by peter



Remote Access Policy – the purpose of this policy is to define standards for connecting to {{company_name}}’s network from any host. These standards are designed to minimize the potential exposure to {{company_name}} from damages which may result from unauthorized use of {{company_name}} resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical {{company_name}} internal systems, etc.


This policy applies to all {{company_name}} employees, contractors, vendors and agents with a {{company_name}} owned or personally-owned computer or workstation used to connect to the {{company_name}} network. This policy applies to remote access connections used to do work on behalf of {{company_name}}, including reading or sending email and viewing intranet web resources.

Remote access implementations that are covered by this policy include, but are not limited to DSL, VPN, SSH.


It is the responsibility of {{company_name}} employees, contractors, vendors and agents with remote access privileges to {{company_name}}’s corporate network to ensure that their remote access connection is given the same consideration as the user’s on-site connection to {{company_name}}.

General access to the Internet for recreational use by immediate household members through the {{company_name}} Network on personal computers is permitted. The {{company_name}} employee is responsible to ensure the family member does not violate any {{company_name}} policies, does not perform illegal activities, and does not use the access for outside business interests. The {{company_name}} employee bears responsibility for the consequences should the access be misused.


  1. Secure remote access must be strictly controlled. Control will be enforced via one-time password authentication or public/private keys with strong pass-phrases. For information on creating a strong pass-phrase see the Password Policy.
  2. At no time should any {{company_name}} employee provide their login or email password to anyone, not even family members.
  3. {{company_name}} employees and contractors with remote access privileges must ensure that their {{company_name}}-owned or personal computer or workstation, which is remotely connected to {{company_name}}’s corporate network, is not connected to any other network at the same time, with the exception of personal networks that are under the complete control of the user. This is tied into the Acceptable Use Policy.
  4. {{company_name}} employees and contractors with remote access privileges to {{company_name}}’s corporate network must not use non-{{company_name}} email accounts (i.e., Hotmail, Yahoo, AOL), or other external resources to conduct {{company_name}} business, thereby ensuring that official business is never confused with personal business. This is tied into the Email Policy.
  5. Reconfiguration of a home user’s equipment for the purpose of split-tunnelling or dual homing is not permitted at any time. (See the Remote Access Policy for more information.)
  6. Non-standard hardware configurations must be approved by Remote Access Services, and {{company_name}} must approve security configurations for access to hardware.
  7. All hosts that are connected to {{company_name}} internal networks via remote access technologies must use the most up-to-date anti-virus, this includes personal computers. Third party connections must comply with requirements as stated in the Third Party Security Policy.
  8. Personal equipment that is used to connect to {{company_name}}’s networks must meet the requirements of {{company_name}}-owned equipment for remote access.
  9. Organizations or individuals who wish to implement non-standard Remote Access solutions to the {{company_name}} production network must obtain prior approval from {{company_name}}.


Compliance Measurement

The {{company_name}} Team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.


Any exceptions to the policy must be approved by the CEO in advance.


Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.