date: 6/12/2018

Authorized by: COO

Affected Provisions: --

bottom of page