Purpose
This policy statement addresses NEXTLABS’s requirements for remote access to NextLabs IT resources.
Scope
This policy applies all authorized remote access users with legitimate and substantiated requirements to access NEXTLABS network, IT resources, and information assets from remote location outside the physical and logical control of NEXTLABS.
Policy
Authorized remote access users must remain constantly aware that remote access connections between his/her location and NEXTLABS are literal extensions of NEXTLABS’s corporate network, and that they provide a potential path to the company’s most sensitive information and thus potential opportunities for compromise.
Minimum requirements for protecting NEXTLABS’s network and critical IT resources include up-to-date anti-virus software, system up-to-date with patches, firewall on client systems, no gateway based VPN, use standard public IP range (e.g.: 192.168.xx.xx) for home network, IT approved standard hardware and software configurations.
Remote access for non-NEXTLABS employees may be granted upon approval of a sponsoring NEXTLABS manager but should be closely tracked and terminated immediately when access is not longer required. The sponsoring NEXTLABS manager is responsible for informing IT when remote access is no longer required for an individual. IT will terminate the access immediately upon receiving the request.
Remote access accounts are considered “as needed” and high-risk accounts. Account activity is monitored.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Effective Date: October 1, 2007 Last revision: None |