Policy
The College requires users to receive approval to access certain technological assets from locations other than College-owned computers located at Labouré College. Users are required to follow certain practices to avoid the disclosure of sensitive College information or personally-identifiable student information covered by the federal and state regulations. This policy should be applied and reviewed in conjunction with the College’s Written Information Security Program.
Procedure
Remote access available
Web-enabled information systems
• Student and Staff e-mail systems
• Student and Faculty Learning Management Systems (LMS)
• Faculty and Staff Jenzabar Internet Campus Solution (JICS)
• Staff and Faculty Human Resources information systems (HRIS) for payroll and timekeeping purposes
• Student and Faculty medical records and immunization tracking systems
• Student and Faculty criminal records tracking systems
• Student, Faculty, and Staff technology help desk systems
• Student and Faculty remote meeting systems, such as GoToMeeting
Virtual Private Network (VPN) access
• Access to all core network services and servers
• Personal and departmental network drives
• Jenzabar EX student information management system
• PowerFAIDS
Who may request remote access
All Labouré College web-enabled information systems are available to employees and students with restriction based on role, though users are cautioned to keep their access information (user ID and password) secure. Access to these systems is generally provided automatically when an individual becomes a student or employee, with no additional requests for approval needed.
Access to VPN-controlled network assets is restricted to approved College employees only with a demonstrable need unable to be satisfied through web-enabled information systems. In extremely rare situations, external vendors and managed service providers may also be granted VPN access to select College systems. VPN access requires software installation on any computer that will connect to the College’s VPN.
How to request remote access
No request is necessary to access web-enabled information systems.
To access VPN-controlled network assets, a request must be made in writing describing the network access required, as well as a brief justification for remote access to the Information Technology Department. All requests for employee access require approval from Vice President to whom the employee’s department reports and the Chief Financial Officer. The approvals need to be in the form of an e-mail to the College Information Technology staff
Student or temporary network users will not be permitted access to VPN-enabled network assets.
Guidelines for web-enabled information system remote access usage
All users connecting to VPN-controlled network assets will be required to use two-factor authentication systems to ensure security of these network assets.
Because remote access to web-enabled information systems generally involves the use of non-College technologies, users are required to follow these guidelines:
• Always maintain anti-virus and anti-malware software on all computers used to connect.
• Never share user IDs and passwords for remote access with anyone
• Never download any report or file containing personally-identifiable student information to any device not owned by Labouré College and be able to justify the need to download this type of information.
• Never download any report or file containing information or images containing financial information of students or employees that could be used for identity theft or other malicious activities.
Guidelines for Virtual Private Network (VPN) access
All users connecting to VPN-controlled network assets will be required to use two-factor authentication systems to ensure security of these network assets.
VPN access to College systems is only permitted on College-owned devices and users are required to follow these guidelines:
• Never share your VPN enabled device with other users.
• Never share user IDs and passwords for remote access with anyone
• Never download any report or file containing personally-identifiable student information to any device not owned by Labouré College and be able to justify the need to download this type of information.
• Never download any report or file containing information or images containing financial information of students or employees that could be used for identity theft or other malicious activities.
• Do not use removable media such as external hard drives or flash drives to store College data.
Limits on the use of personal devices to access College systems
An increasingly common occurrence is the use of personal equipment by students and staff to access College network system, called “Bring your own device” (BYOD). This BYOD behavior is supported by the College, but with the following restrictions
• The College does not provide remote access to individual user’s college-owned computers.
• The College does not permit non-College devices to connect to network resources such as Network Drives and Printers.
• The College does not reimburse employees or students for any cost associated with remote access.
• The College IT staff make only “best-effort” attempts to support end-users’ ability to connect their personal device to the College internet.
• The College reserves the right to take any and all actions necessary to ensure the College resources are not degraded or compromised. This includes banning student or staff devices from College networks if it is determined that they have been compromised; in such situations, it is solely the responsibility of the end user to resolve any issues with the personal hardware and demonstrate full resolution before it will be allowed access to College network assets again.