315 – Sheriff’s Information Resource System (SIRS)
I. Policy
The Harris County Sheriff’s Office (HCSO) retains the right to allocate its information resources and to control access to its electronic communications systems. The objectives of this policy are to achieve efficient and effective information management, support program and service delivery, foster informed decision making, facilitate accountability, and preserve and ensure access to information and records for the benefit of the HCSO.
This policy applies to all HCSO members and governs access rights to all information in the Sheriff’s Information Resource System (SIRS).
II. Definitions
Access rights: Permissions or privileges granted to users, programs, or workstations to create, change, delete, or view data and files within a system as defined by rules established by data owners and the information security policy.
Accountability: The ability to map a given activity or event to the responsible party to make the person accountable for his or her actions.
Availability: The property of which data or information is accessible and useable upon demand by an authorized person.
Confidentiality: Data or information that shall not be made available or disclosed to unauthorized persons or processes.
User: Any person who has been authorized to read, enter, or update information. A user of information is expected to understand the extent of his or her authorization. Every user shall share data to which they have access under this policy ONLY with others who share the same or have greater access rights to that data.
III. Procedure
A. SIRS Application Administrator
1. The SIRS application administrator shall be a professional assigned to the Human Resources Division (HR) and appointed by the Executive Command chief.
2. The HR director shall annually review and evaluate all employees who have been assigned the SIRS application manager role and submit an annual report to the Executive Command chief with suggestions on how to manage SIRS more efficiently while maintaining system integrity.
3. The HR director is responsible for removing, and replacing if necessary, an employee assigned to the SIRS application administrator security level at the time of the employee’s end of employment. If the HR director is also assigned as the SIRS application administrator, the Executive Command chief shall assume this function.
4. The HR director may suspend any SIRS role as deemed necessary to ensure the integrity of information. Any intentional violation of this policy is prohibited, and appropriate sanctions will be determined up to dismissal from the HCSO depending on the severity of the breach.
If a user’s role is suspended, the user’s chain of command shall be notified and provided the reason for the suspension.
B. SIRS Application Manager
1. Each HCSO command shall have at least one application manager who is responsible for granting SIRS access rights to employees in the command. The application manager shall be appointed by each chief or the Sheriff.
2. Written documentation of such an appointment by the chief deputy shall be submitted to HR with the following criteria:
a. Dated within the last 14 days, and
b. Signed by the chief deputy or Sheriff.
3. The assigned SIRS application manager shall demonstrate full understanding of the responsibilities of the assignment before the assignment is made final.
4. All SIRS application manager assignments are provisional, and the manager must attend SIRS training. Upon successful completion of the training program, the assignment becomes final.
5. Due to the confidential nature of the SIRS software, the Sheriff, iSecurity master administrator, HR director, or Systems Intelligence Bureau commander may request or require further detailed training prior to finalizing the placement of an employee in a SIRS application manager role.
6. The Systems Intelligence Bureau shall provide each chief with an annual list of their application managers. Each chief shall review and evaluate all appointed application managers annually. The HR Division and the Systems Intelligence Bureau shall prepare a biannual report to the Sheriff via the HR director evaluating the overall performance of the SIRS software with recommendations to improve the efficiency and security of the system.
7. In the event the Sheriff or a chief deputy deems removing a SIRS application manager is necessary, the chief deputy or his or her designee shall be responsible for notifying the SIRS application administrator of an employee’s removal from an application administrator role with notice that shall include, at a minimum, the following:
a. Date of end of employment,
b. Change in assignment,
c. Change in position, and
d. Change in employee status.
Each command shall provide a signed and approved standard operating procedure for the process to appoint a SIRS application manager.
C. Access Rights
HR shall create all user roles within SIRS. The application manager shall be responsible for providing access rights to users within the command.
1. Each command within the HCSO shall appoint a SIRS application manager.
2. Command application managers shall approve user security levels within the chief’s command.
3. Command application managers shall monitor employee transfers in and out of the command to maintain integrity of data in SIRS.
4. The general policy of SIRS shall be:
a. The Sheriff and chiefs have access to all SIRS data,
b. Majors and captains shall have access to view non-hidden SIRS data within the department,
c. Lieutenants shall have access to view non-hidden SIRS data within their command, lieutenant and below, and
d. Sergeants shall have access to view non-hidden SIRS data within their division, sergeants and below.
All other access rights are specifically determined by the level of responsibility for the position the employee serves and are specifically granted by the SIRS application manager.
D. Privacy
1. User Responsibilities
Users shall respect the privacy and access privileges of other users. Users shall treat institutional data in SIRS as confidential. Users shall not access files without proper authorization and shall not share files with anyone who has not been granted access rights.
2. In making appropriate use of SIRS, users must NOT:
a. Gain, attempt to gain, or help others gain access without authorization, or
b. Use or knowingly allow other persons to use SIRS for any purpose other than an official HCSO purpose.
E. Notice of Changes of Status Within SIRS
Changes of status in SIRS shall only take effect upon the beginning of a Harris County official pay period. Any request to change a status (e.g., promotion, transfer, retirement, etc.) must be processed in SIRS within five (5) days prior to the end of a pay period (Friday) for the change to be effective on the start date of the next pay period (Saturday).
The Sheriff or his or her designee shall have the authority to implement a change of status in SIRS as deemed necessary for the good of the HCSO.
Revision
This policy has been revised on the below listed dates:
November 21, 2013