10. Only work related content that the user creates or which comes from a trustworthy sources that can be opened by standard CCAC applications can be saved to the user’s (F:) drive and shared folders (U:). Executable computer applications and multimedia files cannot be saved to these folders. 11. Remote access to desktop, laptop, and portable computing devices at CCAC is prohibited, unless specific permission has been granted by Chief Information Officer. 12. In situations where external technical support is required from a vendor or non-CCAC support group and remote access is required, specific written permission from the ITS is required. When this type of external support is necessary, the actions being performed on that computer must be monitored by the user and ITS support staff. 13. Use of cloud based external services and technologies to gain remote control of a CCAC desktop, laptop, portable computing device and store, receive and transmit data is prohibited. 14. The vendors and contract workers that are approved to have remote access to the college’s networks and systems and the data contained therein must agree to and execute CCAC’s “Third Party System Access Agreement” before access will be granted. In signing the agreement, the vendor/contract worker acknowledges that he or she has read and agrees to abide by this Remote Access Regulations and all College policies. If the contract worker will have access to confidential information, he or she will be required to submit the result of background check and must complete the online security awareness training. 15. Users that utilize personal devices to connect to CCAC’s networks acknowledge and understand that, as a result of such use, these personally owned devices may store and maintain a record of the information, documents and data created, stored or transmitted during or through such use. By using the remote access facilities, users acknowledge and agree that if data or information contained on their personal devices becomes the subject of or potentially relevant to litigation or other legal proceedings, the user will be obligated to maintain and preserve such information and data, as well as potentially make the device available for inspection and copying of relevant data and information stored upon the device. C OMPLIANCE M ONITORING The Information Technology Services Department will verify compliance with this policy through various methods, including but not limited to by utilizing system access monitoring and reporting tools, audits, inspections, and will provide feedback to the Chief Information Officer, Human Resources Office and appropriate business unit manager(s) when an issue arises. Failure to comply with the requirements set forth in this regulation will result in the user’s remote access capability being revoked until he or she produces proof that the problems have been remedied. Employees who violate the requirements of this regulation may also be subject to corrective action, up to and including termination of employment. Deliberate, unauthorized disclosure of confidential information may further result in civil and/or criminal penalties.
150|Page
Made with FlippingBook Learn more on our blog