Remote Access Policy

1.0 Purpose

Remote access to ~~our~~the ~~corporate~~organization's network is ~~essential~~crucial tofor ~~maintain~~operational ~~our~~efficiency ~~Team’s~~and ~~productivity,~~productivity. ~~but~~However, inconnections ~~many cases this remote access originates~~originating from ~~networks~~external ~~that~~networks, which may ~~already be compromised or are at a significantly~~have lower security ~~posture~~standards ~~than~~or ~~our~~potential ~~corporate~~compromises, ~~network.~~introduce inherent ~~While~~risks. ~~these remote networks are beyond the control of Precision Computer's policy, we must mitigate these external risks the best of our ability.~~

The purpose of this policy is to ~~define~~establish the rules and requirements for ~~connecting~~all remote connections to ~~<Company~~the ~~Name>'~~organization's ~~network from any host.~~network. These ~~rules and requirements~~measures are designed to minimize ~~the~~ potential exposure toand ~~<Company~~mitigate ~~Name>~~risks, ~~from damages which may result from unauthorized use of <Company Name> resources. Damages include~~including the loss or compromise of sensitive ~~or company confidential~~ data, ~~intellectual property, damage to public image,~~ damage to critical ~~<Company~~systems, ~~Name>~~reputational ~~internal systems,~~harm, and ~~fines~~potential legal or ~~other~~ financial ~~liabilities incurred as a result of those losses.~~liabilities.

2.0 Scope

This policy applies to all ~~<Company Name>~~ employees, contractors, ~~vendors~~vendors, and agents ~~with~~of athe ~~<Company~~organization ~~Name>-~~("Authorized Users") utilizing any computer or device (whether organization-owned or personally-~~owned computer or workstation used~~owned) to connect to the ~~<Company~~organization's ~~Name>~~network ~~network.~~from a remote location. This ~~policy~~includes, ~~applies~~but tois ~~remote~~not ~~access~~limited ~~connections~~to, ~~used~~accessing toemail, dointranet ~~work~~resources, or performing any work-related tasks on behalf of ~~<Company~~the ~~Name>,~~organization. ~~including reading or sending email and viewing intranet web resources.~~ This policy ~~covers~~encompasses ~~any~~all methods and ~~all~~technologies used for remote access.

3.0 Policy Statements

The following statements define the specific rules, responsibilities, and technical ~~implementations~~requirements ofgoverning remote access ~~used~~ to ~~connect~~the toorganization's ~~<Company Name> networks.~~network:

3.1 General Principles and Responsibilities

It* is**Security ~~the~~Equivalence:** ~~responsibility~~Authorized ofUsers ~~<Company Name> employees, contractors, vendors and agents with remote access privileges to <Company Name>'s corporate network to~~must ensure ~~that~~ their remote access connection security is ~~given~~maintained at a level equivalent to that expected within the ~~same~~organization's ~~consideration~~physical aspremises.
* **Authorized Use Only:** Access privileges are granted solely for conducting organizational business. Performance of illegal activities or pursuing outside business interests via the ~~user'~~organization's ~~on-site connection to <Company Name>.~~

~~General access to the Internet for recreational use through the <Company Name>~~ network is strictly ~~limited~~prohibited. toRecreational ~~<Company~~use ~~Name>~~of ~~employees,~~the ~~contractors,~~internet ~~vendors~~through the remote connection should be minimal and ~~agents~~must ~~(hereafter~~comply ~~referred to as “Authorized Users”).~~ ~~When accessing~~with the ~~<Company~~organization's ~~Name>~~Acceptable ~~network~~Use ~~from~~Policy.
* a**User ~~personal computer,~~Accountability:** Authorized Users are responsible for safeguarding their access credentials (logins, passwords, tokens) and preventing unauthorized use of their connection or access to ~~any <Company Name> computer~~organizational resources ~~or data~~ by non-Authorized ~~Users.~~ ~~Performance of illegal activities through the <Company Name> network by any user~~Users (~~Authorized~~including orfamily ~~otherwise)~~members). ~~is prohibited.~~ The Authorized User ~~bears~~is ~~responsibility~~accountable for ~~and~~all ~~consequences~~activities ofconducted ~~misuse~~through oftheir access credentials.
* **Acceptable Use:** All remote access activities must adhere to the ~~Authorized User’~~organization's ~~access.~~ ~~For further information and definitions, see the~~ Acceptable Use Policy.

~~Authorized~~3.2 ~~Users~~Technical ~~will not use <Company Name> networks to access the Internet for outside business interests.~~Requirements

~~For~~* ~~additional~~**Secure ~~information regarding <Company Name>'s remote access connection options, including how to obtain a remote access login, free anti-virus software, troubleshooting, etc., go to the~~Connections:** Remote ~~Access Services website (company url).~~

~~Requirements~~

~~Secure remote~~ access must be ~~strictly~~established ~~controlled~~using ~~with~~organization-approved secure methods, typically involving encryption ~~(i.e.,~~technologies like Virtual Private Networks (VPNs)). ~~and~~Connections must be authenticated using strong ~~pass-phrases.~~credentials, ~~For~~adhering ~~further information see~~to the ~~Acceptable Encryption Policy and the~~organization's Password Policy.
*

**Endpoint

~~Authorized~~Security:** ~~Users~~All ~~shall~~devices ~~protect~~(organization-owned ~~their~~or ~~login~~personal) used for remote access must have organization-approved, up-to-date endpoint security software installed and ~~password,~~active, ~~even~~including ~~from~~anti-virus/anti-malware ~~family members.~~

~~While using a <Company Name>-owned computer to remotely connect to <Company Name>'s corporate network,~~protection. Authorized Users ~~shall~~should ~~ensure~~utilize ~~the~~organization-provided ~~remote~~resources ~~host~~or isdesignated ~~not~~internal portals to obtain required security software.
* **Network Isolation:** When connected to ~~any~~the ~~other~~organization's network ~~at the same time, with the exception of personal networks that are under their complete control or under the complete control of an Authorized User or Third Party.~~

~~Use of external resources to conduct <Company Name> business must be approved in advance by Precision Computer and the appropriate business unit manager.~~

~~All hosts that are connected to <Company Name> internal networks~~ via remote access ~~technologies~~using an organization-owned computer, Authorized Users must ~~use~~ensure the ~~most~~device ~~up-to-date~~is ~~anti-virus~~not ~~software~~simultaneously ~~(place url~~connected to ~~corporate~~other ~~software~~untrusted ~~site~~or ~~here),~~public ~~this~~networks. ~~includes~~Connections ~~personal~~to ~~computers.~~personally ~~Third~~controlled, ~~party~~secured ~~connections~~home ~~must~~networks ~~comply~~may ~~with~~be ~~requirements~~permissible asif ~~stated~~configured inaccording ~~the~~to ~~Third~~organizational ~~Party~~guidelines. ~~Agreement.~~Split-tunneling

configurations

~~Personal~~require ~~equipment~~explicit approval based on security assessments.
* **Configuration Standards:** All devices used tofor ~~connect~~remote toaccess, ~~<Company~~including ~~Name>'s~~personally-owned ~~networks~~equipment, must meet the ~~requirements~~minimum ofsecurity ~~<Company~~configuration ~~Name>-owned~~standards ~~equipment~~defined ~~for~~by ~~remote~~the ~~access~~organization (as ~~stated~~detailed in the relevant Hardware and Software Configuration Standards ~~for~~document).
* ~~Remote~~**Third-Party ~~Access~~Access:** Connections by third parties must comply with the requirements outlined in specific Third-Party Agreements and this policy.

3.3 Use of External Resources

The use of external resources (e.g., non-organizational systems or cloud services) to ~~<Company~~conduct ~~Name>~~organizational ~~Networks.~~business

via

remote

~~Compliance~~connection ~~Measurement~~

requires

~~The~~prior approval from both the relevant business unit manager and the designated IT authority (e.g., Precision Computer ~~Team~~team, Internal IT Security).

4.0 Compliance

4.1 Compliance Measurement

The designated IT authority (e.g., Precision Computer team, Internal IT Security) will verify compliance towith this policy through various ~~methods,~~methods. ~~including~~These may include, but are not limited to, ~~periodic walk-thrus, video~~network monitoring, ~~business~~log ~~tool~~reviews, ~~reports,~~audits (internal and ~~external~~external), ~~audits,~~security scans, and ~~inspection,~~inspection ~~and~~of connected devices. Findings will ~~provide~~be ~~feedback~~reported to the policy owner and ~~appropriate~~relevant ~~business unit manager.~~ management.

4.2 Exceptions

Any exception to ~~the~~this policy ~~must~~requires formal, documented justification and advance approval from both the designated IT authority responsible for remote access services and potentially other relevant stakeholders (e.g., IT Security). Approved exceptions will be ~~approved~~reviewed ~~by Remote Access Services and the Precision Computer Team in advance.~~ periodically.

An4.3 ~~employee~~Enforcement

~~found~~

Failure to ~~have~~comply ~~violated~~with this policy by Authorized Users may beresult ~~subject to~~in disciplinary action, up to and including termination of ~~employment.~~employment or contract. Access privileges may be revoked immediately pending investigation of violations.

Authorized Users should familiarize themselves with the following ~~policies~~related ~~for~~organizational ~~details of protecting information when accessing the corporate network via remote access methods, and acceptable use of <Company Name>’s network:~~documents:

* Acceptable Encryption Policy

Acceptable Use Policy
*

Password Policy

Third Party Agreement

/ Policy
* Hardware and Software Configuration Standards for Remote Access ~~to <Company Name> Networks~~