Purpose and Scope
The purpose of this policy is to define requirements for connecting to Helpwise’s systems and networks from remote hosts, including personally-owned devices, in order to minimize data loss/exposure.
This policy applies to all users of information systems within Helpwise. This typically includes employees and contractors, as well as any external parties that come into contact with systems and information controlled by Helpwise (hereinafter referred to as “users”). This policy must be made readily accessible to all users.
Background
The intent of this policy is to minimize Helpwise’s exposure to damages which may result from the unauthorized remote use of resources, including but not limited to: the loss of sensitive, company confidential data and intellectual property; damage to Helpwise’s public image; damage to Helpwise’s internal systems; and fines and/or other financial liabilities incurred as a result of such losses.
Within this policy, the following definitions apply:
- Mobile computing equipment : includes portable computers, mobile phones, smart phones, memory cards and other mobile equipment used for storage, processing and transfer of data.
- Remote host : is defined as an information system, node or network that is not under direct control of Helpwise.
- Telework : the act of using mobile computing equipment and remote hosts to perform work outside Helpwise’s physical premises. Teleworking does not include the use of mobile phones.
Policy
-
Security Requirements for Remote Hosts and Mobile Computing Equipment
-
Caution must be exercised when mobile computing equipment is placed or used in uncontrolled spaces such as vehicles, public spaces, hotel rooms, meeting places, conference centers, and other unprotected areas outside Helpwise’s premises.
-
When using remote hosts and mobile computing equipment, users must take care that information on the device (e.g. displayed on the screen) cannot be read by unauthorized persons if the device is being used to connect to Helpwise’s systems or work with Helpwise’s data.
-
Remote hosts must be updated and patched for the latest security updates on at least a monthly basis.
-
Remote hosts must have endpoint protection software (e.g. malware scanner) installed and updated at all times.
-
Persons using mobile computing equipment off-premises are responsible for regular backups of organizational data that resides on the device.
-
Access to Helpwise’s systems must be done through an encrypted and authenticated connection with multi-factor authentication enabled. All users requiring remote access must be provisioned with Amazon Web Service's credentials from Helpwise’s information technology team.
-
Information stored on mobile computing equipment must be encrypted using hard drive full disk encryption.
-
Security Requirements for Telework
-
Employees must be specifically authorized for telework in writing from their hiring manager .
-
Only device’s assigned owner is permitted to use remote nodes and mobile computing equipment. Unauthorized users (such as others living or working at the location where telework is performed) are not permitted to use such devices.
-
Users performing telework are responsible for the appropriate configuration of the local network used for connecting to the Internet at their telework location.
-
Users performing telework must protect Helpwise’s intellectual property rights, either for software or other materials that are present on remote nodes and mobile computing equipment.
Last updated: 2nd November 2021