5101:9-9-37 Data system security.

The following requirements ensure the security of departmental data and must be followed by all county employees who access the office of information technology (OIT) and the Ohio department of job and family services (ODJFS) local area networks.

(A) Users are responsible for system inquiries and activities executed with their system user indentification (USER-ID).

(B) Passwords must remain confidential and be between four and eight characters in length.

(C) A terminal or personal computer must never be left unattended or unsecured when logged onto the network.

(D) Only the files which are required to perform job duties shall be accessed.

(E) Passwords are valid for a maximum of thirty days and shall not be repeated for a twelve month period.

(F) The county liaison must contact the ODJFS security officer to have a forgotten password reset. The user will then supply a new password on their next access.

(G) Users must not change their passwords more than once per day.

(H) Users must comply with all items included on the JFS 07078 "Ohio Department of Job and Family Services Code of Responsibility" (Rev.3/03).

(I) An original signed JFS 07078 must be submitted to ODJFS with every county request for a USER-ID or user access to the OIT and ODJFS local area networks.

(J) Temporary access may be granted at the discretion of ODJFS upon receipt of a faxed request and signed JFS 07078. Failure to submit a signed original JFS 07078 to ODJFS within fourteen days will result in termination of access.

(K) The JFS 07078 is required for every new employee accessing the system, and for making changes to an existing employee's access.

(L) Counties must not modify the JFS 07078.

Replaces: 5101-9-37

Effective: 07/01/2005
Promulgated Under: 111.15
Statutory Authority: 5101.02 , 329.04
Rule Amplifies: 5101.02 , 329.04
Prior Effective Dates: 3/18/88 (Emer.), 6/10/88, 6/15/98