Telecommuting Technical Requirements

By accessing ÒùÐÔÊÓƵ technology services with personal equipment, users must understand that their machines are a defacto extension of the ÒùÐÔÊÓƵ network, and as such are subject to the same rules and regulations that apply to ÒùÐÔÊÓƵ owned equipment, i.e., their machines must be configured to comply with all ÒùÐÔÊÓƵ security policies. All computers connected to ÒùÐÔÊÓƵ campus networks remotely must use up-to-date virus-scanning software and virus definitions. Additionally, all relevant security patches must be installed. The University is not responsible for supporting personally owned computers, including for flexible work arrangements. The University is not responsible for damage or loss to the personally owned equipment, and if used, is subject to the University’s right of inspection. There will be no expectation of privacy as to files kept on any computer used during a flexible work arrangement. It is the responsibility of the employee with telecommuting privileges to ensure that unauthorized users are not allowed access to ÒùÐÔÊÓƵ campus networks. Individuals accessing the University’s internal network, servers, and services must take responsibility for implementing the following safeguards on their devices and follow University Procedure 4200 at all times.

Desktop and mobile devices that contain or provide access to institutional data must be password protected against unauthorized access. These computers and devices should be shut down when not in use for extended timeframes. The device should always be monitored to ensure no other individuals have access to the computer while using ÒùÐÔÊÓƵ services. Any remote access services used while telecommuting are to be used solely for ÒùÐÔÊÓƵ business and/or to support academic initiatives.

Remote access through VDI is controlled using two-factor authentication composed of an ID and a one-time-use passcode. For ÒùÐÔÊÓƵ employees using remote access technologies (VDI), the user ID is in the form of their Go ÒùÐÔÊÓƵ Portal username and password. The passcode is provided to the user via either a physical (hard) or application-based (soft) encrypted token.

Remote access gateways (VPN) on the campus network are provisioned by ÒùÐÔÊÓƵ’s Information Security team and are issued at the discretion of the Associate Director for Information Security or the Chief Information Officer. User created remote access gateways will not be permitted on the ÒùÐÔÊÓƵ network. Remote access users may be automatically disconnected from the ÒùÐÔÊÓƵ network after sixty minutes of inactivity. Artificial network processes are not to be used to keep connections alive.

Employees who telecommute or work remotely must comply with all University policies and procedures, including adequately safeguarding and securing any restricted or confidential information found in the Guidelines for Safeguarding Personally Identifiable and Confidential Information from Unauthorized or Accidental Disclosure. The employee shall, whenever possible, guarantee that an appropriate space is available in the home (or other approved remote site) to provide for an effective work environment and data integrity. The employee should not telecommute from a public place whenever avoidable.