Section 2: Safety and Security Rules

Table of Contents
  • 2.01 All IDB staff will ensure the security and proper use of all keys, confidential information, and logon information to which they have access.
  • 2.02 All IDB staff members shall follow information security, physical security, and social media procedures in carrying out their job duties.
  • 2.03 All IDB staff are required to observe all safety rules and report accidents immediately.
  • 2.04 When the fire alarm is activated, all staff are required to exit the building in accordance with the evacuation procedures.
  • 2.05 IDB staff will secure all IDB issued physical keys and key cards in their possession. Any lost or stolen key or key card should be reported to the employee’s supervisor and the facilities engineer within 24 hours of discovery.
  • 2.06 All IDB issued smart phones must contain a complex passcode containing at least one letter rather than a 4 or 6 digit numeric passcode only.
  • 2.07 All IDB issued cell phones must be set so that email messages, text messages, and other notifications potentially containing client information are not visible on the lock screen.
  • 2.08 IDB staff will not store information deemed confidential (0.31.) on any unencrypted media, transmit such information via unencrypted email, or store such information in any unencrypted cloud service not owned and controlled by IDB. Including, but not limited to, Dropbox, iCloud, or Google Drive.
  • 2.09 Email with confidential information shall not be sent by unauthorized personnel nor shall confidential agency information be transmitted using personal email accounts.
  • 2.10 IDB staff will not store logon information on any non-IDB issued computers, phones, or other equipment.
  • 2.11 Logon information will not be stored in any unlocked place or unencrypted media. It will also not be stored with the device to which it allows access.
  • 2.12 No IDB contract covered staff will be required to check their email outside of work hours or using any non-IDB issued device.
  • 2.13 If any IDB staff chooses to check their work email on any non-IDB issued device, they may not save their logon information on that device. They are also wholly and solely responsible for ensuring that the account is properly logged out and no confidential information is obtained by anyone other than its intended recipient.
  • 2.14 Any IDB staff choosing to share any work calendar over which they have control with any account outside of the blind.state.ia.us domain must refrain from using any confidential information in any shared field.
  • 2.15 Any lost or stolen IDB issued phones, computers, or other equipment must be reported directly to the IDB staff member’s supervisor and CTO within 24 hours of detection.
  • 2.16 Any breach of information security must be reported directly to the IDB staff member’s supervisor and the CTO within 24 hours of detection.
  • 2.17 All paper files containing confidential information must be secured when not in use. If they must be left in a vehicle, they must be stored in the trunk. If left in an office, that office must be locked or they must be stored in a locked file cabinet or drawer.
  • 2.18 All state vehicles must be locked when not occupied.
  • 2.19 IDB staff are prohibited from using IDB’s IT resources and communication systems for personal social media purposes, entertainment, or personal business.
  • 2.20 IDB employees may not use personal devices such as phones, laptops, or tablets for social media, entertainment, or personal business purposes while on work time. However, employees may use their personal equipment and resources on non-work time; e.g., lunch hour, or authorized breaks to engage in social media, entertainment, or personal business. Personal devices should never be connected to the IDB Wi-Fi network, but may be connected to the IDB guest network. IDB staff may use the idb-guest internet connection to stream music on their personal device during work time, if doing so does not interfere with their work performance.
  • 2.21 When using social media for business or personal purposes, employees must protect the privacy of IDB, its employees, clients, patrons, suppliers, and vendors and are prohibited from disclosing personal employee and non-employee information and any other proprietary, confidential, privileged, or non-public information to which employees have access. Such information includes, but is not limited to, client or patron information and financial data.
  • 2.22 Only staff who have completed training in the use of a personal mobility device may instruct any client or patron in the use of that device.
  • 2.23 IDB staff may only assist in the operation of a personal mobility device at the request of the client, patron, volunteer, colleague, or member of the public visiting the IDB building. Any IDB staff member who is requested to assist in the operation of a personal mobility device may do so if that IDB staff member feels comfortable providing the requested assistance. Any IDB staff member who provides assistance to an individual will follow the direction given by the individual in the course of providing the requested assistance.