Skip to main content
Skip table of contents

Remote Access Policy

2025.1

Reviewed: 12/2/2024
Updated: 12/2/2024

Purpose and Scope:

  1. The purpose of this policy is to define requirements for connecting to IMPLAN's systems and networks from remote hosts, including personally-owned devices, in order to minimize data loss/exposure.
  2. This policy applies to all users of information systems within IMPLAN. This typically includes employees and contractors, as well as any external parties that come into contact with systems and information controlled by IMPLAN (hereinafter referred to as "users"). This policy must be made readily accessible to all users.

Background:

  1. The intent of this policy is to minimize IMPLAN's exposure to damages which may result from the unauthorized remote use of resources, including but not limited to: the loss of sensitive, company confidential data and intellectual property; damage to IMPLAN's public image; damage to IMPLAN's internal systems; and fines and/or other financial liabilities incurred as a result of such losses.
  2. Within this policy, the following definitions apply:
    a. Mobile computing equipment: includes portable computers, mobile phones, smart phones, memory cards and other mobile equipment used for storage, processing and transfer of data.
    b. Remote host: is defined as an information system, node or network that is not under direct control of IMPLAN.
    c. Telework: the act of using mobile computing equipment and remote hosts to perform work outside IMPLAN's physical premises. Teleworking does not include the use of mobile phones.

Controls and Procedures

  1. Security Requirements for Remote Hosts and Mobile Computing Equipment (a) Caution must be exercised when mobile computing equipment is placed or used in uncontrolled spaces such as vehicles, public spaces, hotel rooms, meeting places, conference centers, and other unprotected areas outside IMPLAN's premises.
    (b) When using remote hosts and mobile computing equipment, users must take care that information on the device (e.g. displayed on the screen) cannot be read by unauthorized persons if the device is being used to connect to IMPLAN's systems or work with IMPLAN's data.
    (c) Employee workstations must be updated and patched for the latest security updates on at least a monthly basis.
    (d) Remote hosts must have endpoint protection software (e.g. malware scanner) installed and updated at all times.
    (e) Persons using mobile computing equipment are responsible for regular backups of organizational data that resides on the device.
    (f) Access to IMPLAN's systems must be over a secured protocol, and through either
    - An encrypted and authenticated VPN connection, or
    - A whitelisted IP address.

    (g) All users requiring remote access must be provisioned with VPN credentials from IMPLAN's Information Technology team.
    (h) Information stored on mobile computing equipment must be encrypted using hard drive full disk encryption.

  2. Security Requirements for Remote Work
    (a) All employees are authorized for remote work.
    (b) Only a device's assigned owner is permitted to use remote nodes and mobile computing equipment. Unauthorized users (such as others living or working at the location where remote work is performed) are not permitted to use such devices.
    (c) Users performing remote work are responsible for the appropriate configuration of the local network used for connecting to the Internet at their remote work location.
    (d) Users performing remote work must protect IMPLAN's intellectual property rights, either for software or other materials that are present on remote nodes and mobile computing equipment.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.