Purpose
This policy establishes rules for the acceptable use, security, maintenance, and oversight of the library’s IT systems, networks, and digital assets. It ensures that technology supports the library’s mission to educate, inspire, and serve the community.
Scope
Applies to:
All library staff and volunteers
Patrons
Vendors and contractors with access to the network
All technology owned, leased, or managed by the library
Includes:
Computers, laptops, and mobile devices
Library network and Wi-Fi
Servers, databases, and cloud services
Software and digital tools
Email and communication platforms
Responsibilities
Role | Responsibility |
|---|---|
Library Director | Approves IT-related policies and purchases |
IT Administrator | Maintains systems, enforces security, performs backups |
Staff | Follows policy, reports issues, uses systems appropriately |
Vendors/Contractors | Comply with access and confidentiality guidelines |
STAFF- Acceptable Use
Use systems for legitimate library work, research, education, or communication
Log in with their assigned credentials (where applicable)
Protect confidential information, including patron records
Follow all applicable copyright and licensing laws
Prohibited use includes:
Accessing or sharing obscene, illegal, or harmful content
Attempting to bypass filters or security controls
Installing unauthorized software
Using the library’s network for personal profit or business operations
PATRONS- Prohibited use includes-
Accessing or sharing obscene, illegal, or harmful content
Attempting to bypass filters or security controls
Installing unauthorized software
Data and Privacy
Patron borrowing and personal data is confidential under Ohio law.
Staff must not access patron or staff records unless required for job duties.
All digital records are managed in accordance with library records retention policies.
Password & Account Security
Staff passwords must be strong (e.g., 12+ characters, include symbols and numbers).
Admin Staff passwords must not be shared.
Accounts will be deactivated immediately upon termination or reassignment.
Staff are required to log off shared workstations after use.
Public Access Computers & Wi-Fi
Internet access is filtered as required by CIPA (Children’s Internet Protection Act).
Sessions may be timed to ensure fair access.
Software & Updates
Only approved software may be installed on library devices.
Software updates, antivirus, and security patches will be applied regularly.
Staff should not disable or ignore software or system update prompts.
Equipment Care
Devices must be handled responsibly and stored securely when not in use.
Library IT equipment may not be removed from the premises without approval.
Any loss, theft, or damage must be reported immediately to a supervisor or IT.
Backups & Disaster Recovery
Staff documents stored on library servers are backed per disaster recovery policy
Per disaster recovery policy, backups are maintained for critical systems.
Staff are encouraged to save work to shared drives or cloud storage when available.
Security Incidents
Report immediately:
Phishing attempts or suspicious emails to OVT, Director, and SEO
Malware, ransomware, or system compromise to OVT and Director
Lost or stolen equipment to Director and OVT
Any suspected breach of confidential data to Director and OVT
Enforcement
Violations by staff may result in disciplinary action, up to termination.
Violations by patrons may result in loss of access to library technology or services.
Illegal activity will be reported to law enforcement.
Policy Review
This policy will be reviewed annually or after major changes in technology or laws.
Revisions must be approved by the Library Director and/or Board of Trustees.
Review Vendor list and Contacts every 3-6 months