2.7 Remote Access Policy Case Study
2.7 Remote Access Policy
2.7.1 It is the responsibility of all Meditech employees, contractors and vendors with remote access privileges to Meditech ‘s corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to Meditech.
2.7.2 Secure remote access must be strictly controlled. Control will be enforced by two factor authentication.
2.7.3 Vendor accounts with access to the company network will only be enabled during the time period it is required and will be removed or disabled once it is no longer required.
2.7.4 Remote access connection will be setup to be disconnected automatically after 30 minutes of inactivity
2.7.5 All hosts that are connected to Meditech internal networks …show more content…
To ensure that security risks are identified and controlled, such access, whether on site or remote, must be managed in accordance with the “Method Statement - Managing third party access”.
2.8.4 Third parties might occasionally require physical access to areas where Meditech IT equipment is located such as data centres and wiring centres. Such access must be agreed in advance with the relevant Meditech manager and is subject to formal risk assessment. Access controls must be used and logs maintained.
2.8.5 For any third party access, Meditech and third party must agree in advance a code of practice and non-disclosure agreement to protect University information and working practices.
2.8.6 Third party access arrangements will be reviewed on an annual basis to ensure information security risks are being managed effectively and validate that access is still …show more content…
The making and taking of personal calls is allowable provided users keep these to a minimum.
2.9.2 Users must respect the privacy of others at all times and not attempt to access calls where the user is not the intended recipient or log into voice mail accounts that the user is not expressly authorised to access.
2.9.3 Meditech mobile phones devices are to be used for work-related purposes. A taxable benefit will not be treated as arising where any private use is incidental.
2.9.4 Mobile phone devices are assigned to a position or function and not to individual; however the post holders name is supplied to the mobile phone device supplier.
2.9.5 The mobile phone device may only be used by an assigned Meditech employee and must not be used by any other Meditech employees or third parties without the prior authorisation of the local mobile phone device administrator.
2.9.6 Users must ensure that they use Meditech mobile phone devices at all times in a manner which is lawful, ethical and efficient. Meditech may withdraw a mobile phone device from any employee who it believes is not complying with this policy or who misuses a mobile phone device in any
2.7.1 It is the responsibility of all Meditech employees, contractors and vendors with remote access privileges to Meditech ‘s corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to Meditech.
2.7.2 Secure remote access must be strictly controlled. Control will be enforced by two factor authentication.
2.7.3 Vendor accounts with access to the company network will only be enabled during the time period it is required and will be removed or disabled once it is no longer required.
2.7.4 Remote access connection will be setup to be disconnected automatically after 30 minutes of inactivity
2.7.5 All hosts that are connected to Meditech internal networks …show more content…
To ensure that security risks are identified and controlled, such access, whether on site or remote, must be managed in accordance with the “Method Statement - Managing third party access”.
2.8.4 Third parties might occasionally require physical access to areas where Meditech IT equipment is located such as data centres and wiring centres. Such access must be agreed in advance with the relevant Meditech manager and is subject to formal risk assessment. Access controls must be used and logs maintained.
2.8.5 For any third party access, Meditech and third party must agree in advance a code of practice and non-disclosure agreement to protect University information and working practices.
2.8.6 Third party access arrangements will be reviewed on an annual basis to ensure information security risks are being managed effectively and validate that access is still …show more content…
The making and taking of personal calls is allowable provided users keep these to a minimum.
2.9.2 Users must respect the privacy of others at all times and not attempt to access calls where the user is not the intended recipient or log into voice mail accounts that the user is not expressly authorised to access.
2.9.3 Meditech mobile phones devices are to be used for work-related purposes. A taxable benefit will not be treated as arising where any private use is incidental.
2.9.4 Mobile phone devices are assigned to a position or function and not to individual; however the post holders name is supplied to the mobile phone device supplier.
2.9.5 The mobile phone device may only be used by an assigned Meditech employee and must not be used by any other Meditech employees or third parties without the prior authorisation of the local mobile phone device administrator.
2.9.6 Users must ensure that they use Meditech mobile phone devices at all times in a manner which is lawful, ethical and efficient. Meditech may withdraw a mobile phone device from any employee who it believes is not complying with this policy or who misuses a mobile phone device in any