Remote Access Policy



Similar documents
U09 Remote Access Policy

SECURITY POLICY REMOTE WORKING

Remote Access and Home Working Policy London Borough of Barnet

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

Blacklisting Procedure

Miami University. Payment Card Data Security Policy

Client Security Risk Assessment Questionnaire

Policy Document. Communications and Operation Management Policy

U06 IT Infrastructure Policy

Data Transfer Policy. Data Transfer Policy London Borough of Barnet

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

RemoteApp Reference Guide. Outline

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

DBC 999 Incident Reporting Procedure

Supplier Information Security Addendum for GE Restricted Data

REMOTE ACCESS POLICY & PROCEDURE

Bucks PSN. Updata Self-Service Portal User Guide. Version 1.0

VERIFONE ENHANCED ZONE ROUTER

REMOTE WORKING POLICY

Information & ICT Security Policy Framework

Data Network Security Policy

IT ACCESS CONTROL POLICY

Introduction. PCI DSS Overview

DSS Data Exchange Task Card 1 How to access the DSS Data Exchange

Information Services. Accessing the University Network using a Virtual Private Network Connection (VPN), with Windows XP Professional

Publish Date: 19/06/14 Version: 1.2. Internet Connectivity Service Level Agreement. Page: 1. Internet Connectivity Service Level

Hang Seng HSBCnet Security. May 2016

What does it mean to be secure?

Remote Access Service (RAS)

/ BROCHURE / CHECKLIST: PCI/ISO COMPLIANCE. By Melbourne IT Enterprise Services

Four Top Emagined Security Services

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

PCI General Policy. Effective Date: August Approval: December 17, Maintenance of Policy: Office of Student Accounts REFERENCE DOCUMENTS:

Information Security Incident Management Policy

Merthyr Tydfil County Borough Council. Information Security Policy

Connecting to a Massey Computer using XP s Remote Desktop via VPN

Customer Hosted Service Description and Service Level

Securing the NetSupport Client

Presented By: Daniel Chetty

Critical Data Guide. A guide to handling critical information at Indiana University

Information security and paper-based data storage and disposal. INFORMATION SECURITY POLICY Version 2.2

How To Audit Health And Care Professions Council Security Arrangements

SmartImpact MS Dynamics CRM. Support Service Definition

JOB DESCRIPTION. Assistant Director of Technology and Telecommunications

Policy Of Government of India

Connecting to the Remote Desktop Service

Remote Access Policy

A MERCHANTS GUIDE TO THE PAYMENT APPLICATION DATA SECURITY STANDARD (PA-DSS)

University of Sunderland Business Assurance PCI Security Policy

Web Site Download Carol Johnston

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Network Password Management Policy & Procedures

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

CWSI Service Definition for Server Monitoring

NHS FORTH VALLEY Information Governance Remote Working Guidance

UCLH VPN User Guide. January VPN User Guide v

Secondary School 1/04/2015. ICT Service Specification by: Andrea Warburton ONE IT SERVICES AND SOLUTIONS

NETWORK SECURITY GUIDELINES

View condition history for assets.

Using a VPN Connection

Foregenix Incident Response Handbook. A comprehensive guide of what to do in the unfortunate event of a compromise

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom

Information Security It s Everyone s Responsibility

Use of tablet devices in NHS environments: Good Practice Guideline

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

G-Cloud Service Definition. for. Xicon Cloud SCS - SQL Server Managed Services

V ISA SECURITY ALERT 13 November 2015

Downloading the UHVPN Client and setting up Cisco VPN on Windows 7

JOB DESCRIPTION BUSINESS DEVELOPMENT & PROJECT MANAGER

Policy Document. IT Infrastructure Security Policy

GCSx Guide for Internal Users. How to send sensitive business and personal information securely

encription IT Security and Forensic Services

Dene Community School of Technology Staff Acceptable Use Policy

ICT Password Protection Policy

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

UCSD Credit Card Processing Policy & Procedure

NETWORK SECURITY POLICY

Transcription:

Document Title: Version: ISP6.0 Approval Dates: This policy was originally approved on: [02 Apr 2009] This version was approved on: [27 January 2016] This version takes effect from: [27 January 2016] This policy will be reviewed by: [15 Mar 2017] Approved By: Prepared By: Nicola Wittman Alan Mose Contact: IT Support Desk (ext.412) Service Delivery Manager (ext 520)

Contents Document Control 3 Document Amendment History 3 1 Purpose 4 2 Scope 4 3 Governance factors 4 4 Remote Access Methods 4 5 Use of Remote Access methods 5 6 Usage Restrictions 5 7 Methods of compliance with the controls 6 8 PSN Code of Connection 6 Page 2 of 6

Document Control Organisation Title Creator Review date Uttlesford District Council Nicola Wittman Document Amendment History Revision Originator of Date of Change Description No. change change 1 Nicola Wittman 15/4/09 Updates 2 Nicola Wittman 22/3/10 Updates 3 Nicola Wittman 6/9/11 Updates 4 Nicola Wittman 5/11/12 Updates 5 Nicola Wittman 30/11/13 Updates 6 Nicola Wittman 10/3/15 Updates 7 Nicola Wittman 13/1/2016 Updates Page 3 of 6

1 Purpose Remote access is connecting to the corporate computer system by Council owned equipment. The provision of Remote Access must be controlled in order to protect Council systems. The controls determine who can access Council systems, how they can access and what can be accessed. 2 Scope Council systems can be accessed remotely by various people: Councillors and Staff whilst out of the office. Staff to provide support for systems Suppliers to provide Remote Administration on systems Third Parties requiring access to Council systems 3 Governance factors Controls on remote connections to the corporate network arise from the rules predefined in the Codes of Connections required to allow Councils to use secure networks. Examples of secure networks include, but are not limited to: Public Sector Network (PSN) Payment Card Industry Data Security Standard (PCI DSS) Remote connections must not be allowed to compromise compliance with a secure network Code of Connection. It is therefore a council requirement that remote access to secure networks such as Government Connect and PCI meet the following: Only officially owned council equipment is used. Only Uttlesford ICT approved software will be installed. Whilst connected access to the internet is restricted to Citrix only and not through the remote users broadband. Commercial anti-virus software will be installed on the council equipment with the virus database updated at least daily. The operating systems (Windows) will be kept patched in accordance with the council s patch management policy. Removable media, such as CD/DVD drives and USB ports will be disabled. 4 Remote Access Methods The following methods provide remote access Virtual private Network (VPN) o This uses an approved client installed on a computer which provides direct encrypted connectivity into the corporate network. Page 4 of 6

Aventail o Aventail provides secure remote access and uses Citrix Zenapps to present the applications. Third party remote support tools from the internet (logmein123). 5 Use of Remote Access methods The methods of remote access are only to be used in the following circumstances. VPN o The connections between Great Dunmow, Newport and Saffron Walden offices. Aventail o Staff to provide support for systems. o Access to email and files whilst out of the office. o Suppliers to provide remote administration on systems. o Approved third parties requiring access to Council systems. Remote Access web tools o Essential support for systems that cannot be provided by other means. 6 Usage Restrictions VPN o On Council computers, VPN must only be enabled using approved software installed by ICT. o On Suppliers computers, used to provide remote administration on systems, VPN must only be enabled using approved software and must only give access to the system being supported. Remote Access web support o Access to Remote Web support websites must be individually approved. o Remote access sessions initiated by the supplier must have the support session start logged. o Access must only be allowed when all applications apart from the supported application have been closed. o All files transferred to the corporate network in order to facilitate the connection must be removed when the session is finished. o The supplier must inform ICT when the session has finished. Aventail o Each approved user will be given a SMS passcode via a text to their mobile phone. Page 5 of 6

o Passcodes are not to be shared. o Once the requirement for Aventail access has finished, the ICT section must be notified. 7 Methods of compliance with the controls Councillors or Staff must initiate a security incident report if there is any actual or attempted remote access to the Council corporate system that has not been approved, or may compromise a code of connection to a secure network. 8 PSN Code of Connection This policy has been prepared in accordance with the new PSN Code of Connection. Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information