Purpose
This policy statement addresses requirements for secure extranet connections to NextLabs’ internal network.
Scope
This policy outlines the requirements for secure extranet connections to NextLabs’ internal network infrastructure and includes wireless access points. For purposes of this policy, “Users” means: regular employees, part-time employees, temporary employees, interns & contractors, including all personnel affiliated with third parties.
Policy
All requests for extranet connectivity must be reviewed and approved in writing by IT. Each approved request must include a valid business justification, a completed network and security risk assessment, and a checklist to determine connectivity requirements and the application of approved connectivity design models.
All new connection requests between third parties and NextLabs require that the third party and NextLabs representatives agree to and sign the Third Party Agreement.
The NextLabs IT team should be notified as early as possible in the planning phase of any project requiring external extranet connectivity (outsourcing, off shore support, etc.), in order to ensure connectivity on the date required.
NextLabs IT provides external extranet access through IT maintained corporate internet gateways and where possible all external access should utilize secure remote access through these gateways.
Exceptions to this policy must be approved by IT.
All connectivity established must be based on the least-access principle, in accordance with the approved business case and the security review. In no case will NextLabs rely upon the third party to protect NextLabs’ network or resources.
All changes in access must be accompanied by a valid business justification, and are subject to security review. All Extranet connections should be promptly terminated when there is a suspected breach or the access in no longer required.
The IT organization will conduct ongoing audits and reviews to ensure compliance to NextLabs policies and to protect the internal network and IT resources.
Any User found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Effective Date: October 1, 2007 Last revision: None |