Remote Access to IT Resources (VII.B.4C)

Information Technology

Remote Access to IT Resources (VII.B.4C)

Volume VII: Information Technology
Chapter B: Security
Responsible Officer: VCIS
Responsible Office: VCIS
Date Issued: May 24, 2005
Date Last Revised: November 18, 2011
Purdue Calumet Revision: January 24, 2012

TABLE OF CONTENTS

Statement of Policy
Reason for This Policy
Individuals and Entities Affected by This Policy
Who Should Know This Policy
Exclusions
Web Site Address for This Policy
Contacts
Definitions
Responsibilities
Procedures
Related Documents, Forms, and Tools
History and Updates
Appendices

STATEMENT OF POLICY

Remote access to Purdue University Calumet IT Resources must be accomplished in a manner that enables business, academic, and research activity, while preventing unauthorized access and protecting University IT Resources.

Remote access to IT Resources, unless otherwise specifically denied, is permitted under this policy. Nothing in this policy prevents university IT Resource owners, central and departmental IT units, or other designated individuals from implementing policies, standards, or guidelines related to Remote Access to university IT Resources or computing device use within their areas of responsibility.

REASON FOR THIS POLICY

Controlled access to IT Resources is essential for Purdue University Calumet to continue its mission of offering educational programs of excellence focused on the professional, general educational and lifelong learning needs of the people of the Calumet region. This policy describes the appropriate measures necessary for accessing Purdue University Calumet IT Resources from Remote Hosts.

This policy is guided by the following objectives:

  1. Preserve Purdue University Calumet’s ability to operate and maintain its IT Resources;
  2. Protect the security and functionality of university IT Resources and the data stored on those resources;
  3. Safeguard the privacy, property, rights, and data of users of university IT Resources;
  4. Preserve the integrity and reputation of the University;
  5. Comply with applicable federal, state, and local laws; and
  6. Comply with applicable university policies, standards, guidelines, and procedures.

INDIVIDUALS AND ENTITIES AFFECTED BY THIS POLICY

This policy covers students, faculty, staff, and all individuals or entities using any university IT Resource and all uses of such IT Resources.

WHO SHOULD KNOW THIS POLICY

President
Chancellors
Vice Presidents
Vice Chancellors
Deans
Directors
Department Heads and Chairs
Principal Investigators
Faculty and Staff
Students
Non-employee users of Remote Access to university IT Resources

EXCLUSIONS

Purdue University Calumet information security policies institute controls that are used to protect Purdue University Calumet data and IT Resources. While every exception to a policy or standard weakens protection for IT Resources and underlying data, occasionally exceptions will exist. The Security Policy Exception Procedure must be used when requesting an exception to Purdue University Calumet information security policies. The Chief Information Security Officer, or his or her designee, will approve or deny any request for an exception.

WEB SITE ADDRESS FOR THIS POLICY

http://webs.purduecal.edu/security/viib4/

CONTACTS

Subject

Contact

Telephone

E-mail/Web Address

Policy Clarification

Information Security and Assurance

989-2888

security-help@purduecal.edu


Vice Chancellor for Information Services


vcis@purduecal.edu

DEFINITIONS

IT Resource
All tangible and intangible computing and network assets provided by or for the University to further its mission of discovery, learning, and engagement. Examples of such assets include, but are not limited to, hardware, software, wireless access, network bandwidth, mobile devices, electronic information resources, printers, and paper.

Protected Health Information
Health information in any form that can be connected to a patient, including the individual’s past, present, or future physical or mental health or condition, the provision of healthcare to the individual, or the past, present, or future payment for the provision of healthcare to the individual.

Remote Access
Access to Purdue University Calumet IT Resources from an electronic or other device not directly connected to the Purdue University Calumet wired or wireless networks, but not including accesses to such IT Resources where Remote Access is considered a primary function and normative use. For example, use of a Web browser to remotely access a Purdue University Calumet Web page is not covered by this policy.

Remote Host
An electronic or other device used for Remote Access.

Remote User
Any user of IT Resources from a Remote Host.

RESPONSIBILITIES

Remote Users
Ensure that reasonable measures have been taken to secure the Remote Host used to access Purdue University Calumet IT Resources.

Prior to accessing IT Resources, follow this policy and any related standards and security requirements for any Remote Host. Remote Users must also follow any guidelines, procedures, or other requirements for Remote Access issued by their departmental IT units and/or owners of the IT Resource(s) to be remotely accessed.

Follow applicable university policies pertaining to data security and use, including but not limited to, the University’s Data Handling Requirements and any guidelines issued by the HIPAA Privacy Compliance Office for Remote Access to Protected Health Information.

Departmental IT Units and IT Resource Owners (and designees)
Ensure that reasonable measures have been taken to secure university IT Resources within their areas of responsibility that are to be remotely accessed.

Implement and monitor compliance with this policy and related standards on university IT Resources within their areas of responsibility.

PROCEDURES

Information Services will facilitate the establishment and maintenance of standards and technical reference materials to support this policy and post such information online.

Departmental IT units must follow standards issued by Information Services in support of this policy. Departmental IT units may also issue additional guidelines, procedures, or other requirements as necessary to secure departmental IT Resources which are to be remotely accessed. Specific reference materials for implementing security measures may vary from campus to campus or department to department.

In the event that an IT unit does not believe it can fulfill the requirements of this policy or its related standards and guidelines, the unit must request a policy exception using the Security Policy Exception Procedure.

Violations of this policy may result in disciplinary action or sanctions in accordance with university policy and procedures and applicable state and federal laws.

RELATED DOCUMENTS, FORMS, AND TOOLS

University IT policies:
webs.purduecal.edu/security

Security Policy Exception Procedure:
http://webs.purduecal.edu/security/deviation-procedure/

HIPAA Privacy Compliance Office:
www.purdue.edu/hipaa/

HISTORY AND UPDATES


January 24, 2012: References and links updated for Purdue University Calumet

November 18, 2011: Policy number changed to VII.B.4 (formerly V.1.6) and website address updated.

March 1, 2010: Significant revisions have been made to update this policy from its original interim version (issued May 24, 2005). It also has been formatted in the current policy template.

APPENDICES

There are no appendices to this policy.