Information Technology – Remote Access – SOP
Policy Name: Remote Access to Confidential or Proprietary Data in the Workplace
Policy ID: IT – 752
Policy Owner: Department of Information Technology in Conjunction with Human Resources
Release Date: 31 October 2019
Last Review Date: 10 November 2019
Policy Statement:
The organization recognizes that employees are beginning to ask for more telecommuting and flexible work
arrangements. To create a better work-life balance, the organization has decided to grant specific employees
with remote access privileges. Such privileges include, but are not limited to, working from home, split shifts
(half of the shift spent in the office, the other half spent at home), extended breaks, etc.
The organization has the right to hold employees accountable for their devices and company usernames and
passwords that may be compromised and affect the organization's reputation to the general public. This policy
ensures that all employees be conscious and not share their company login information or devices. Any
violation of the remote access policy can have damaging effects on the organization’s success.
Policy Purpose:
The organization recognizes the needs of its employees and its access to its data outside of the workplace. All
employees will be held for their actions and their commitment to their work environment. With the increase of a
recommended flexible work environment, the organization will establish policies and strategies to monitor
employee activity.
The organization understands the employees need to respect the value of the company and maintain integrity
and remain loyal to the company and its remote access policies. If one does not follow the organization’s
policies, then they will be subject to disciplinary action.
The following section lays out the remote access policies, rules and regulations of the company that an
employee must follow. The employee must make sure that they understand the work structure and to not break
the code of conduct.
_________________________________________________________________________________________
1
�Section Name: Employee Remote Access - Responsibilities
Section Statement:
Employees
Employees are responsible for abiding by the guidelines set forth in this remote access policy. If the employee
has any questions or concerns, the employee can speak with his or her direct supervisor or manager. If the
employee's supervisor or manager is unable to aid the employee in better understanding the policy, the
employee can seek guidance from the IT department supervisors and managers. Employees are encouraged to
use their discretion and best judgement when accessing confidential or proprietary information outside of
company walls. Employees are only allowed to use their company issues laptop to remote access company
related information. Employees are responsible for keeping the operating system of all remote devices must be
kept up to date by applying patches as soon as they become available to download (Virgillito, 2014). Employees
are responsible for having remote devices and systems up to date with anti-virus and anti-malware software
enabled and installed (Virgillito, 2014).
Supervisors and Managers
Supervisors and Managers are responsible for handling any employee questions or concerns regarding the
remote access policy. They are also responsible for investigating any breaches of the remote access policy. If
disciplinary or corrective action is needed, the supervisor or manager is responsible for deciding what action
should be taken and executing said action. If any legal issues arise from a breach of confidential or proprietary
information, supervisors and managers are responsible for coordinating with the Human Resources department
and other necessary legal representatives of the company to come to a solution.
Human Resources
Human Resources is responsible for distributing and initially explaining the policy to employees. They are
responsible for ensuring all employees understand the remote access policy. Human Resources is responsible
for obtaining employee signatures on the policy. The employees signature signifies that the employee
understands the entirety of the policy and vows to adhere to the remote access guidelines. Human Resources are
responsible for aiding supervisors and managers in interpreting the policy to employees. If disciplinary or
corrective action is needed, Human Resources are responsible for ensuring that supervisors and managers are
taking appropriate action. Human Resources are also responsible for ensuring that the correct company legal
representatives are involved when a breach of confidential or proprietary information occurs.
Security Department
The security department is responsible for ensuring that all employees with remote access privileges have
reviewed and understand the policy prior to granting permission to remote access capabilities. They are also
responsible for reviewing an employee's request for remote access and submit the request with approval or
denial for internal audit. The security department should scan for unauthorized connections and cut-off access
of those systems or users engaging in non-sanctioned connections (Virgillito, 2014). They should manage
services that support the VPN-connected network device, the VPN client, and the software that grants
employees access to the server (Virgillito, 2014). The security department is responsible for providing
employees with detailed instructions for installing the VPN client on their devices (Virgillito, 2014). They
should ensure that internal address configurations and system related information for the corporate servers and
networks are kept confidential (Virgillito, 2014). The security department is responsible for protecting the
corporate systems from any threats, such as hackers.
_________________________________________________________________________________________
2
�Section Name: Employee Remote Access - Guidelines
Section Statement:
1. Under remote access, employees must log-in to their VPN software. Every employee must ensure they
are not sharing their username and password with anyone.
2. If an employee is working remotely, they must be under their work email address. No personal email
addresses will be permitted.
3. If an employee is connecting their personal computer to the network, they must use an authorized user
network or a third-party host (Consensus Policy Resource Community, n.d).
4. Employees should have all devices checked by the help desk in advance to ensure all viruses and
external software is up to date.
5. Maintain confidentiality within the company by not posting private information or trade secrets that
would give a tip to other businesses (Social Media Policy, n.d). Any questions about what is considered
confidential should be addressed to HR.
6. When logging in remotely, employees will need to include two-factor password authentication with
strong paraphrases to protect information security.
7. If any employee takes negative action towards the organization, an investigation will occur, and they
will be subject to disciplinary action or even termination (Social Media Policy, n.d).
8. If an employee has an alternate solution for remote access guidelines, they will need to get approval
from their supervisor.
9. If a device that is authenticated becomes lost or stolen, please notify the IT department immediately.
10. Employees understand that by signing this policy, they are acknowledging their understanding of its
entirety and are vowing to abide by the rules and guidelines within.
By signing this document, the employee acknowledges that he or she has read this policy (from beginning to
end) and understands the remote access policy for the organization. Any employee found to have violated the
rules and guidelines in this policy may be subject to disciplinary action including termination of employment.
Employee Signature: _______________________________________________
Human Resource Manager Signature: ____________________________________________
Date: _____________________________
3
� References
Consensus Policy Resource Community. (n.d). Retrieved 6 November 2019 from
https://www.sans.org/security-resources/policies/network-security/pdf/remote-access-policy
Social Media Policy. (n.d). Shrm.org. Retrieved 6 Nov 2019 from
https://www.shrm.org/resourcesandtools/tools-and-samples/policies/pages/socialmediapolicy.aspx
Social Media Policy Example 1. (n.d). Employee “Technology” Policy. Retrieved 18 Oct 2019 from
https://celticonline.schoology.com/page/2046572784
Smartsheet. (n.d). Increase Productivity while Maintaining Organizational Security with an Effective Remote
Access Policy. Retrieved 22 Oct 2019 from https://www.smartsheet.com/effective-remote-access-policy
Virgillito, D. (30 Sep 2014). The Importance of an Effective VPN Remote Access Policy. Retrieved 22 Oct
2019 from https://resources.infosecinstitute.com/importance-effective-vpn-remote-access-policy/#gref
