Remote access policy
This policy outlines guidelines and processes for requesting, obtaining, using and terminating remote access to organization networks, systems and data. It applies to scenarios where employees connect remotely to in-house data centers as well as offsite facilities, such as cloud providers.
From the policy:
DETERMINING ELIGIBLE USERS
Only users with a demonstrable business need to connect to company resources shall be provided with remote access capabilities. This will obviously apply to offsite workers by default, but onsite workers should be screened accordingly. Users with access to credit card data, for instance, may be ineligible for remote access capability if this would pose a security or financial risk. Users whose job responsibilities involve hands-on or face-to-face interaction may also be restricted from remote access privileges.
Employee eligibility to remotely access the organization’s computer network will be determined by their respective managers. The IT department must also approve each staff member’s remote access use.