Remote Access Policy

Remote Access Policy

SOC2 CertificationNetspective Unified Process
 

This Remote Access policy establishes rules and requirements that enable users to connect to Netspective Communications LLC’s network from any remote host or system, including personal devices. The objective of these rules and requirements is to reduce the likelihood of data loss or exposure. They aim to protect Netspective Communications LLC from unauthorized use of its resources and the negative consequences that may result, such as loss of confidential data, intellectual property, harm to reputation, damage to critical internal systems, and financial liabilities. [FII-SCF-016-NET-14]

Security Requirements for Remote Hosts and Mobile Computing Equipment

  • When using remote hosts and mobile computing equipment to connect to the Netspective Communications LLC’s systems or work with its data, users must ensure that unauthorized persons cannot read information on the device (e.g. displayed on the screen).
  • Users must update and patch remote hosts for the latest security updates on at least a monthly basis.
  • Users must install and update endpoint protection software (e.g. malware scanner) on remote hosts at all times. [FII-SCF-010-END-04-2]
  • Users of mobile computing equipment off-premises are responsible for regularly backing up organizational data that resides on the device.
  • All users requiring remote access to the Netspective Communication LLC's systems must use an encrypted and authenticated VPN connection with multi-factor authentication enabled. The Netspective Communication LLC's information technology team must provision all users with VPN credentials. Users must rotate VPN keys at least twice per year.
  • Enterprise applications should allow users to use them over the public internet, and users should log on to applications rather than networks. [FII-SCF-012-IAC-01-3]

Users list


Approved by
Ajay Kumaran Nair on August 9, 2023 |
Last Updated by
Sreejith K on August 9, 2023