Remote Access Policy

Remote Access Policy

Posted by Peter Bassill on 05/01/2021



PURPOSE
The purpose of this policy is to define standards for connecting to {company_name}'s network from any host. These standards are designed to minimize the potential exposure to {company_name} from damages which may result from unauthorized use of {company_name} resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical {company_name} internal systems, etc.
SCOPE
This policy applies to all {company_name} employees, contractors, vendors and agents with a {company_name} owned or personally-owned computer or workstation used to connect to the {company_name} network. This policy applies to remote access connections used to do work on behalf of {company_name}, including reading or sending email and viewing intranet web resources.
Remote access implementations that are covered by this policy include, but are not limited to DSL, VPN, SSH.
POLICY
It is the responsibility of {company_name} employees, contractors, vendors and agents with remote access privileges to {company_name}'s corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to {company_name}.
General access to the Internet for recreational use by immediate household members through the {company_name} Network on personal computers is permitted. The {company_name} employee is responsible to ensure the family member does not violate any {company_name} policies, does not perform illegal activities, and does not use the access for outside business interests. The {company_name} employee bears responsibility for the consequences should the access be misused.
Requirements


Secure remote access must be strictly controlled. Control will be enforced via one-time password authentication or public/private keys with strong pass-phrases. For information on creating a strong pass-phrase see the Password Policy.

At no time should any {company_name} employee provide their login or email password to anyone, not even family members.

{company_name} employees and contractors with remote access privileges must ensure that their {company_name}-owned or personal computer or workstation, which is remotely connected to {company_name}'s corporate network, is not connected to any other network at the same time, with the exception of personal networks that are under the complete control of the user.

{company_name} employees and contractors with remote access privileges to {company_name}'s corporate network must not use non-{company_name} email accounts (i.e., Hotmail, Yahoo, AOL), or other external resources to conduct {company_name} business, thereby ensuring that official business is never confused with personal business.

Reconfiguration of a home user's equipment for the purpose of split-tunnelling or dual homing is not permitted at any time.

Non-standard hardware configurations must be approved by Remote Access Services, and {company_name} must approve security configurations for access to hardware.

All hosts that are connected to {company_name} internal networks via remote access technologies must use the most up-to-date anti-virus, this includes personal computers. Third party connections must comply with requirements as stated in the Third Party Security Policy.

Personal equipment that is used to connect to {company_name}'s networks must meet the requirements of {company_name}-owned equipment for remote access.

Organizations or individuals who wish to implement non-standard Remote Access solutions to the {company_name} production network must obtain prior approval from Remote Access Services and {company_name}.

COMPLIANCE
Compliance Measurement
The {company_name} Team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.
Exceptions
Any exceptions to the policy must be approved by the CEO in advance.
Non-Compliance                                                                             
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. 
 
                                                                                                         


Download the template policy



Contact us



  • Worklab, Europort, Gibraltar

  • +350 540 73836

  • hello@wearehedgehog.com