Policy
Policy Name
Remote Access (and Teleworking) Policy

Overview
Remote Access (and Teleworking) Policy includes requirements to ensure that teleworking devices on wired or wireless networks, as well as the home office, are properly secured. In addition, teleworking rules must also be enforced.

Statement
The following safeguards for remote access must be followed:
  • Remote access to the organization's systems must be approved by appropriate manager and provide business justification.
  • Teleworking devices used for remote access must have updated anti-virus software, software security patches, and login password protection.
  • Remote access must require two-factor authentication (e.g. two or more of the following factors: user password, smart card, hardware token).
  • Secure remote office to include secure wireless networking and paper shredders.
  • A definition must be provided that include: the work permitted, the hours of work, the classification of information that may be held and the internal systems and services that the teleworker is allowed to access.
  • Rules and guidance on family and visitor access to equipment and information.
  • Revocation of authority and access rights and company equipment when the teleworking activities are terminated.

Justification

The following benefits will be achieved:

  • Remote access to information systems will be authorized and justified
  • Remote access will be secure

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Network Security