In a move to bolster security and protect participants, the Mokena Community Park District Board of Commissioners on Tuesday unanimously approved a sweeping update to its personnel policies, establishing new rules for staff conduct, clarifying child abuse reporting, and implementing a formal Information Security Incident Response Plan to guard against cyber threats.

The new policies are designed to enhance safety for all program participants and bring the district into compliance with new mandates from its insurance provider.

A key component of the overhaul is the adoption of Personnel Policy 7-8, the Information Security Incident Response Plan. According to a staff memo, the new policy is one of several steps required by the Park District Risk Management Agency (PDRMA) for the district to be renewed for cyber-attack and malware coverage.

The plan provides clear oversight and guidance for responding to a data incident, defined as any suspected unauthorized access or use of personal information or other confidential data. It establishes an Incident Response Team, led by an Incident Response Manager, and outlines a protocol for containing and assessing a data breach. The policy names Superintendent of Finance and HR Patti Parli as the Incident Response Manager and Puter Pros as the I.T. Services Provider.

“PDRMA also requires an annual cyber security staff training for all employees and a separate annual training for finance employees,” the memo stated. Other required steps include adding multi-factor authentication and remote vulnerability testing.

The board also approved two new policies focused on the safety of minors and vulnerable adults. The new Boundary Violations policy (1-17-1) is intended to regulate the behavior of park district employees toward children and vulnerable adult participants. It outlines a non-exhaustive list of prohibited conduct, including physical, emotional, and behavioral boundary violations, that could trigger disciplinary action. Examples include inappropriate massages or roughhousing, private communication outside of program protocols, and showing favoritism.

The policy also clarifies reporting obligations, requiring employees to report suspected abuse or neglect of vulnerable adults over the age of 18 to the Illinois Adult Protective Services (IAPS) and their supervisor. This expands upon the district’s existing child abuse reporting rules.

Finally, the board approved amendments to its Mandated Reporter for Child Abuse and Neglect policy (1-17) to align with recent changes in the Illinois Abused and Neglected Child Reporting Act (ANCRA). The updated policy adds a requirement for mandated reporter training to include a section on implicit bias within three months of hire and every three years thereafter.

All three policies were reviewed by the district’s Policy Committee on July 6 before being presented to the full board for approval.