Author Archives: admin

2023 SAFETY TRAINING

Joint Committee on Government and Finance – Safety Policies

Employee Safety Manual

The Joint Committee maintains a Safety/Loss Control Manual.

The manual is available on the Staff Info section of the Legislature’s website

Please carefully review the Safety/Loss Control Manual and keep a copy near your desk.

The Safety Manual contains:

• A list of emergency phone numbers.
• A list of emergency system broadcast stations.
• Procedures for responding to safety threats.
• Checklists to guide employees dealing with certain dangerous situations.
• Mandatory reporting forms, for all incidents involving injury.

WORKPLACE INJURY

For any workplace injury:

1. Alert your supervisor.
2. Fill out a Report of Incident Form as soon as possible. (Form located on pages 16-17 of the Safety Manual.)
3. Submit the Report of Incident Form to the Fiscal Officer.

EVACUATION PLANS

Page 6 of the Safety Manual lists evacuation plans for employees, based on office location.

A map of your office’s evacuation route is posted in a common area in the office. Contact Protective Services if you need a replacement map.

FIRE

If the fire alarm is activated:

1. Follow your office’s designated evacuation plan.
2. Proceed to the nearest exit.
3. Follow directions of emergency personnel.

In the event of a fire:

• Call 911 and report location of the fire.
• Activate the fire alarm and alert others.
• Only use a fire extinguisher on small fires (waste basket size).
• For all other fires, GET OUT, and close doors to confine the fire when possible.
• Feel the top of your door. If it is hot or smoke is visible, do not open it.
• Stay low, if you must move through smoke.
• If clothing catches fire, stop, drop, and roll.

DO NOT:

• Use elevators.
• Break windows.
• Attempt to rescue possessions.

EARTHQUAKE

In case of an earthquake, you should:

• Take cover under a sturdy desk or table and protect your head and neck.
• Stay away from windows and outside walls.
• If you are outdoors, stay in an open area.

DO NOT:

• Run outside, if you are indoors, as falling debris may cause injury.
• Use elevators.
• Enter the building if you are outside.

Following an earthquake:

• Be prepared for aftershocks.
• Give first aid to any injured persons. Do not move them unless absolutely necessary.
• Replace telephone handsets that have fallen during earthquake.
• DO NOT use the telephone except to report fires or medical emergencies.
• Go to the interior of the building and avoid windows and outside walls.
• Wait for instructions from emergency personnel.
• Follow evacuation procedures if necessary.

TORNADO

If there is a tornado, you should:

• Move to the basement of the building, if possible.
• If you are unable to move to the basement, move to an interior room or hallway.
• Stay away from windows and outside walls.
• If you are outside when the tornado strikes, lie in a ditch or depression and cover your head with your hands.
• Watch for flying debris.

The basement is the safest location.

INFECTIOUS DISEASE OUTBREAK

During an infectious disease outbreak, your employer will:

• Provide resources and a work environment that promotes personal hygiene. For example, provide face masks, protective gloves, hand soap, hand sanitizer, disinfectants, and disposable towels for employees to clean their work surfaces.
• Provide employees with up-to-date information on risk factors, protective behaviors, and instruction on proper behaviors (for example, cough etiquette and care of personal protective equipment).
• Develop policies to minimize contacts between employees and between employees and non-employees.
• Encourage employees to obtain any available vaccine.

If an outbreak occurs:

• Follow your employer’s guidance regarding the specific type of outbreak that has occurred.
• Follow recommended hygiene protocols, including hand washing.
• Clean and sanitize commonly touched surfaces often, and on a regular basis.
• Maintain distancing from others of at least six feet.
• Wear a face covering or mask when recommended or required by state or local officials and/or employer.
• Do not report to work if you feel sick, or have any symptoms of the specific illness that is spreading.

THREATS & SUSPICIOUS MAIL

If you answer the phone to a bomb threat, or other threatening caller:

• Remain on the line.
• Remain calm. Do not express anger or fear.
• Try to calm the caller.
• Use the Bomb/Other Threats Checklist Safety Manual to gather information.
• When the call is over, contact the Capitol Police.

If you receive a suspicious package in the mail:

• Refrain from handling the suspicious item.
• Contact the Capitol Police or call 911.
• Keep everyone away from the area until law enforcement arrives.

If the item has been opened and appears threatening:

• Immediately stop handling the item;
• Vacate the area; then
• Contact law enforcement.

SHELTER IN PLACE

“Shelter in place” means to take immediate shelter where you are.

If you are instructed to shelter in place:

• Gather all office employees into an interior room with few or no windows.
• If possible, employees in basement areas should move to the first floor.
• Close and lock all windows and exterior doors.

If you are instructed to shelter in place due to the release of chemicals/substances:

• Use tape and, if available, plastic, to seal any windows, doors and air vents. (General Services has plans in place to turn off any air generators and fans in capitol complex buildings).
• If you are told there may be an explosion, close shades, blinds, and curtains.
• Remain in place until you are told it is safe to leave or are asked to evacuate.
• Listen to radio stations and monitor websites that are listed in the Appendix of the Safety Manual.

WORKPLACE VIOLENCE

If you hear gunshots or there is a threat of violence:

• Go to a safe place, if possible, and call 911.
• If evacuation is not possible and you are in an office, stay there.
• If you are in a hallway, get into an office.

Once you are in an office:

• Lock the door if possible or blockade it to keep the shooter out.
• Turn out the lights.
• Hide on the floor behind large objects, such as a cabinet or desk.
• Remain quiet.
• If possible, call 911. If you are unable to talk, remain on the line and let the operator hear what is going on.

When officers arrive, you should:

• Put down anything you might be carrying, such as bags or purses.
• Keep your hands where they are visible.
• Remain calm and do as officers instruct you.

FLOODING

If there is flooding inside the building:

• Notify a supervisor and General Services.
• Secure your area and vital records.
• Use caution near appliances or outlets near the water.
• If you know the source of the water and can safely stop it, do so.
• If directed to evacuate, follow evacuation procedures.

If there is flooding due to an exterior source:

• Monitor the Emergency Alert System for advisories.
• See list of advisory radio stations in the Employee Safety Manual.
• If facility closure is necessary, Joint Committee leadership will notify you.

If you are caught in a flood due to an exterior source:

• Go to higher ground and avoid areas subject to flooding.
• DO NOT attempt to walk across flowing streams or drive through flooded roadways.
• If water rises in your building before you can evacuate, go to the top floor, attic, or roof.
• Listen to a battery-operated radio for the latest storm information.
• If you’ve come in contact with floodwaters, wash your hands with soap and disinfected water when safe to do so.

MEDICAL EMERGENCIES

Upon encountering an injured or unconscious person:

• Assess the area to make sure there is no threat of danger to yourself.
• If it is not safe to enter the area, call 911 and wait for emergency personnel.
• If it is safe, go to the person and assess their breathing and injuries.

If a person is unconscious:

• Call or have someone call 911 and the capitol nurse.
• If the person is not breathing, begin administering CPR.
• If the person is breathing, tend to any obvious injuries, such as bleeding.
• Help prevent shock by maintaining the person’s body temperature.

If an injured or sick person is conscious:

• Have someone call 911 and the capitol nurse.
• If you are alone, reassure the person that you will return and go summon help. Immediately return after getting help.
• Unless there is immediate danger that requires moving the person, such as a fire, keep them still.
• Help prevent shock by maintaining the person’s body temperature.

CHOKING

If a person is choking and conscious:

• If he or she can cough, speak, or breathe, do not interfere.
• Ask if he or she can breathe. If he or she cannot cough, speak, or breathe, have someone call for help and begin the Heimlich maneuver.

If a person is choking and unconscious:

• Administer CPR, then check his or her throat for the object.
• Continue as needed or until help arrives.

ELEVATORS

If you are in an elevator that becomes stuck, you should:

• Remain calm.
• Press the Call button to call for assistance.
• If you do not receive a response from the Call button, call Protective Services for assistance.
• You may also push the Alarm button to let people outside the elevator know that you are stuck.

OTHER RESOURCES

The Joint Committee Employee Policies and Procedures Handbook

Also available on the Staff Info page on the Joint Committee’s website.

• Contains procedures and policies for addressing sexual harassment in the workplace.
• Contains employment practices related to threats presented by employees.

The Emergency Procedures Booklet of the General Services Division

• A convenient blue flip-book that is available from the General Services Division or Capitol Police.
• Contains easy to locate tabs for each type of emergency.
• Has an easy to access list of emergency telephone numbers in the front of the flip-book.

THANK YOU

You have completed the Joint Committee Safety Training.

Please take the time to read all relevant safety materials identified in this presentation. Always keep emergency phone numbers near your desk.

Questions?

If you have questions about the information in this presentation, please direct them to Legislative Services.

2022 Information Technology Policy Training

Joint Committee on Government and Finance – Policies for IT Privacy, Security, & Acceptable Use

Employee Responsibilities

Employees are expected to guard against unauthorized access to printed and electronic data and take precautions to protect data and electronic devices from unauthorized access and use.

Workstation Security

Before leaving your workstation, you must take the following steps:

1. Log off of your computer;
2. Lock your computer; and
3. Lock file cabinets containing sensitive information.

Passwords

Passwords are confidential and must not be shared under any circumstances!

Employee Password Requirements

1. Employees must change passwords every 3 months;
2. Passwords must be at least 8 characters long; and
3. Passwords must contain at least one upper case letter, one lower case letter, one number, and one special character.

Responsible Use of System Capacity

Employees are prohibited from monopolizing systems, by:

• Overloading networks with excessive data.
• Wasting computer time, connect time, bandwidth, disk space, printer paper, or other IT resources.

Personal Data

• Personal data (i.e. pictures, music, documents not work-related) of more than a de minimus amount (meaning very minor or trivial) may not be stored on network devices.
• The Joint Committee is not responsible for the destruction, corruption or disclosure of personal material on or by its IT resources.

Termination/Transfer of Employee

• Division Directors must immediately notify the IT Division (LASD) and the Fiscal Office upon termination or transfer of an employee.
• When an employee is terminated, all access to IT resources will be disabled immediately, unless otherwise approved in writing by management.
• When an employee transfers divisions, IT access will be modified to accommodate new roles and responsibilities.

Personally Identifiable Information

• Personally Identifiable Information (PII) is information that identifies, or can be used to uniquely identify, locate, contact or impersonate a particular individual.
• Examples include: social security numbers, health information, credit card numbers, or log-on credentials.
• Personally Identifiable Information must be encrypted or disassociated from any individual prior to transmission through any public data communications infrastructure, such as a network or the Internet.
• Before establishing a new practice of collecting personally identifiable information, a Division Director should notify the Legislative Manager.

Incident Response

Procedure for Breaches of Security/Confidentiality

Employees are expected to report to their supervisor or director, if they:

1. Become aware of possible breaches of security or confidentiality policies; or
2. Know of any inappropriate use of Joint Committee provided IT resources; and
3. Employees should contact an immediate supervisor if there is doubt concerning authorization to access any Joint Committee IT resource, or if questions arise regarding acceptable or unacceptable uses.

Criminal Activity

If criminal activity is suspected or detected, reporting should occur up the supervisory or management chain without delay.

Public Use of IT Resources

• Use of Joint Committee resources (employee computers, telephones, copiers, etc.) by members of the public is prohibited.
• Individuals not employed by the West Virginia Legislature may not use employee computers, or download information from the internet or from mobile media, of any kind, to employee computers.

ACCEPTABLE USE

Joint Committee Policy for Acceptable Use of I/T Resources

Personal Use Policy

• IT resources are designated for authorized purposes.
• Minimal personal use of State-provided IT resources is allowed if it does not interfere with the legitimate business of the State.
• Employees may use Internet facilities for non-business research or browsing during meal-time or other breaks, or outside of normal work hours yet within their usual building access times, provided that they adhere to all other usage policies.

Authority to Monitor

• The Joint Committee reserves the right to filter Internet site availability, and monitor and review employee use as required for legal, audit, or legitimate authorized State operational or management purposes.
• The Joint Committee reserves the right to inspect any and all files stored in private areas of the network, or on employee assigned devices (computer, tablet, external storage devices, etc.) to assure compliance with this policy.

Authority Over IT Resources

• The Joint Committee reserves the right to remove, replace or reconfigure IT resources without formal notice to employees (despite the fact that formal notice will normally be given).

Unacceptable Use of IT Resources

Joint Committee provided IT resources may NOT be used to (1/3):

• Engage in or support illegal activities.
• Engage in commercial activities, product advertisement, or for-profit personal activities.
• View, transmit, receive, save, or print sexually explicit materials.
• Store, print or view any graphic file that is not directly related to one’s job or the activities of Joint Committee.
• Misrepresent oneself or the State of West Virginia.
• Promote political or religious positions or causes.
• Distribute incendiary statements which might incite violence or describe or promote the use of weapons or devices associated with terrorist activities.
• Harass or discriminate on the basis of age, race, color, creed, religion, sex, sexual orientation, national origin, disability, veteran status, or other protected class
• Propagate any virus, worm, Phishing, Trojan horse, or trap-door program code.

Joint Committee provided IT resources may NOT be used to (2/3):

• Access or attempt to access records within or outside Joint Committee’s local area network for which the employee is not authorized.
• Bypass Joint Committee security and access control systems.
• Conduct any form of network monitoring, such as port scanning or packet filtering unless expressly authorized by the Joint Committee.
• Violate the privacy of individual users by reading e-mail or private communications without authority.
• Send or share unencrypted confidential information.
• Engage in unauthorized peer-to-peer networking or peer-to-peer file sharing.
• Commit security violations related to electronic communications, including participation in chain letters or unauthorized chat programs, or forwarding or responding to SPAM.
• Send unsolicited commercial e-mail messages, including the distribution of “junk mail” or other advertising material to individuals who did not specifically request such material.

Joint Committee provided IT resources may NOT be used to (3/3):

• Forge e-mail header information.
• Solicit e-mail for any other e-mail address, other than that of the poster’s account, with the intent to harass or to collect replies.
• Post messages to large numbers of users (over 50) without authorization.
• Post from an agency e-mail address to newsgroups, blogs, or other locations without a disclaimer stating that the opinions expressed are strictly the employee’s own and not those of the State or the Joint Committee or the Legislature, unless posting is in the fulfillment of business duties.
• Engage in pyramid selling schemes, multi-marketing schemes, or fundraising for any purpose, unless sanctioned by Joint Committee.
• Store any unauthorized data, information, or software on IT resources that are provided by the Joint Committee.
• Download software not having a direct, authorized business use.
• Download entertainment software, games, music, or streaming content.
• Watch television programs and movies, play games, or participate in gaming or gambling over the Internet.

EMPLOYEE HANDBOOK

• The Joint Committee’s “Employee Policies and Procedures Handbook” contains the full and official policies related to IT acceptable use and security.
• Every employee is required to read and regularly review the Employee Policies and Procedures Handbook and adhere to the most up-to-date IT policies contained in the Handbook.
• The handbook is available on the Joint Committee’s Staff Page.

Questions or Concerns

• If you have any questions or concerns about the information in this training, please contact Legislative Services (ext. 4800).

You have now completed the Joint Committee IT Privacy and Security Training.

2023 Anti-Fraud Policy Training

Joint Committee on Government and Finance

Why Anti-Fraud Training?

The Joint Committee receives funding from a federal grant to administer its Crime Victim’s Compensation Fund. As a requirement of that fund, formal fraud awareness and reporting training is mandated.

In addition, the Joint Committee has an obligation to protect its assets and financial interests and believes that fraud awareness training is beneficial for all Joint Committee employees.

Why does the Joint Committee have an Anti-Fraud policy?

1. To provide a coordinated approach to the identification, investigation, and resolution of fraudulent activities, and
2. To increase the overall awareness of the responsibility to report fraud and reasonably suspected fraudulent activity to the appropriate persons.

What does the policy apply to?

The Anti-Fraud policy applies to any situation of fraud or suspected fraud involving Joint Committee employees, claimants for Crime Victim’s benefits, vendors, contractors, consultants, outside agencies, and/or any other parties with a business relationship with the Joint Committee.

What is Fraud?

• Fraud includes any willful or deliberate act committed with the intention of obtaining an unauthorized benefit, such as money or property, by misrepresentation, deception, or other unethical means.
• Acts do not need to be elaborate, or solely criminal in nature, for deceit to constitute fraud.

Common Examples of Fraud and Financial Impropriety

• Forgery, alteration, or falsification of documents (including checks, time sheets, electronic time records, travel expense reports, contractor agreements, purchase orders, financial documents, or electronic files).
• Misappropriation, misuse, theft, removal, or destruction of Legislative resources (including funds, securities, supplies, inventory, furniture, fixtures, equipment, intellectual property or any other asset).
• Improprieties in the handling or reporting of money or financial transactions.
• Misuse of facilities (including telephones, computers and e-mail system).
• Receiving or offering bribes, rebates, or kickbacks.
• Personal use of Legislative property in commercial business activities.
• Accepting or seeking anything of material value from contractors, vendors, or persons providing or seeking to provide services/materials to the Legislature.

How do I recognize Fraud?

To recognize fraud, one must be aware of where it can originate:

1. 1. Internal Fraud is committed by employees. Examples: “Skimming” from cash distributions, awarding funds with a real or perceived conflict of interest, or falsifying time sheets.
   2. External Fraud is committed by claimants.

Examples:  Submitting false claims, false or misleading statements related to reimbursement funds, or other false documents.

Indications of Fraud

The following are indicators fraudulent activity may have occurred:

• Excessive number of missing or voided documents
• Alterations of documents
• Questionable handwriting or approval
• Documents not numerically controlled
• Duplicate payments
• Unusual billing addresses or arrangements
• Vendor’s billing address is the same as employee’s
• Duplicate or photocopied invoices

What are the consequences of fraud to the Crime Victim’s Compensation Fund?

From the DOJ Office of Inspector General, grant fraud can result in:

• Inability to receive future funds
• Civil law suits
• Criminal prosecution
• Expensive administrative recovery of the funds, and
• The inability to receive future funds affects the state’s ability to assist legitimate victims of crime.

What is the Joint Committee’s  Responsibility for Fraud?

The Joint Committee’s management is accountable for setting the appropriate tone of intolerance for fraudulent acts by complying with laws, rules, regulations, and policies.

Division Directors are responsible for identifying and assessing the level of the risks and exposures to fraudulent activity inherent in his or her area of responsibility. Additionally, Directors shall establish and maintain proper internal controls which will provide for the security and accountability of the resources within his or her division.

All Joint Committee employees are responsible for safeguarding public resources and ensuring that they are used only for authorized purposes, in accordance with state rules, policies, and applicable law.

Reporting Requirements

Joint Committee employees who suspect fraud has occurred should promptly report such activity to the Fiscal Officer, Legislative Manager, or Director of Legislative Services. Fraud may also be reported to the Commission on Special Investigations if the employee suspects Joint Committee management of fraudulent activity.

Thank you for completing the Joint Committee’s Anti-Fraud Training.