The purpose of this document is to provide guidance for protecting highly restricted university information resources from unauthorized access or disclosure when connecting to university systems remotely via UNC Charlotte’s Virtual Private Network (VPN).
This guideline is applicable to UNC Charlotte faculty, staff, students and all authorized users granted remote access to university information resources via the VPN. Every authorized user of university information resources has a responsibility to take appropriate measures to safeguard that information.
Direct any general questions about this guideline to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISCompliancefirstname.lastname@example.org.
Certain university systems contain highly restricted information and may be accessible only via the campus network. When authorized individuals have a business need to reach these restricted resources remotely, they may be provided with access to the university’s VPN solution which provides a mechanism for secure access.
Individuals granted access to the university VPN should:
- read the Standard for Responsible Use and understand that this standard extends to university resources accessed via the VPN.
- utilize computer equipment that has current malware/antivirus protection and current operating system patches.
- use a password-protected profile on the computer to prevent unauthorized individuals (e.g., family members, friends) from accessing university information.
- store sensitive university information data only on approved cloud storage or university network drives as outlined in the Guideline for Data Handling.
- not allow any unauthorized users to access university resources via the VPN.
- disconnect from the VPN when it is no longer needed. The VPN session will automatically terminate after a period of inactivity.
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Initial Draft 9/1/16
Information Assurance Committee Approval 9/23/16