11- Corp Policies - Info Tech use

Question 1

What is the main purpose of the City of Brampton’s Information and Communication Technology (ICT) policy?

a) To restrict access to ICT for specific departments
b) To encourage personal use of ICT
c) To ensure appropriate and responsible use of technology
d) To provide unlimited access to City-owned ICT

Answer 1

C
This policy has been established to provide governance and awareness for the acceptable use of computers, systems, mobile communication devices, electronic communication, telephones,
servers, applications, data, software tools, electronic access accounts, information assets,
technology acquisition, technology standards and processes, network resources and the overall Business-Technologies and Infrastructure, (collectively referred to as “Information and Communication Technology” or “ICT”) at the City in conjunction with its established culture of good ethical behaviour, trust, and integrity.

Question 2

According to the policy, who must comply with the ICT Policy?

a) Only the Chief Information Officer (CIO)
b) Anonymous persons visiting the City’s public website
c) Users who do not have access to ICT
d) All persons or entities with access to City’s ICT

Answer 2

D
This Policy applies to all and any persons or entities that have access to and/or make use of the City’s ICT in any form or plan (collectively referred to as “User” or “Users”); except Anonymous persons (i.e. unidentified people who are visiting and accessing the City’s public website).

Question 3

What is the scope of the ICT Policy regarding the City’s Bring Your Own Device Program (BYOD Program)?

a) BYOD is not allowed
b) BYOD is explicitly defined in the policy
c) BYOD is mentioned but not defined in the policy
d) BYOD is discouraged but not explicitly prohibited

Answer 3

B
This Policy applies to ICT owned or leased by the City and to ICT that are not owned or leased by the City but are certified, contracted or permitted to connect and access the ICT through approved processes, remote access tools, or programs such as the City’s Bring Your Own Device Program(“BYOD Program”)

Question 4

What should Users do if they have questions about the appropriate use of ICT for personal reasons?

a) Ignore personal use of ICT
b) Ask their direct supervisor or the IT Service Desk
c) Contact the CIO directly
d) Document their personal use for auditing purposes

Answer 4

B
The City’s ICT is made available to City Users for business purposes. Although occasional personal use might occur, personal use should not be excessive, impact work productivity or interfere with work performance. Users are encouraged to ask their direct supervisor or the IT Service Desk if they have any question regarding the appropriate use of ICT.

Question 5

Under what conditions can the Chief Information Officer (CIO) authorize exceptions to the policy?

a) Only if the User provides a valid business justification
b) Only if the User’s Divisional Head approves
c) Only if the exception is explicitly stated in the policy
d) Only if the exception involves personal use of ICT

Answer 5

A
Any exceptions to this Policy must be authorized in advance in writing by CIO or her/his delegate(s). An “Exception to Policy Request” must include valid business justification and documented approvals from the requestor’s Divisional Head.

Question 6

What is the responsibility of Users regarding the security of their accounts?

a) Share account information for collaborative purposes
b) Keep passwords secured at all times
c) Change passwords monthly
d) Only use City-owned information assets

Answer 6

B
Be responsible for the security of Account(s) under their control and to keep their password secured at all times.

Question 7

What is strictly prohibited regarding the storage of personal multimedia, files, and tools?

a) Storing them on City-owned file shares or shared data repositories
b) Using personal devices for work purposes
c) Sharing personal files with colleagues
d) Storing them on unauthorized devices

Answer 7

A
The storage and use of personal multimedia, files and/or tools on City’s file shares or
shared data repositories is prohibited. Reasonable use of, and access to, personal
devices, accessories and digital information is not restricted to City owned or leased enduser computing devices such as (Laptop, Desktop, Tablet or Smart Devices).

Question 8

What is an activity that City ICT should not be used for, according to the policy?

a) Circumventing security or causing a security breach
b) Playing games during lunch breaks
c) Using personal devices for work purposes
d) Allowing unauthorized access to personal accounts

Answer 8

D and A
Be responsible for the security and appropriate use of City ICT under their control, which
City ICT shall not be used for any of the following:
2.6.1. Circumventing security, User’s log-in credentials (e.g. User ID and Password) or
causing a security breach;
2.6.2. Grant access to ICT and/or Accounts without proper authorization by the
requestor’s manager, division head and the CIO or his/her delegate(s);
2.6.3. Downloading or introducing inappropriate content or software including content
and/or software that can probe, scan, cause harm or loss or damage to the City’s
ICT;

Question 9

What must Users do if they need to engage in an activity deemed unlawful or prohibited?

a) Users must never engage in any other activities deemed to be unlawful
b) Ignore the policy and proceed with the activity
c) Obtain written authorization from the CIO or delegate(s) in advance
d) Report the activity to their Divisional Head

Answer 9

A
Users must not engage in any other activity reasonably deemed to be unlawful or
prohibited even if it is not explicitly stated in this Policy.

Question 10

What is the responsibility of Users managing generic system accounts?

a) Share accounts with colleagues for efficient work
b) Safeguard the use of such accounts and refrain from impersonating others
c) Use accounts to hide their identity when necessary
d) Share accounts with others for collaborative purposes

Answer 10

B
Users who manage and use generic system Account(s) to administer City business
processes and controls are accountable at all times to safe guard the use of such
Account(s). Such Users must refrain from impersonating others or misusing these
Account(s) to hide their identity, and they shall not share these Account(s) with others for
such purposes.

Question 11

According to the policy, what is the responsibility of Users for City-owned or leased Physical Technology Assets?

a) Use them for personal purposes
b) Report any damage to the IT Service Desk
c) Follow the Care, Custody, and Control of City Assets Policy
d) Share them with colleagues for collaborative purposes
e) B and C

Answer 11

E
Users are responsible:
3.1. For the City owned or leased Physical Technology Assets under their control, which City Physical Technology Assets must be dealt with in accordance with the Care, Custody
and Control of City Assets Policy;
3.2. To secure and ensure the protection of assigned City Physical Technology Assets; and
3.3. To promptly report to the IT Service Desk any loss or theft of, or damage to, assigned
City Physical Technology Assets

Question 12

When must Users report any loss or theft of assigned City Physical Technology Assets?

a) Within a week of the incident
b) As soon as possible to the IT Service Desk
c) Only if it interferes with their work
d) Only if the assets are leased by the City

Answer 12

B

Question 13

According to the policy, what must Users comply with when using personally owned technology resources?

a) City’s BYOD Program
b) City’s Personal Information Protection Policy
c) IT Use Policy Acknowledgement Form
d) Care, Custody, and Control of City Assets Policy

Answer 13

B
Users must comply with the City’s Personal Information Protection Policy when using
personally owned technology resources to access the City’s ICT for City related business.

Question 14

What is strictly prohibited in electronic communication use?

a) Marking messages as “confidential”
b) Use involving illegal activities
c) Keeping contact information current
d) Sending unsolicited commercial electronic messages
e) B&D

Answer 14

E
The following electronic communication use is strictly prohibited:
4.5.1. Inappropriate use of electronic communications;
4.5.2. Use involving illegal activities;
4.5.3. Procuring or transmitting material that violates laws and regulations and/or, the
City’s by-laws, policies or SOPs (e.g. Information Technology Cloud Policy, IT
Architectural Controls and Standards, Workplace Harassment Prevention and
others);
4.5.4. Use that interferes with the safeguarding of confidential or proprietary
information;
4.5.5. Sending Spam and/or other unsolicited commercial electronic messaging
(“CEM”), text messages, instant messages, voicemail, or other forms of
electronic communication; and/or
4.5.6. Forging, misrepresenting, or obscuring User identity on any electronic
communication to mislead the recipient

Question 15

What should not be confused with data sensitivity classifications in the Information Technology Cloud Policy?

a) Marking messages as “confidential,” “private,” or “important”
b) Use of electronic communication resources
c) City’s Employee Code of Conduct
d) Government of Canada’s classification of information

Answer 15

A
Marking messages as “confidential”, “private” or “important” where appropriate is
permitted, but it should not be confused with the use of data sensitivity classifications of
the Information Technology Cloud Policy which are “Public”, “Confidential/For Internal
Use Only”, “Sensitive-Non-Personal” and “Sensitive-Personal” or the Government of
Canada’s classification of information as “confidential”, “secret” or “top secret

Question 16

What is a prohibited use of electronic communication?

a) Marking messages as “important”
b) Interfering with the safeguarding of confidential information
c) Sending confidential information to authorized recipients
d) Forging User identity to mislead the recipient
e) c&d

Answer 16

E
The following electronic communication use is strictly prohibited:
4.5.1. Inappropriate use of electronic communications;
4.5.2. Use involving illegal activities;
4.5.3. Procuring or transmitting material that violates laws and regulations and/or, the
City’s by-laws, policies or SOPs (e.g. Information Technology Cloud Policy, IT
Architectural Controls and Standards, Workplace Harassment Prevention and
others);
4.5.4. Use that interferes with the safeguarding of confidential or proprietary
information;
4.5.5. Sending Spam and/or other unsolicited commercial electronic messaging
(“CEM”), text messages, instant messages, voicemail, or other forms of
electronic communication; and/or
4.5.6. Forging, misrepresenting, or obscuring User identity on any electronic
communication to mislead the recipient.

Question 17

Who does the Mobile Communication and Computing Devices section apply to?

a) Only those issued Mobile Devices by the City
b) All Users, regardless of device ownership
c) Only those participating in the BYOD Program
d) Anonymous persons visiting the City’s public website
e) a&c

Answer 17

E
This section applies to Users who: (i) have been issued Mobile Communication and
Computing Device(s) (“Mobile Devices”) by the City; or (ii) participate in the City’s BYOD
Program.

Question 18

When must Users seek approval to use Mobile Devices for work outside regular working hours?

a) It is never allowed
b) Approval is automatic if they own a Mobile Device
c) Approval is not required
d) Approval must be obtained from the supervisor

Answer 18

D
Usage of any Mobile Device to perform work outside of the User’s regular working hours
must be approved by the User’s supervisor in accordance with the City’s policies and
procedures regarding overtime work.

Question 19

What must Users do in the event of a lost, stolen, or compromised City Mobile Device?

a) Report it to their Divisional Head
b) Do nothing; it is the City’s responsibility
c) Notify their manager/supervisor and the IT Service Desk as soon as possible
d) Report it to the CIO directly

Answer 19

C
In the event that a Mobile Device is lost, stolen, or compromised, the employee is to notify
their manager/supervisor and the IT Service Desk as soon as possible in order to suspend
the device. A data wipe will then be activated on the lost, stolen or compromised City
Mobile Device which will completely remove all information contained on the device, and
the City is not liable of loss of any personal or business data and/or tools on such devices.

Question 20

What happens when a data wipe is activated on a lost, stolen, or compromised City Mobile Device?

a) The City is liable for any loss of personal or business data
b) It only removes City-owned information
c) It completely removes all information on the device
d) It is the responsibility of the User to perform the data wipe

Answer 20

C
In the event that a Mobile Device is lost, stolen, or compromised, the employee is to notify
their manager/supervisor and the IT Service Desk as soon as possible in order to suspend
the device. A data wipe will then be activated on the lost, stolen or compromised City
Mobile Device which will completely remove all information contained on the device, and
the City is not liable of loss of any personal or business data and/or tools on such devices.

Question 21

What should users be aware of and comply with regarding City Issued Mobile Devices?**
- A) City’s BYOD Program
- B) City’s SOP for Mobile Communications
- C) City’s SOP for Use of Social Media
- D) City’s IT Security Governing Principles

Answer 21

B
Users who have a City Issued Mobile Devices must be aware of and comply with the
City’s SOP for Mobile Communications.

Question 22

When can users use City Issued Mobile Devices for personal purposes during working hours?**
- A) Only during lunch breaks
- B) Without any restrictions
- C) In limited and reasonable amounts
- D) Only in emergencies

Answer 22

C
During a User’s working hours, usage of City Issued Mobile Devices for personal
purposes should be limited and not used excessively nor interfere with productivity or
work performance.

Question 23

Who may be held responsible for costs related to damaged City Issued Mobile Devices?**
- A) City’s IT department
- B) Users
- C) Third-party vendors
- D) Divisional Heads

Answer 23

B
Users may be held responsible for costs related to repairs to or replacement of damaged
City Issued Mobile Devices as a result of their reckless or negligent actions.

Question 24

Under what act may users be subject to discovery requests for City Issued Mobile Devices?**
- A) IT Use Policy Acknowledgement Act
- B) Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
- C) City’s BYOD Program Act
- D) Electronic Data and Intellectual Property Act

Answer 24

B
Users may subject to discovery requests under the Municipal Freedom of Information and
Protection of Privacy Act (“MFIPPA”) in respect of City Issued Mobile Devices, which
discovery process may extend to personal communications on such devices.

Question 25

What must be approved for users to participate in the BYOD Program?**
- A) Personal device model
- B) Personal phone number
- C) Participation in City events
- D) Participation in the BYOD Program

Answer 25

D
Users’ Divisional Head’s and the CIO, or their respective delegates, must approve in
writing the participation of such Users into the BYOD Program.

Question 26

What devices are excluded from the Personal Computing Devices under the BYOD Program?**
- A) Desktops and Laptops
- B) Printers and Monitors
- C) Smart TVs and Smart Watches
- D) All peripherals for such devices

Answer 26

D
Personal Computing Devices under the BYOD Program include only Smart Phones,
Tablets, Desktops and Laptops, specifically excluding all peripherals for such devices
(such as monitors and printers).

Question 27

What can the City do in the event a device is lost, stolen, or compromised under the BYOD Program?**
- A) Ignore the incident
- B) Report to management only
- C) Remotely discover and/or wipe all data
- D) Charge the user for the loss

Answer 27

C
to permit the City to install tools and controls to remotely discover and/or wipe all
data on Personal Computing Devices used in the City’s BYOD Program in the
event that a device is lost, stolen or compromised, or when the individual ceases
to be City Personnel; an

Question 28

When can the City cancel or remove a user or device from the BYOD Program?**
- A) Only during annual reviews
- B) Without any notice
- C) Only with user consent
- D) With at least 30-days written notice

Answer 28

D
The City may cancel or remove User(s) and or devices from the BYOD Program at any
time, by giving such User(s) at least 30-days written notice.

Question 29

What is the primary use of Social Media associated with the City or during work hours?**
- A) Personal entertainment
- B) City-related business
- C) Political discussions
- D) Job searching

Answer 29

B
Use of Social Media associated with the City or during work hours shall be primarily for
City related business and in accordance with the City’s SOP for Use of Social Media for
Business Purposes.

Question 30

What is considered transitory records on the City’s social networking sites?**
- A) User comments and messages
- B) City’s SOP for Use of Social Media
- C) Personal information
- D) Electronic Records

Answer 30

A
Comments and messages on the City’s social networking sites are considered transitory
records and will not be retained for any specified length of time.

Question 31

What is prohibited for City employees on personal Social Media Networks?**
- A) Sharing City SOPs
- B) Personal attacks
- C) Posting job opportunities
- D) City-related business discussions

Answer 31

B
Personal Use of Social Media:
Employees and Elected Officials as citizens have the right to voice their opinions on their
own time and at their own risk. However, they shall not:
8.7.1. Use their City’s email Account on personal Social Media Networks or Outlets;
8.7.2. Use confidential City information in any personal Social Media Accounts;
8.7.3. Launch personal attacks or make defamatory or offensive (racist, sexist, lewd,
harassing or similarly inappropriate) statements on any personal Social Media.

Question 32

What rights do employees have regarding personal use of Social Media?**
- A) Unlimited access during work hours
- B) Voice opinions at their own risk
- C) Use City’s email for personal accounts
- D) Post defamatory statements

Answer 32

B\

Question 33

What shall remain the Intellectual Property of the City?**
- A) Personal devices
- B) Electronic records
- C) User opinions
- D) Social Media posts

Answer 33

B
Employees and Elected Officials as citizens have the right to voice their opinions on theirown time and at their own risk.

Question 34

What must Users do to protect Information Assets of the City?**
- A) Share them with the public
- B) Follow relevant licenses
- C) Sell them to third parties
- D) Ignore security measures

Answer 34

B
Users shall take all reasonable precautions to protect the Information Assets of the City. Information Assets that are generally made available to the public, service providers or third-party working with, or on behalf of, the City must be appropriately protected, either
through non-disclosure agreements, contractual agreements, or appropriate disclaimers indemnifying the City.

Question 35

*What must Users with advanced system privileges adhere to?**
- A) City’s Purchasing By-law
- B) City’s IT Security Governing Principles
- C) City’s Information Technology Cloud Policy
- D) City’s IT Architectural Controls and Standards

Answer 35

B
Users who have advanced system and application privileges to administer, configure, support or have the ability to cause any changes to City’s applications, data or systems must adhere to the City’s IT Security Governing Principles.

Question 36

What is essential to ensure throughout the lifecycle of electronic records and digital data?**
- A) Non-disclosure agreements
- B) Protection, usability, and access
- C) Cloud computing services
- D) Information Technology Cloud Policy

Answer 36

B
Governance and management of electronic records and digital data throughout its lifecycle is essential to ensure protection, usability, and access in accordance with the City’s Information Management Policy, Personal Information Protection Policy and Records Retention By-law.

Question 37

What forms of e-Signature are acceptable according to the Policy?**
- A) Only secure digital signature certificates
- B) Only electronic email
- C) Only application workflow
- D) All of the above

Answer 37

D

Acceptable forms of e-Signature include, but are not limited to, any of the following:
(1) Secure digital signature certificate by a digital signature authority that is (i) valid at
the time when the data contained in an electronic document and is digitally signed;
(ii) the certificate is readable or perceivable by any person or entity who is entitled
to have access to the digital signature certificate; and (iii) the certificate contain at
minimum the name of the signatory and the date and time at which the document
was signed.
(2) Electronic email that (i) is from a mailbox owned or operated by the signatory and
can accept replies, (ii) contains specific context to the subject intended to be
approved or signed, and (iii) the signatory’s full name, time and date stamps, are all
visible and tracked.
(3) Application workflow that is (i) specific to certain process or document, (ii) can
capture the user’s login identity and/or name or signatory, (iii) tracks actions such
as approvals, rejections or others electronically, and (iv) capture and tracks time and
date stamps related to each action.
(4) An electronic signature using digital signature pads that is (i) typically connected to
point of sale or terminals, (ii) applied only to intended transaction, and (iii) witnessed
by the terminal operator and complies with MFIPPA and the City’s Privacy
Statement.

Question 38

What reserves the right to monitor access and usage of the City’s ICT?**
- A) Users
- B) CIO
- C) City
- D) IT Security Governing Principles

Answer 38

C
The City reserves the right to monitor and/or log access to, and usage of, the City’s ICT to ensure compliance with its policies, programs, practices and procedures and the laws and regulations applicable to the City

Question 39

Who will violations of this Policy be reported to?**
- A) Users
- B) Appropriate level of management and/or the CIO
- C) City’s IT department
- D) Municipal Freedom of

Answer 39

B
Users in violation of this Policy will be reported to the appropriate level of management and/or the CIO or their respective authorized delegates(s)

Question 40

What is an Account in the context of the provided glossary?**
a) A computer program
b) A combination of User ID and password
c) A digital certificate
d) A social media profile

Answer 40

B
Account or Accounts
That combination of User ID and password that provides an individual with access to a computer system or computer network.

Question 41

What does the term “Anonymous” mean in the glossary?**
a) With a distinctive name
b) Without name or a way to distinguish
c) A social media outlet
d) A type of spam message

Answer 41

B
Anonymous
Without name or way to distinguish one person or action from one another

Question 42

What is Block monitoring in the provided glossary?**
a) A type of spam filter
b) A tool that captures electronic signatures
c) A technology device for communication
d) A tool that interferes with IT monitoring tools

Answer 42

D
Block monitoring
A software or tool that interferes or ceases the functionality of the City’s Information Technology monitoring tools

Question 43

Who does City Personnel include according to the glossary?**
a) Only elected officials
b) Only employees
c) Managers, elected officials, employees, volunteers, contractors, vendors
d) Only social media users

Answer 43

C
City Personnel
Includes managers, elected officials, employees, volunteers of the City as well as contractors, vendors and subcontractors retained to provide services and/or goods
to the City

Question 44

What is Electronic Communications in the context of the glossary?**
a) Face-to-face communication
b) Any method of communication involving electronics
c) Traditional mail services
d) Only telephonic communication

Answer 44

B
Electronic Communications Any electronic method used to communicate, including but not limited to electronic mail, the Internet/World Wide Web, video recordings, facsimiles, pagers, telephones, cellular text messages, Blackberry Messenger,
Blackberry PIN, etc.

Question 45

What is an Electronic & Digital Signature based on the glossary?**
a) A handwritten signature on an electronic document
b) A styled signature captured by a Signature Pad
c) A username and password combination
d) A social media profile picture

Answer 45

B
Electronic & Digital Signature A technology based encryption key associated with a digital certificate issued by a trusted and reputable certificate authority, which can be associated with a styled signature captured by a Signature Pad or image capturing tools

Question 46

What are Information Assets according to the glossary?**
a) Only electronic documents
b) Data and electronic documents developed by Users
c) Only software
d) Only communication written by Users
e) All on the above

Answer 46

E
nformation Assets Including but not limited to data/software and/or electronic documents, electronic signature and communication written and/or developed by Users related to their work at the City.

Question 47

What does a Security Breach involve in the glossary?**
a) Following IT Security Governing Principles
b) Bypassing or contravening the IT Security Policy
c) Using electronic messaging systems
d) Updating social media profiles

Answer 47

B
Security Breach External act that bypasses or contravenes the City’s Information Technology Use Policy or IT Security Governing Principles

Question 48

What is a Signature Pad in the provided glossary?**
a) A device for capturing electronic messages
b) A technology device for communication
c) A device that captures an individual’s signature
d) A cloud computing tool

Answer 48

C
Signature Pad A technology devise that captures an individual’s
signature via a stylist or electronic pen.

Question 49

How is Social Media defined in the glossary?**
a) Traditional media outlets
b) Any form of media
c) User-created content shared in a social environment
d) Only text-based communication

Answer 49

C

Question 50

What are Social Media Networks or Outlets in the context of the glossary?**
a) A software tool for communication
b) A form of spam messaging
c) Online communities like Facebook or Twitter
d) Only multimedia sharing sites

Answer 50

C
Social Media
Social media are works of User-created video, audio, text or multimedia that are published and shared in a social environment, such as a blog, podcast, forum, wiki or video hosting site. More broadly, social media refers to
any online technology that lets people publish, converse and share content online.

Question 51

What does Spam refer to according to the glossary?**
a) Legitimate electronic messages
b) Electronic messages used for commercial activities
c) Unsolicited, bulk messages sent through electronic messaging systems
d) Only malware and viruses

Answer 51

C
Spam
Spam generally refers to the use of electronic messaging systems to send unsolicited, bulk messages. Spam messages may contain deceptive content, support illegal
activities and may also be used to deliver electronic threats such as malware, spyware and viruses.

Question 52

What is a Commercial Electronic Message (CEM) in the glossary?**
a) Any electronic message with commercial potential
b) Only emails from colleagues
c) Any message sent through a mobile device
d) Messages delivered by vendors

Answer 52

A
Commercial Electronic Message
(CEM)
Any electronic message that is made in the course of a commercial activity, regardless of whether there is an expectation of profit

Question 53

Who are Users according to the glossary?**
a) Only anonymous persons
b) Only elected officials
c) All persons/entities with access to the City’s ICT, except Anonymous persons
d) Only managers and employees

Answer 53

C
User or Users All and any persons or entities that have access to and/or make use of the City’s ICT in any form or under any plan except Anonymous persons (e.g. people surfing
the City’s public website

Question 54

What is Bring Your Own Device (BYOD) in the glossary?**
a) City-provided computing devices
b) Personally owned devices used for work-related purposes
c) Devices used only for social media
d) A type of cloud computing tool

Answer 54

B
Bring Your Own Device Personally owned portable computing devices that are
being used by employees and other personnel for work related purposes to access one or more corporate resources such as Email or the Internet.