Computer Training & Security (Irvine, CA)

To Whom It May Concern:

Pursuant to the California's Sunshine Amendment (Cal. Const. Art. I, § 3(b)), I hereby request the following records:

Any slides, memos, e-mails, or training materials issued to employees relating to the operation of electronic devices (computer, tablet, or mobile phone) issued since 2011 regarding the following topics:

1. Data Security (including the usage and configuration of Anti-Virus, Firewalls, Password reset policies, and VPNs.)

2. Whole Disk Encryption (and required configuration settings)

3. Mobile Device Management provisioning (including information on settings for tracking and restrictions placed on devices by installed device management profiles)

Additionally, I request information on Operating System and Application update requirements, such as standards in place requiring employees to update or not update devices, including emails and communications where IT departments request that employees defer updates from being applied immediately.

I also request that, if appropriate, fees be waived as I believe this request is in the public interest. The requested documents will be made available to the general public free of charge as part of the public information service at MuckRock.com, processed by a representative of the news media/press and is made in the process of news gathering and not for commercial usage.

In the event that fees cannot be waived, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 10 calendar days, as the statute requires.

Sincerely,

Alex Guichet

Hello Sonya,

I appreciate your follow up.

6254(f) seems to primarily apply to specific techniques utilized during active investigations rather than departmental procedural material. I am not requesting material related to specific investigations, and therefore I believe this does not apply.

Further, it should be clear that I am not requesting any specific server access locations or passwords--I am only looking for documents related to departmental policies and training materials, and these responsive documents as requested should not constitute a vulnerability to the City of Irvine unless the standards of security are of question where password information is in cleartext in the responsive documents rather than shared as appropriate on a need to know basis though secure communication channels.

Alex Guichet