Chapter 1 “Dear Staff”

Dear Staff,

I know what you're thinking: "Wow, this popped up on my screen and won't let me sign in till I click agree (#annoying); I better scroll to the bottom as quickly as possible and click accept to get on with my day.” …Trust me; you will enjoy reading this way more than I enjoyed writing it. I know 11 pages is a lot, but the good news is that you only need to read Chapter 1 to understand it.

~ Austin Janey

North Coast Church extends to staff the use of its networks, applications, and systems. Such access is a privilege that requires individuals to act responsibly. "Our purpose and our product is people," – respecting the rights of others, observing relevant laws, and following policies like this one are some of the ways we build a safe, effective environment for ministry to take place.

The IT Team and You!

Understanding the role the IT Team plays in your ministry helps ensure resources and time are well spent within your ministry. The IT Team at North Coast is exclusively responsible for providing computers, software, services (like Microsoft 365!), and IT support. If you need any of those, please reach out to itteam@northcoastchurch.com so we can work with you! We also offer Wi-Fi at all our locations, but ONLY IT-provided and authorized computers and devices are allowed to connect to our private networks. If you brought a device from home, you are more than welcome to connect to our guest network. Unauthorized computers, devices, and software will be removed when found.

Misuse

By understanding what is generally "against the rules," you can conclude other behaviors that would also be against policy. For more details, please read Chapter 2 of this document. Examples of misuse include but are not limited to the following:

1. Sharing login information, using any account that does not belong to you, or allowing others to use your computer or account.
2. Knowingly performing any act that may interfere with the regular operation of computers, networks, software, or other technology.
3. Running programs intended to damage, place excessive load on, or alter how computers or networks operate.
4. Attempting to uncover security loopholes or to gain unauthorized access to computer systems or data.
5. Harassing others.
6. Attempting to monitor or tamper with another user's communications.
7. Reading, copying, changing, or deleting another user's files or software without the owner's consent.
8. Attempting to hide the activity or identity of computers, network devices, software, or accounts.
9. Connecting personal computers or devices to North Coast's internal networks or computers. You may use our guest networks for personal devices.
10. Moving, removing, or disconnecting computers, networking equipment, copiers, and other devices provided by the IT Team without prior authorization.
11. Connecting routers, switches, or other networking equipment to our networks.
12. Using your ministry accounts or access for non-ministry use. Use your @northcoastchurch.com email account for ministry-related purposes only.

It is helpful to understand that computer systems are designed to track, log, and relay information. You should never expect any action on any computer or device to be private, hidden, or unable to be discovered at a future date.

Additional Policies

Additional computer and network use policies, terms, and conditions may be in place for specific services North Coast Church offers. Because technology advances at a rapid pace, situations not covered in this policy will undoubtedly unfold. As they do, you can expect the IT Team to provide guidance and update our terms of use policy accordingly.

Thanks for reading Chapter 1, you can read Chapter 2 by continuing to scroll at a reasonable pace, or you can scroll rapidly past Chapter 2 to continue your day. Note: Chapter 2 applies to you regardless of whether or not you read it. If you have any questions about North Coasts IT Policy or need help, please reach out to itteam@northcoastchurch.com; IT’s what we are here for.

~ The Networks Applications and Systems Administration

Chapter 2 “North Coast Church Terms of Use”

1. Overview

The intention of publishing an Acceptable Use Policy is not to impose restrictions contrary to North Coast Church's established culture of openness, trust, and integrity. IT is committed to protecting employees, partners, and North Coast Church from illegal or damaging actions by individuals, either knowingly or unknowingly.

Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts, email, web browsing, and file sharing, are the property of North Coast Church. These systems are to be used for ministry purposes.

Effective security is a team effort involving every North Coast Church employee and affiliate who deals with information or information systems. It is the responsibility of every computer user to know these guidelines and conduct their activities accordingly.

2. Purpose

This policy aims to outline the acceptable use of technology at North Coast Church. These rules are in place to protect the employee and North Coast Church. Inappropriate use exposes North Coast Church to risks such as virus attacks, compromise of network systems and services, and legal issues.

3. Scope

This policy applies to the use of information, electronic and computing devices, and network resources to conduct North Coast Church business or interact with internal networks and business systems, whether owned or leased by North Coast Church, the employee, or a third party. All employees, contractors, consultants, temporary, and other workers at North Coast Church are responsible for exercising good judgment regarding the appropriate use of information, electronic devices, and network resources in accordance with North Coast Church policies, standards, local laws, and regulations. Exceptions to this policy are documented in section 5.2.

This policy applies to employees, volunteers, contractors, consultants, temporaries, and other workers at North Coast Church, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by North Coast Church.

4. Terms of Use

4.1 General Use and Ownership

4.1.1 North Coast Church proprietary information stored on electronic and computing devices, whether owned or leased by North Coast Church, the employee, or a third party, remains the sole property of North Coast Church.

4.1.2 You are responsible for promptly reporting the theft, loss, or unauthorized disclosure of North Coast Church information.

4.1.3 You may access, use, or share North Coast Church proprietary information only to the extent authorized and necessary to fulfill your assigned job duties.

4.1.4 Employees are responsible for exercising good judgment regarding the reasonableness of personal use. If there is any uncertainty, employees should consult their supervisor or reach out to IT for guidance.

4.1.5 For security and network maintenance purposes, authorized individuals within North Coast Church may monitor equipment, systems, and network traffic at any time.

4.1.6 North Coast Church reserves the right to audit networks and systems periodically to ensure compliance with this policy.

4.2 Security

4.2.1 System-level and user-level passwords must comply with the Password Policy (outlined in 4.5). Providing access to another individual, either deliberately or through failure to secure its access, is prohibited.

4.2.2 You must lock the screen or log off when the device is unattended.

4.2.3 Postings by employees from a North Coast Church email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of North Coast Church unless posting is during business duties.

4.2.4 Employees must use extreme caution when opening emails received from unknown senders.

4.3 Email Use

4.3.1 All use of email must be consistent with North Coast Church policies and procedures of ethical conduct, safety, compliance with applicable laws, and proper business practices.

4.3.2 North Coast Church email accounts should be used for North Coast Church business/ministry-related purposes only.

4.3.3 The North Coast Church email system shall not be used for the creation or distribution of any disruptive or offensive messages, including offensive comments about race, gender, hair color, disabilities, age, sexual orientation, pornography, political beliefs, or national origin. Employees who receive any emails with this content from any North Coast Church employee should report the matter to their supervisor immediately.

4.3.4 Users are prohibited from automatically forwarding North Coast Church email to a third-party email system (noted in 4.3.5 below). Individual messages which are forwarded by the user must not contain North Coast Church confidential or above information.

4.3.5 Users are prohibited from using third-party email systems and storage servers such as Google, Yahoo, MSN Hotmail, etc. to conduct North Coast Church business, to create or memorialize any binding transactions, or to store or retain email on behalf of North Coast Church.

4.3.6 Sending chain letters or joke emails from a North Coast Church email account is prohibited.

4.3.7 North Coast Church employees shall have no expectation of privacy in anything they store, send or receive on North Coast Church’s email system.

4.3.8 North Coast Church may monitor messages without prior notice. North Coast Church is not obliged to monitor email messages.

4.4 Unacceptable Use

The following activities are, in general, prohibited. Employees may be exempted from these restrictions during their job responsibilities (e.g., systems administration staff may need to disable network access if a computer or device disrupts production services).

Under no circumstances is an employee of North Coast Church authorized to engage in any illegal activity under local, state, federal, or international law while utilizing North Coast Church-owned resources.

The lists below are incomplete but attempt to provide a framework for activities that fall into unacceptable use.

4.4.1 Prohibited System and Network Activities

The following activities are strictly prohibited, with no exceptions:

1. Connecting personal computers or devices to North Coast's internal networks. You may use our guest networks for personal devices.
2. Violation of the rights of any person or Company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by North Coast Church.
3. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books, or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which North Coast Church or the end-user does not have an active license is strictly prohibited.
4. Accessing data, a server, or an account for any purpose other than conducting North Coast Church business is prohibited, even if you have authorized access.
5. Exporting software, technical information, encryption software, or technology in violation of international or regional export control laws is illegal. The appropriate management should be consulted before the export of any material that is in question.
6. Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, email bombs, etc.).
7. Revealing your account password to others or allowing others to use your account. This includes family and other household members when work is being done at home.
8. Using a North Coast Church computing asset to actively procure or transmit material that violates sexual harassment or hostile workplace laws.
9. Making fraudulent offers of products, items, or services originating from any North Coast Church account.
10. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
11. Port scanning or security scanning is expressly prohibited.
12. Executing any form of network monitoring which will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job/duty.
13. Circumventing user authentication or security of any host, network, or account.
14. Introducing honeypots, honeynets, or similar technology on the North Coast Church network.
15. Interfering with or denying service to any user other than the employee's host (for example, denial of service attack).
16. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
17. Providing information about, or lists of, North Coast Church employees or information to parties outside North Coast Church.
18. Sharing, Distributing or Uploading information collected by ministries or found in church databases.

4.4.2 Prohibited Email and Communication Activities

When using North Coast Church resources to access and use the Internet, users must realize they represent the North Coast Church. Whenever employees state an affiliation to the North Coast Church, they must also clearly indicate that "the opinions expressed are my own and not necessarily those of the North Coast Church." Questions may be addressed to the IT Team.

1. Sending unsolicited email messages, including sending "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).
2. Any form of harassment via email, telephone, or paging, whether through language, frequency, or size of messages.
3. Unauthorized use or forging of email header information.
4. Solicitation of email for any other email address other than that of the poster's account, with the intent to harass or to collect replies.
5. Creating or forwarding "chain letters," "Ponzi," or other "pyramid" schemes of any type.
6. Use of unsolicited email originating from within North Coast Church's networks of other Internet/Intranet/Extranet service providers on behalf of, or advertise, any service hosted by North Coast Church or connected via North Coast Church's network.
7. Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

4.4.3 Blogging and Social Media

1. Whether using North Coast Church's property and systems or personal computer systems, blogging by employees is also subject to the terms and restrictions outlined in this policy. Limited and occasional use of North Coast Church's systems to engage in blogging is acceptable if it is done professionally and responsibly, and does not otherwise violate North Coast Church's policy, is not detrimental to North Coast Church's best interests, and does not interfere with an employee's regular work duties. Blogging from North Coast Church's systems is subject to monitoring.
2. Employees are prohibited from revealing any North Coast Church confidential or sensitive information when blogging.
3. Employees shall not engage in any blogging that may harm or tarnish the image, reputation, and/or goodwill of North Coast Church and/or any of its employees. Employees are also prohibited from making discriminatory, disparaging, defamatory, or harassing comments when blogging or engaging in any conduct prohibited by North Coast Church's Non-Discrimination and Anti-Harassment policy.
4. Employees may not attribute personal statements, ideas, or beliefs to North Coast Church when blogging. Suppose an employee expresses his or her beliefs and/or ideas in blogs. In that case, the employee may not expressly or implicitly represent themselves as an employee or representative of North Coast Church. Employees assume all risks associated with blogging.
5. Apart from following all laws about the handling and disclosure of copyrighted or export-controlled materials, North Coast Church's trademarks, logos, and any other North Coast Church intellectual property may also not be used in connection with any blogging activity.

4.5 Passwords

Passwords are an essential aspect of computer security. A poorly chosen password may result in unauthorized access and exploitation of our resources. All staff, including contractors and vendors with access to North Coast Church systems, are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.

4.5.1 Password Creation Guidelines

All users at North Coast Church should be aware of how to select strong passwords. Strong passwords have the following characteristics:

• Contain the five following character classes:
• Lower case characters
• Upper case characters
• Numbers
• Punctuation
• “Special” characters (e.g. @#$%^&*()_+|~-=`{}[]:";'<>/ etc)
• Contain at least fifteen alphanumeric characters.

Weak passwords have the following characteristics:

• The password contains less than fifteen characters
• The password is a word found in a dictionary (English or foreign)

Passwords should not contain common usage words such as:

• Names of family, pets, friends, co-workers, fantasy characters, etc.
• Computer terms and names, commands, sites, companies, hardware, or software.
• The words "North Coast Church," "NCC," your ministry's name, location, or any derivation that might be easy to guess.
• Birthdays and other personal information such as addresses and phone numbers.
• Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
• Any of the above spelled backwards.
• Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Try to create passwords that can be easily remembered. One way to do this is to create a password based on a song title, affirmation, or other phrases. For example, the phrase might be: "This May Be One Way To Remember," and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.

NOTE: Do not use our examples as passwords!

4.5.2 Password Rules

1. Users must use a separate, unique password for each of their work-related accounts.
2. Users may not use any work-related passwords for their own personal accounts.
3. User accounts that have system-level privileges granted through group memberships or programs such as sudo must have a unique password from all other accounts held by that user to access system-level privileges.
4. It is strongly recommended that some form of multi-factor authentication is used for any privileged accounts.

4.5.3 Password Change

1. Passwords should be changed only when there is reason to believe a password has been compromised.
2. Password cracking or guessing may be performed on a periodic or random basis by the IT Team or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change it to follow the Password Construction Guidelines.

4.5.4 Password Protection

1. Passwords must not be shared with anyone, including supervisors and coworkers. All passwords are to be treated as sensitive, Confidential North Coast Church information.
2. Passwords must not be inserted into email messages, Helpdesk messages, or other forms of electronic communication, nor revealed over the phone to anyone.
3. Passwords may be stored only in “password managers” authorized by the organization. We highly recommend adopting a password manager today.
4. Any user suspecting his/her password may have been compromised must report the incident to itteam@northcoastchurch.com and change all passwords.

4.6 Approved Tools

North Coast Church utilizes a suite of approved software tools for internal use by staff and volunteers. These software tools are either self-hosted with security managed by the IT Team or hosted by entities with the appropriate business agreements to preserve data integrity. The setup of new digital tools is the sole responsibility of the IT Team; if you would like to add a tool to the approved applications list, please contact itteam@northcoastchurch.com.

4.6.1 Approved Applications

1. Microsoft 365 – Document creation, file storage, sharing, and collaboration
2. Google Drive - Document creation, file storage, sharing, and collaboration
3. Adobe Creative Cloud – Content creation: See Derek Geer for access.
4. Rock – Church Management Software
5. 1Password – Password creation, storage, and management
6. Google Chrome – Web browser
7. QuickBooks – Accounting System
8. Zoom – Videoconferencing
9. Constant Contact - External Email Communication: Contact webrequests@northcoastchurch.com for access.
10. HubSpot – For website analytics and ministry use
11. Concur – Accounting System
12. Asana – Project management software

4.6.2 Approved Application Stores

1. App Store – The official App Store for iPhone, iPad, and Mac products.

4.6.3 Approved Application Extensions and Plugins

In general, North Coast does not recommend using Browser Add-ons outside of the ones listed below; however, we allow these tools if they enhance productivity. If you would like to use a browser extension, please contact itteam@northcoastchurch.com so we can review and add it to the allowed list of extensions.

1. 1Password – Password management
2. Ublock Origin – Advertisement blocker
3. WasteNoTime – Distraction blocker
4. OneNote – Office 365 Extension

4.6.4 Requesting Software and Services

1. When you discover an application that might be useful to your ministry, send a request to itteam@northcoastchurch.com to start the review process.

4.6.5 Domains and Websites

1. Procurement of new domains is the sole responsibility of the Web Team.
2. Using ministry funds to purchase domain names or create websites is prohibited.
3. The creation of websites for ministry use is at the sole discretion of the web team. Please send any requests for new websites to webrequests@northcoastchurch.com.

4.7 IT Asset Responsibilities

You may be assigned Hardware and Software to perform your work if assigned IT Assets; you should be aware of your responsibilities.

4.7.1 Hardware Asset Responsibilities

1. Mobile computers, tablets, and other devices should never be left unattended in a vehicle or a public place.
2. Assigned devices should be returned after the duration of use has ended.
3. Devices assigned for events taking place on campus should not be taken off-site.
4. Offices with unattended devices should be locked when not in use.

4.7.2 Software Asset Responsibilities

1. Assigned software should be used exclusively with the hardware device checked out to you. Redistributing assigned software licenses to personally owned devices is prohibited.

5. Policy Compliance

5.1 Compliance Measurement

The IT team will verify compliance with this policy through various methods, including but not limited to business tool reports, internal and external audits.

5.2 Exceptions

The IT team must approve any exception to the policy in advance.

5.3 Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Enforcement

Minor policy infractions or those that appear accidental are typically handled informally by email or in-person discussions. Individuals who violate church policy, law(s), regulations, contractual agreement(s), or violate an individual's rights can expect the immediate deactivation of their accounts for review. Failure to comply with this policy may result in temporary or permanent access restrictions, removal from your role, termination, or legal action.

Please direct any questions to the IT Team at itteam@northcoastchurch.com.