CSIA 413 Week 5: Discussion: Issue Specific Policies: Remote Access Policy

Purpose

Remote Access Policy (RAP) was established to provide Red Clay workers with a safe, legally acceptable way to access client data while they’re not in the office. The Payment Card Industry Data Security Standard (PCI-DSS), the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and the Red Flags Rule all mandate the implementation of the policy (Sparks,2018). These rules are meant to prevent the misuse of private information provided by customers, such as credit card details, medical records, and other forms of identity.

The goal of this policy is to provide workers with a set of rules to follow while accessing client records from off-site locations, using either their own devices or those provided by the organization. The policy will guarantee that client data is always secure and assist reduce the dangers associated with remote access. Red Clay will be able to meet regulatory obligations and keep its consumers' confidence with this policy’s assistance.

Scope

Anyone working for Red Clay who uses their own devices or the companies to access client data from outside the office must comply with this policy. Red Clay’s remote workers, personnel on business trips, and clients who need access to the customer database must adhere to this policy (Zomers, 2017). This policy covers how to protect your computer, phone, or other mobile devices while connecting to the company’s servers remotely. The scope of this policy covers the use of virtual private networking (VPN) for secure remote access to Red Clay’s servers and networks, as well as the security of all computer systems and mobile devices used for remote access. The policy covers the transmission of customer information and the storage of customer information on personal devices. The policy also covers the reporting of lost or stolen devices and the reporting of suspicious or unauthorized access attempts.

This policy is a critical component of Red Clay’s overall information security program and is intended to protect the confidentiality, integrity, and availability of customer information. By following this policy, employees will help ensure the security of customer information and maintain the trust and confidence of Red Clay’s customers.

Policy

The following policy statements outline the specific requirements and expectations for employees accessing customer information remotely.

All employees must use a VPN when accessing the company’s servers from outside of the office.

Employees must ensure that all computers, laptops, and mobile devices used for remote access are protected by up-to-date antivirus software and firewalls.

Passwords used for remote access must be strong, unique, and changed regularly.

Employees must use only approved and encrypted communication methods, such as encrypted email, to transmit customer information.

Employees must lock their computers or mobile devices when they are not in use, especially when in public places.

Employees must not store customer information on personal devices unless it is encrypted.

Employees must immediately report any lost or stolen devices containing customer information to their manager and the IT department.

Employees must not share their remote access credentials with anyone.

Employees must immediately report any suspicious or unauthorized access attempts to their manager and the IT department.

Non-compliance

Employees who violate this policy will be subject to disciplinary action, which may include termination of employment and possible legal consequences for inappropriate or unauthorized disclosures of customer information.

Red Clay is committed to protecting customer information and complying with regulatory requirements (Jaeger,2020). By following this policy, employees will help ensure the security of customer information and maintain the integrity of the company.

References

Sailer, R., Jaeger, T., Zhang, X., & Van Doorn, L. (2020, October). Attestation-based policy enforcement for remote access. In Proceedings of the 11th ACM conference on Computer and communications security (pp. 308-317).

Zomers, A. (2017). Remote access: Context, challenges, and obstacles in rural electrification. IEEE Power and Energy Magazine, 12(4), 26-34.

Sparks, R., Carter, C., Donnelly, J. B., O’Keefe, C. M., Duncan, J., Keighley, T., & McAullay, D. (2018). Remote access methods for exploratory data analysis and statistical modeling: Privacy-Preserving Analytics®. Computer methods and programs in biomedicine, 91(3), 208-222.