The purpose of this standard is to establish the university’s obligation to ensure security measures are implemented to protect information accessed, processed or stored at teleworking sites.
It is the joint responsibility of the teleworking employee and departmental supervisor approving the teleworking agreement to ensure that measures are in place to protect information which may be accessed, processed or stored in a teleworking location. This standard applies to all employees working remotely including those participating in flexible work and telework arrangements.
Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISCompliancefirstname.lastname@example.org.
When employees and departments are considering virtual work arrangements or teleworking options, they should ensure that:
- Teleworking computer equipment has current malware/antivirus protection and operating system patches.
- The employee’s home wireless network is secured with a password.
- The employee is using a password-protected profile on the teleworking computer to prevent unauthorized individuals (e.g., family members, friends) from accessing university information.
- When working with sensitive university information, data files are stored only on approved cloud storage or university network drives.
NOTE: Departments should consider providing a university-owned machine which is maintained with current securities, policies, patches and updates.
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Initially approved by Information Assurance Committee 6/08/15