R-2024-319 - 11/19/2024 RESOLUTION NO. R-2024-319
WHEREAS, Senate Bill 1893, effective September 1, 2023, requires certain governmental
entities to adopt a Covered Applications and Prohibited Technology Policy, and
WHEREAS,pursuant to the requirements of Senate Bill 1893, the Department of Information
Resources and the Department of Public Safety created and issued a Model Policy in September 2024
with a required adoption date of November 20, 2024, and
WHEREAS, the City of Round Rock is required to adopt a Covered Applications and
Prohibited Technology Policy in substantially the same form and substance as the Model Policy, Now
Therefore
BE IT RESOLVED BY THE COUNCIL OF THE CITY OF ROUND ROCK,TEXAS,
That the City Council adopts a Covered Applications and Prohibited Technology Policy, a copy
of same being attached hereto as Exhibit"A"and incorporated herein for all purposes.
The City Council hereby finds and declares that written notice of the date, hour, place and
subject of the meeting at which this Resolution was adopted was posted and that such meeting was
open to the public as required by law at all times during which this Resolution and the subject matter
hereof were discussed, considered and formally acted upon, all as required by the Open Meetings Act,
Chapter 551,Texas Government Code, as amended.
RESOLVED this 19th day of November, 2024.
CRAI M GA ayor
City o Round R ,Texas
ATTEST:
ANN FRANKLIN, City Clerk
0112.20242;4859-7368-6264
ROUND ROCK TEXAS
ADMINISTRATION
City of Round Rock
Covered Applications and Prohibited Technology Policy
Purpose
Pursuant to Senate Bill 1893, governmental entities, as defined below, must establish a covered
applications policy:
• A department, commission, board, office, or other agency that is in the executive or
legislative branch of state government and that was created by the constitution or a statute,
including an institution of higher education as defined by Education Code Section 61.003.
• The supreme court, the court of criminal appeals, a court of appeals, a district court, or the
Texas Judicial Council or another agency in the judicial branch of state government.
• A political subdivision of this state, including a municipality, county, or special purpose
district.
Policy
This policy applies to all City of Round Rock full- and part-time employees, contractors, paid or
unpaid interns, and other users of government networks. All City of Round Rock employees are
responsible for complying with this policy.
A covered application is:
• The social media service TikTok or any successor application or service developed or
provided by ByteDance Limited, or an entity owned by ByteDance Limited.
• A social media application or service specified by proclamation of the governor under
Government Code Section 620.005.
Covered Applications on Government-Owned or Leased Devices
Except where approved exceptions apply, the use or installation of covered applications is
prohibited on all government-owned or-leased devices,including cell phones,tablets,desktop and
laptop computers, and other internet-capable devices.
City of Round Rock will identify, track, and manage all government-owned or -leased devices
including mobile phones,tablets,laptops,desktop computers,or any other internet-capable devices
to:
a. Prohibit the installation of a covered application.
b. Prohibit the use of a covered application.
c. Remove a covered application from a government-owned or-leased device that was on the
device prior to the passage of S.B. 1893 (88th Leg, R.S.).
d. Remove an application from a government-owned or-leased device if the Governor issues
a proclamation identifying it as a covered application.
City of Round Rock will manage all government-owned or leased mobile devices by implementing
the security measures listed below:
a. Restrict access to "app stores" or unauthorized software repositories to prevent the
installation of unauthorized applications.
b. Maintain the ability to remotely wipe non-compliant or compromised mobile devices.
c. Maintain the ability to remotely uninstall unauthorized software from mobile devices.
d. Other City of Round Rock-implemented security measures.
Ongoing and Emerging Technology Threats
To provide protection against ongoing and emerging technological threats to the government's
sensitive information and critical infrastructure, DPS and DIR will regularly monitor and evaluate
additional social media applications or services that pose a risk to this state.
DIR will annually submit to the Governor a list of social media applications and services identified
as posing a risk to Texas. The Governor may proclaim items on this list as covered applications
that are subject to this policy.
If the Governor identifies an item on the DIR-posted list described by this section, then City of
Round Rock will remove and prohibit the covered application.
City of Round Rock may also prohibit social media applications or services in addition to those
specified by proclamation of the Governor.
Bring Your Own Device Policy
If City of Round Rock has a"Bring Your Own Device"(BYOD)program, then the
City of Round Rock may consider prohibiting the installation or operation of covered applications
on employee-owned devices that are used to conduct government business.
Covered Application Exceptions
City of Round Rock may permit exceptions authorizing the installation and use of a covered
application on government-owned or -leased devices consistent with the authority provided by
Government Code Chapter 620.
Government Code Section 620.004 only allows City of Round Rock to install and use a covered
application on an applicable device to the extent necessary for:
2
(1) Providing law enforcement; or
(2) Developing or implementing information security measures.
If City of Round Rock authorizes an exception allowing for the installation and use of a covered
application, City of Round Rock must use measures to mitigate the risks posed to the state during
the application's use.
City of Round Rock must document whichever measures it took to mitigate the risks posed to the
state during the use of the covered application.
Bring Your Own Device Policy for City of Round Rock Not Subiect to the Governor's
Prohibited Technology Directive
If City of Round Rock is not subject to the Governor's prohibited technology directive but is
subject to Senate Bill 1893, it may also consider prohibiting the installation or operation of
prohibited technologies and covered applications on employee-owned devices that are used to
conduct government business.
If City of Round Rock has a"Bring Your Own Device"(BYOD)program,then the City of Round
Rock shall institute a"Bring Your Own Device"(BYOD)policy requiring the enrollment of these
personal devices in the entity's program before their continued use in conducting governmental
business.
Ongoing and Emerging Technology Threats Pursuant to the Governor's Directive
To provide protection against ongoing and emerging technological threats to the state's sensitive
information and critical infrastructure,DPS and DIR will regularly monitor and evaluate additional
technologies posing concerns for inclusion in this policy.
DIR posts the list of all prohibited technologies, including applications, software, hardware, or
technology providers,to its website. If,after consultation between DIR and DPS,a new technology
must be added to this list, DIR will update the prohibited technology list posted on its website.
Round Rock will implement the removal and prohibition of any listed technology on all applicable
devices. We may prohibit other technology threats in addition to those on the posted list should
we determine that such prohibition is appropriate.
Policy Compliance
All employees shall sign a document annually confirming their understanding of the agency's
covered applications and prohibited technology policies. Governmental entities that are subject to
Senate Bill 1893 but not subject to the Governor's December 07, 2022, directive may elect not to
require employees to complete an annual certification.
City of Round Rock will verify compliance with this policy through various methods, including
but not limited to, IT/security system reports and feedback to leadership.
An employee found to have violated this policy may be subject to disciplinary action, including
termination of employment.
3
Policy Review
This policy will be reviewed annually and updated as necessary to reflect changes in state law,
additions to applications identified under Government Code Section 620.006, updates to the
prohibited technology list posted to DIR's website, or to suit the needs of City of Round Rock.
Effective November 19, 2024
a