IT Guidelines

Overview

The Diocese of Syracuse Office of Information Technology recommends the following set of best practices in keeping with business and ministry goals for parishes. Please note that due to rapid changes in the field, these recommendations may be subject to frequent changes. Should there questions regarding terminology or wish to verify the suitability of your present configuration, parishes are encouraged to contact Diocesan staff at the above email address.

Security Practices

Network Access

Given that the majority of parishes now employ some form of broadband internet connection, parishes are advised to make use of a router to function as an intermediate device even in cases where only one machine is connected to the cable or DSL modem. In parishes were wireless network service has been installed some form of security scheme must be employed, preferably WPAv2. Parishes and offices with unsecured wireless access leave themselves open to attack as well as the fairly common practice of neighbors hijacking their connections.

Computer Usage Policy

Usage of parish or school computers is permitted with the understanding that the owner of said facility (the parish) retains the right to monitor all activities. This should be understood to include file contents, email and chat correspondence. Utilization of Parish equipment and network connections for games, illicit internet use (violent or pornographic content, social networking not related to ministry, gambling, etc) is expressly prohibited. “Branded Email” (any address having the name of the parish or ministry) should be restricted to business related activities only.

It is recommended that parish employees sign a formal computer use agreement acknowledging their understanding and cooperation with these principles. (Sample)

Password Policy

All machines functioning as file or application servers should be password protected. Any machine which is used to access financial or other sensitive data should be password protected. Longer passwords, and passwords containing a mix of upper and lower case or special characters are highly recommended. Written records of passwords should not be left in the open.

poor:pumpkin Better:Pumpkin1 Best:Pump|<!n

Administrative or master accounts should be implemented on servers. This account should only be used in cases where there is a need recover another employee’s account data. Written record of these passwords for “admin” accounts should be kept in a secure location. Passwords to sensitive data should be changed in the event of employee turnover as quickly as possible.

Email Practices

• • Good judgement is the best defense against virus outbreaks. Employees should be instructed not to open attachments they are not expecting to receive, or do not recognize until they have verified its source. Modern spam traffickers are capable of mimicking known good addresses from a recipients address book. As such it is always better to err on the side of caution and confirm the contents with the sender. When sending attachments, employees should be specific as to the nature and purpose of the email in the subject and body of the message, so as to instill confidence in the recipient that it is legitimate. The use of email to send e-cards or links to similar 3rd party messages is strenuously discouraged as this is often a method of viral infection. Employees should not respond to unsolicited messages which direct the user to input username and password information into a form, as this is often a well disguised method of obtaining passwords to bank accounts known as “phishing.”

  • Each priest in the Diocese has been issued an email address @syrdio. Note that this address is independent of the one issued to all parishes. Though the pastor may elect one person to retrieve emails from both accounts, it is recommended that where possible, the flow of emails is not dependent on a single person to ensure delivery.

  • It is the policy of the diocese that all official correspondence be sent to the @syrdio.org address. This is to ensure that messages are delivered in a controlled manner. While it is permissible to forward email from a parish's diocesan account to an outside provider (i.e. gmail or msn) the diocese cannot guarantee delivery of mail once it has left the boundary of servers under our control. Issues with servers, blacklisting, spam-filtering, etc can cause a mail message to be rejected by another provider. In the case where forwarding is unreliably received, It is the responsibility of the parish to log into the diocesan email server to retrieve messages that may be missing.

Software Downloads

Freeware / Shareware

Unless explicitly designated as such, all software shall be considered private intellectual property, making download and distribution without payment a crime. In addition many software downloads such as screen savers or games advertised as free may come packaged with spyware which can seriously hinder the performance of the computer and network. As such, the downloading and installation of any freeware which is not a legitimate community developed and supported utility should be considered forbidden. Any IT support staff should remove all traces of these applications to maximize to performance and security of parish assets.

The following items should be considered safe and are provided freely by the creator with no risk of malware. Adobe Reader, Adobe Flash Player, Adobe Shockwave, Sun Open Office, Mozilla Firefox, Foxit Reader, Filezilla FTP client. This is by no means an exhaustive list. If a parish employee has a question as to the legitimacy of a particular piece of software, they are invited to confirm it with the diocesan IT office prior to downloading.

The downloading of music or video for non-ministry purposes places additional burden on network resources and is strongly discouraged. The use of file sharing services like limewire and bit torrent is expressly forbidden.

Software Updates

• • Microsoft Updates Microsoft’s security updates should be checked a minimum of once per week. This process can usually be automated by following instructions in the dialog box found in “Control Panel > Windows Updates”

  • Apple Updates Updates for Macintosh machines should be checked a minimum of once per week. These are available though the software update pane in the preferences menu.

Security Software

Anti-Virus Any machine on a parish premise or exchanging data with parish, school, charity or diocesan networks must have an active and up to date anti-virus system. Recommended Vendors include: AVG, Avira, Comodo, Eset, Kaspersky, and Symantec. Software Packages that include firewall or anti-spyware software are preferred.

Users should take note of virus update status, and the results from regularly scheduled scans.

Anti-Malware Any uninvited software which does not serve a legitimate purpose and may not be technically classified as a virus is considered malware. The common examples are tracking “cookies” from websites and spyware which may report a pc’s activity to a central server without knowledge or consent. Many anti-virus packages come with spyware scanners, but several free alternatives exist which may be legally downloaded with the creator’s consent. They include: Malwarebytes, Spybot S&D, and CCleaner.

Firewall Any machine connected to the internet either directly or via network should be protected with a firewall to prevent outsiders from compromising the systems. Firewall products may take the form of a physical appliance that is plugged in between the PCs' local network and internet, as is the case with offerings from Barracuda and Sonicwall. Software firewalls may also be employed and are frequently included with Anti-virus programs, this should be verified before assuming a pc is safe. All versions of Windows since XP include a firewall feature which can be turned on if no other firewall is present, however its effectiveness is a matter of debate.

Content filtering

Per the USCCB's general recommendations, the diocese encourages any church employing computer technology to have in place a means of limiting or eliminating access to certain types of objectionable content. This can be accomplished at an individual level by installing a product like CyberPatrol, CyberSitter, Net Nanny, Surfwatch, X-Stop, or Rated-PG. The functionality and effectiveness of these individual products varies between different releases. Therefore the diocese does not make specific product recommendations. The complete text of the USCCB's guide to safe practices and precautions in cyberspace can be found here.

Larger Parish offices may find it more economical/easier to use a network based filter like Barracuda, SonicWall, or OpenDNS. It should be noted that the Barracuda and SonicWall options may also include firewall functionality as well, therefore simplifying the number of devices on the network. Additionally, parishes must take into account that while these solutions may be more costly and require more expertise during install, they require little to no additional resources from individual PC's. As such they place no burden on older machines which may have insufficient memory or hard drive space to run yet another system process.

Internet Presence

Web Sites

Site Policy The following section pertains to site setup and maintenance best practices, for a more complete discussion of content and policy, please refer to the Communications Guidelines page of this manual.

Diocesan Site The Diocese of Syracuse maintains a site at www.syrdio.org for use as a general repository of public information. Content includes but is not limited to announcements, Safe Environment and Stewardship information, videos, parish and ministry contact and demographic data. Content is updated on a daily basis, so parish staff are encouraged to check frequently. Parish profile changes, notices and events may be posted to the diocesan calendar by contacting the Director of Communications, Danielle Cummings at dcummings@syrdio.org. Events may now be directly added (pending approval) by visiting: events.syracusediocese.org/events/submitevent

Parish Web Sites Parishes are strongly encouraged to maintain an official website. The Diocesan Technology Office does not at present recommend any specific design or host provider. Parishes should use all due judgment when deciding what content is included and it is to be displayed. Some most parishes utilize the talent of parishioners to build and maintain their sites.

In an effort to reduce legal liability and avoiding disputes of ownership the diocese makes the following recommendations for website administration.

• • The site should not be hosted as a component of or share space with any individual’s site. Any hosting agreements should be in the parish’s name, and records of administrative passwords should be kept in a secure location.

  • The domain name of the parish should be registered in the parish’s name, and administered by the parish. Parishes should be wary of renewal times, as failure to renew within the specified period could result in loss of ownership of the name. A example document of this information is found here.Sample Template

  • As the website is a public presence for the parish, all content included on the site should have the consent of the pastor. The Pastor or his designee should have current copies of all passwords related to the website.

  • If time sensitive information is placed on the web site, it is important that an individual be assigned the responsibility of ensuring it is maintained.

  • The diocese of Syracuse maintains a links to parish web sites in each parish’s diocesan profile page. A link to the diocesan site www.syrdio.org should be included in the parish’s site design.

  • Do not post photos or information about individuals without their approval

Social Networking

Parishes and their component ministries are encouraged to make use of modern social networking sites such as Facebook, Linkedin, and Twitter. Due to the inherently open nature of these sites, any employee or volunteer should use the utmost discretion and professionalism, and take great care not to post or link to content that is not in keeping with the parish’s ministry goals or Safe Environment Policy. For more specific recommendations, please refer to the USCCB's Safe Environment Committee Document [here.]

Parish Software

Overview The Diocesan Technology Office offers assistance in the technical aspects of running Quickbooks Professional edition as the parish’s accounting software. This includes if necessary, installation and troubleshooting related to the software, and limited troubleshooting of the PC on which it is installed. The Technology Office from time to time may extend purchasing promotions and informational resources related business operations. Due to limited resources, the Technology Office cannot fully support all parish equipment and networks.

Collections and Census The diocese of Syracuse has made arrangements with Parish Data Systems to offer discounted pricing for all PDS products including PDS Church Office, which replaced the outdated PDS Census 17.4. Parishes are encouraged to subscribe to PDS’s support contract as it provides free updates as they come out in addition to direct support. For more information, please contact PDS directly at 1-800-892-5202

Some parishes have also reported excellent results with a software package called Church Management Solutions which is available from Parishsoft.

Accounting The Diocese of Syracuse endeavors to maintain a system of financial reporting that is transparent, timely and uniform. To facilitate these goals, the diocese expects parish accounting data to be kept on Quickbooks Professional Edition, using the standard chart of accounts as provided by the Office of Parish Services. For a detailed description of expectations and practices for parish accounting, please refer to Parish Administration and Accounting Guidelines.

Data Backup/ Continuity of Operations

Overview

Data stored on computers can generally be classified into two groups. The first, application and program files, are generally not backed up as they must be manually installed from original disks should a system fail. The second type of data, user data, consists of information that has been created through intervention of a person. This includes but is not limited to: email archives, MS Word and Excel files, and data files for programs such as Quickbooks, or PDS Church Office Mgr. In the event of fire, theft, vandalism, or simple PC errors, Hardware and program files are readily replaced. User data is not. Therefore parishes and their respective ministries are expected to maintain a set of reasonably current backup copies for all mission critical data. Data is understood to be Mission Critical if it is necessary to the business or ministerial operation of the parish, and its recreation (if possible) would be considerably time consuming and expensive. Parishes should at a minimum, backup their mission critical data to a suitable medium once per week. This backup copy should be kept in a secure location in a separate building. The custodian of said backup copies should exercise due diligence to ensure that the secure storage of the backups is appropriate to the confidential nature of the data.

The diocese does not make an official recommendation as to backup media or software, but the use of tape drives, CD-Rs/DVD-Rs, remotely linked secure networks and external hard drives are all considered appropriate. Parishes are advised to treat floppy disk backups with reservation, due to their short usable lifespan and inherent fragility. Online backup offerings from vendors like Carbonite or Dropbox are acceptable, however, parishes are advised to carefully read contract agreements to ensure that the data will not be available to the public.

Continuity of Operations

Despite best efforts to protect our computer systems, computer related disasters can and do happen. It is therefore imperative that each parish have in place a written procedure that clearly indicates the frequency and content of backups. This should be reviewed periodically to ensure that there is no data inadvertently omitted from the backup set. In addition, a clear outline should be kept of the required steps necessary to restore parish business operations to their pre-disaster state. The Pastor or Administrator should sign off on this plan, and the individual responsible for performing backups and moving them off site should also be explicitly made aware of the importance of safety and security while the backup data is in their custody.

Purchasing/ support

New Hardware

The diocesan IT office publishes a specification annually on the diocesan website to serve as a guideline for new hardware purchases. Parishes are encouraged to use check this specification before making purchase decisions. Additionally, special rate hardware and software may be available from diocesan vendors periodically. Parishes should contact the IT office for current pricing information.

Used Hardware

In keeping with a desire to provide usable technology to underserved ministries and parishes, and in accordance with our call to stewardship, the IT office periodically releases gently used computer equipment as it becomes available at no fee to the recipient. These machines (typically desktop PC's) are released after having their hard drive wiped, and the operating system re-installed. No warranty of service is provided, but recipients should be able to expect 2-3 years of usage from them. For more details about this program, please contact Kory Hopkins.