Remote Access

Policy

Category: Information Technology
Subject: Remote Access
Division: Finance and Corporate Operations
Policy Number: CA.54.01.110
Effective Date: January 4, 2016

POLICY STATEMENT

1. It is the policy of Wellington-Dufferin-Guelph Public Health (WDGPH) to provide remote access to agency electronic resources which include but are not limited to web/ftp servers, electronic mail, file servers and telephony resources, to those individuals who require that access to perform their job functions.

2. The approval for access to electronic resources remotely implies compliance with the same policies that would apply to the use of these resources within the buildings of WDGPH.

3. Remote access mechanisms may be implemented to access company internal systems, networks and data only if:

  • Remote access can be justified to achieve a business or operational goal; and
  • Remote access can be implemented with sufficient security to minimize the risks of exposing company systems, networks and data.

4. Each remote access mechanism must be cost-justified and risk-justified on its own merits.

5. Remote access may be granted only to those users who have a business need to connect from an offsite location. All users must be approved by their Managers.

6. A user accessing a company system using a remote connection must:

  • Use WDGPH equipment that is up to date in terms of anti-virus and firewall protection;
  • Not be simultaneously connected to any other network with the exception of a personal network that is under the complete control of the user; and
  • Not use non-WDGPH email accounts, such as Hotmail, Yahoo, AOL etc. to conduct WDGPH business.

7. Wireless connection capability may only be enabled on a network-connected computer or laptop with the express consent of Information Technology (IT) Technical Support.

The purpose of this policy is:

  • To ensure all members are aware of the circumstances and restrictions where remote access is allowed and approved; and
  • To ensure that company systems, networks and data are adequately protected against external threats that may materialize through the implementation of a remote access mechanism.

SCOPE

This policy applies to all WDGPH systems which are candidates for remote access and all WDGPH employees authorized to use remote access to company systems.

RESPONSIBILITY

Directors will:

  • Approve remote access requests from Managers.

Program Managers will:

  • Approve remote access requests from their employees.

IT Technical Support will:

  • Ensure the technology will be configured and maintained.  This will include a VPN client supplied and installed by the IT Department.

All Employees will:

  • Configure their home Internet connections to be in compliance with the specifications published by the IT Department.  IT staff will not be responsible for configuring home Internet connections;
  • Protect their remote access mechanisms (passwords, appliances, etc.) against unauthorized use; and
  • Keep equipment with remote access capability in secure environments.

DEFINITIONS

Remotely – means at home, at a place of work outside WDGPH buildings (e.g. schools, hospitals, etc), a hotel and any other locale where an employee is performing their job function.

REFERENCES AND RELATED FORMS, POLICIES AND PROCEDURES

Corresponding Procedure: N/A

CONTACT FOR INQUIRIES

Manager, Operations and IT

APPROVED BY

Director, Finance and Corporate Operations