DHMH POLICY NUMBER: 02.01.02
Cross-Reference: Information Resource Management Administration

TITLE: POLICY ON THE USE AND COPYING OF SOFTWARE AND THE PREVENTION OF COMPUTER SOFTWARE COPYRIGHT INFRINGEMENT

SHORT TITLE:  SOFTWARE COPYRIGHT

I.    EXECUTIVE SUMMARY

This policy states that the Department of Budget and Fiscal Planning (now Department of Budget and Management, DBM) Manual #95-1, Prevention of Software Copyright Infringement, is the basic document for guiding employees of the Department of Health and Mental Hygiene (DHMH) in the prevention of software copyright infringement. All employees of the DHMH are told that they shall not make copies of software products or software documentation or use office computers for any purpose other than official business. Software not specifically purchased or acquired through established procurement channels is not authorized for use on DHMH computers. Freeware and/or Shareware products must be reviewed by the Information Technology Support Division before they can be used on any DHMH personal computer (PC), regardless of whether the PC is networked or not. All employees are told that they must sign the State of Maryland, Software Code of Ethics.

Specific instructions are given to the Executive Assistant to the Secretary, Deputy Secretaries, Directors of Administration, Superintendents of facilities or equivalent, Local Health Officers, Heads of independent units, and Personnel Officers.

A formal means of control is established to help enforce the policy. A Software Manager position with authority to implement and see to adherence of the software policy is established. The appointment of Software Monitors is mandated and facilities and local health departments are to also have a Chief Software Monitor. The duties of the Software Manager, Chief Software Monitor, and the Software Monitors are enumerated.

The date for the submission of the Certification attesting to compliance with State policy for prevention of software copyright infringement to the Secretary, DBM, by the Secretary, DHMH, is given.

II. BACKGROUND

This DHMH Policy 02.01.02, Policy On The Use Of And Copying Of Software And The Prevention Of Computer Software Copyright Infringement, effective May 12, 1998, supersedes and makes obsolete DHMH Policy 9170, Policy on the Copying of Computer Software, which was effective 3/17/92.

The Department of Budget and Fiscal Planning (DBFP) on June 1, 1995, promulgated DBFP Manual #95-1. The DBFP Manual #95-1 establishes specific policy and procedure requiring strict adherence to the Federal Copyright Act as regards computer software. The DBFP Manual #95-1 requires the maintaining of adequate software records, the implementing of employee information and control procedures necessary to prevent copyright infringement, and the signing of the State of Maryland Software Code of Ethics by each State employee with known or potential access to a computer or computer software. The DBFP Manual #95-1 also requires that the agency head (Secretary of Health and Mental Hygiene) certify annually that the agency (DHMH) is in compliance with the policies and procedures of the DBFP Manual #95-1.

The added requirements of DBFP Manual #95-1 necessitate issuance of an updated DHMH policy and more comprehensive control, education, and reporting procedures on the part of the Department.

The Copyright Act of 1976, a federal statute, prohibits the making of unauthorized copies of computer software and related documents. Persons who make unauthorized copies are subject to severe civil penalties, even when they are unaware that such conduct is a violation of copyright law. The licenses that come with computer software constitute legally binding agreements whereby the purchasers or users of the software accept automatically (by opening the package) the prohibitions set out therein against making unauthorized copies. Additionally, as it is an established fact that the copying of software is a major cause of computer virus infection and proliferation, the use of only original, licensed software packages will minimize the risk of viral damage to computer systems.

III. POLICY STATEMENTS

A. EXCLUSIONS

This policy does not prohibit the legitimate reproduction of software for archival or back up purposes or for other uses specifically permitted by the software licensor.

B. DEFINITIONS

1. Employee(s), for purposes of this policy, shall mean any one who is directly employed by or works for the DHMH whether full time, part-time, temporary, emergency, contractual, agency, or volunteer.

2. Authorized Software means software used in accordance with the software license or owned by the agency.

3. Computer means an electronic, magnetic, optical, organic, or other data processing device or system that performs logical, arithmetic, memory, or storage functions. It includes any data storage facility, or communications facility that is directly related to or operated in conjunction with that device or system.

4. Software means computer programs, instructions, procedures, or associated documentation that is concerned with the operation of a computer system.

5. Department of Health and Mental Hygiene (DHMH), for purposes of this policy, shall mean the headquarters, regardless of location; facilities; independent units of the DHMH; and local health departments of each county.

C. GENERAL

1. This policy shall augment DBFP Manual #95-1 and give specific instructions to all employees and specific authority to some.

2. The Director, Information Resources Management Administration (IRMA), shall be responsible for the administration and implementation of a program, based on DBFP Manual #95-1 and this policy, to prevent software copyright infringement by employees of the DHMH and train employees of the DHMH regarding software copyright infringement.

3. All Deputy Secretaries or equivalent, Assistant Secretaries or equivalent, Directors of Administrations, Superintendents of facilities or equivalent, Local Health Officers, Heads of independent units, and other managers shall be responsible for periodically informing their employees of this policy and of the pertinent laws and heavy fines to which copyright violators are subject.

4. The Executive Assistant to the Secretary, DHMH, shall:

   a. Obtain, on or after June 15 of each year but before July 1 of the same year, a memorandum from each Deputy Secretary and the Head of each independent unit certifying that employees under their jurisdiction are in compliance with DBFP Manual #95-1 and this policy.

   b. Prepare and submit the annual certification which is required by DBM.

5. The appropriate DHMH personnel officer (Director of Personnel Services Administration for Headquarters, Director of Personnel, Personnel Officer, Personnel Associate, etc., for facilities, Independent Units, and Local Health Departments) shall include in the employee's personnel file the original signature copy of the State of Maryland, Code of Ethics form of each employee in their jurisdiction who has access to or potential access to computers.

6. Employees of DHMH who have budgetary responsibility and/or supervisory responsibility shall plan for their software needs and shall include sufficient funds in their budgetary requests so that they may provide legally acquired software through the proper channels (See Policy DHMH 9191, Policy on the Acquisition and Utilization of Automatic Information Processing Resources (AIPR) and Data Processing Position, update in progress) to meet their unit's legitimate needs in a timely fashion and in sufficient quantities to satisfy those needs.

7. All present employees and all new employees of DHMH with access to or potential access to computers shall sign the State of Maryland, Code of Ethics. The original signed copy shall be placed in the employee's personnel file maintained by his/her personnel officer, and a copy shall be placed in the work folder of the personal computer used by the employee.

8. Employees of DHMH shall not make unauthorized copies of software products or software documentation.

9. Employees of DHMH shall not use unauthorized copies of software or software documentation.

10. Employees of DHMH shall not use their computers for any purpose other than official business.

11. Employees of DHMH shall abide by the Copyright Act of 1976, as amended from time to time, any license agreements that come with the computer software, and any other laws or regulations that are promulgated that relate to the copying of software products.

12. Where doubt exists as to whether copying is authorized or unauthorized, employees should contact the Director, Information Resources Management Administration, DHMH, or designee.

D. AUTHORITY

1. The Director, Information Resources Management Administration, DHMH, shall:

   a. Irrespective of licensing provisions, define which software is authorized and permissible for use by DHMH employees on State owned computer equipment.

   b. Establish and maintain centralized records of all software purchased by or through the DHMH headquarters.

   c. Appoint a Software Manager who shall oversee implementation of and adherence to software policy established within DHMH.

   d. On or before May 15 of each year, inform the Deputy Secretaries, Directors of Administrations, Superintendents of facilities or equivalent, Local Health Officers, Heads of independent units, and the Software Monitors that the acknowledgment for compliance with State policy and this policy for prevention of software copyright infringement is due in the Office of the Secretary, DHMH, by June 15 of the respective year and the procedure to follow.

   e. On or before June 1 of each year, inform the Secretary, DHMH and the Executive Assistant to the Secretary:

1) that the certificate attesting to DHMH's compliance with State policy on prevention of software copyright infringement should be signed by the Secretary of Health and Mental Hygiene no later than July 1 of the respective year and forwarded to the Secretary, Department of Budget and Management.

2) of the procedure by which they are to receive compliance acknowledgment from all units of DHMH.

2. The Director, Personnel Services Administration, at the request of and in coordination with the Director, Information Resources Management Administration, shall conduct classes for the purpose of training Software Monitors and employees. The classes will be conducted as part of the normal employee orientation program and when needed as ascertained by the Director, Information Resources Management Administration.

3. Deputy Secretaries or equivalent, Directors of Administrations, Superintendents of Facilities or equivalent, Local Health Officers, and Heads of Independent units shall:

   a. Appoint a person or persons with a working knowledge of computers and with the authority to take the necessary action to prevent copyright violations to be a Software Monitor(s) for his or her respective unit or units.

   b. Send , when appointed and whenever requested, the name of the appointed Software Monitor(s) to the Director, Information Resources Management Administration.

   c. Report, through appropriate channels, to the Secretary, Department of Health and Mental Hygiene, by June 15 of each year, that their respective unit(s) comply with State policy and this policy for prevention of software copyright infringement (See Appendix II).

4. Deputy Secretaries, in addition to duties enumerated in Section III. D. 3. shall:

   a. Ensure that all units under their authority comply with State policy and this policy for the prevention of software copyright infringement.

   b. Ensure that all units under their authority submit certificates of compliance, (See Appendix II), in a timely manner, through the appropriate channels.

5. Superintendents of Facilities or equivalent, in addition to duties enumerated in Section III. D. 3. shall:

   a. Appoint one Software Monitor to be the Chief Software Monitor.

   b. Inform the Director, Information Resources Management Administration, of the name of the person selected to be Chief Software Monitor.

6. Local Health Officers, in addition to the duties enumerated in Section III. D. 3. shall:

   a. Establish and maintain centralized records of all software acquired by all units under their jurisdiction.

   b. Ensure that all units under their authority comply with State policy and this policy for the prevention of software copyright infringement.

   c. Submit compliance acknowledgment, in a timely manner, through the Director, Community and Public Health Administration.

   d. Appoint one Software Monitor to be Chief Software Monitor.

   e. Inform the Director, Information Resources Management Administration, of the name of the person selected to be Chief Software Monitor.

7. The Software Manager shall:

   a. Conduct training for the designated Software Monitors, identifying specific duties and responsibilities.

   b. Conduct training for the Chief Software Monitors of the facilities and local health departments with emphasis on the presenting of the DHMH Software Policy to new employees during employee orientation at their respective units.

   c. Maintain communication with and provide assistance to all Software Monitors regarding the DHMH Policy, procurement, record maintenance, receipt and installation, virus protection, and manufacturers' licensing.

   d. Present DHMH Software Policy to new DHMH Headquarters employees during employee orientation.

   e. Conduct random computer audits on DHMH Headquarters computers to ensure compliance.

   f. Report all incidents of computer software copyright infringement to the Director, Information Resources Management Administration, or designee.

   g. Perform other related duties as requested by the Director, Information Resources Management Administration, or designee.

8. Software Monitors shall:

   a. Periodically inform all of the employees for whom the Software Monitor is responsible, of this policy and the pertinent laws and heavy fines to which copyright violators are subject.

   b. Ensure that the Code of Ethics is signed by each user or potential user of a PC and that the original is maintained by the Personnel Officer and a copy is maintained in the individual's work folder).

   c. Identify the Primary User for each PC for which the Software Monitor is responsible.

   d. Establish a work folder for each Personal Computer (PC) for which the Software Monitor is responsible.

   e. Identify each folder with:

       1) the name of the PC's primary user.

       2) the System Unit Description and Serial Number.

   f. Place in each work folder:

       1) Software Log (See Appendix III) containing, at a minimum, the information needed to comply with the Software Publishers Association (SPA) requirements and recommendations.

       2) Software License.

       3) Registration Form (copy).

       4) Signed Code of Ethics statement by the user or users of
           the  PC (copy).

       5) Original System Diskettes which may be stored in
           another area if readily accessible.

       6) Print-out of the Self Audit.

   g. Register software with the respective manufacturer.

   h. Store original diskettes in a readily accessible centralized location or store in the work folder established for each PC.

   i. Maintain all other necessary records in a safe but readily accessible centralized location.

   j. Periodically conduct computer audits on all computers for which the Software Monitor is responsible.

   k. Implement virus protection measures.

   l. Delete all software for which there is no license or which was not legally procured.

   m. Report all incidents of computer software copyright infringement to the appropriate higher echelon and to the Director, Information Resources Management Administration, or designee.

   n. Certify, in writing, through channels, to the appropriate higher echelon that the Software Monitors area of responsibility is either in compliance or not in compliance with software policy/procedure.

   o. If area of responsibility is not in compliance, list reasons and names of individuals who do not comply in the compliance report.

   p. Perform other duties as requested by the Director, Information Resources Management Administration, or designees.

9. The Chief Software Monitor, in addition to duties enumerated in Section III. D. 8. shall:

   a. Maintain communication with the Software Manager (discuss problems, attempt to find solutions together, etc.).

   b. Present DHMH Software Policy to new employees during employee orientation and/or to new employees, individually, when hired by explaining policy, regulations, orders, etc. and ensuring that all certifications are signed.

   c. Conduct random audits on computers which are the primary responsibility of Software Monitors under the authority of the Chief, Software Monitor (See Section III. D. 8. j. above), to ensure compliance with all laws, DBFP Manual, this Policy, etc. dealing with computer software copyright infringement and the copying of computer software.

   d. Report all incidents of computer software copyright infringement to the Head of the facility or Local Health Officer as appropriate.

IV. REFERENCES

• Copyright Act of 1976
  
  
• Software License Agreements
  
  
• DBFP Manual #95-1, Prevention of Software Copyright Infringement, Department of Budget and Fiscal Planning, effective Date: June 1, 1995.
  
  
• DHMH Policy 9191, Policy on the Acquisition and Utilization of Automatic Information Processing Resources (AIPR) and Data Processing Positions, effective April 2, 1987, (in process of being updated).
  
• DHMH Memorandum, Subject: Computer Games, promulgated and signed by Martin P. Wasserman, M.D., J.D., Secretary, Department of Health and Mental Hygiene, dated May 30, 1995.
  

APPROVED:  Martin P. Wasserman, M.D., J.D.

Secretary

Signature on File     Effective Date:  May 12, 1998

Attachments:

Appendix II- DHMH Software Copyright Policy, Certificate of Compliance

Appendix III- Software Log