IT Security Standards for Teleworking

The following list of IT Security best practices standards are provided for employees and supervisors to review when considering a teleworking proposal.  If an employee is submitting a teleworking proposal or working remotely they will need to review this information, then sign, along with their supervisor, acknowledging their comprehension and responsibility to adhere to these recommendations.  Once completed, the signed copy of the standards agreement (statements 1-15 below) along with the workplace flexibility proposal is submitted to the designated recipients.

IT Security Standards adherence form for teleworking proposals

  1. I will follow good information security practices as described at http://it.unh.edu/itsecurity.
  2. I will use University-issued equipment whenever possible (i.e. University laptops).
  3. It is my responsibility to ensure that the equipment I use for teleworking meets all UNH IT security requirements to include:
    1. Configure all equipment in accordance with the UNH PDNC4 standard.
    2. Encrypt all media (i.e. internal hard drives, external hard drives, flash drives).
    3. Enable all security features on equipment (i.e. passwords, screen locks, remote wipe).
    4. Enable all automatic operating system and application security update
  4. If I am unable to accomplish these security measures independently, UNH IT can assist me. (Visit http://it.unh.edu/itsecurity or call 862-4242).
  5. I will not share University-issued equipment (i.e. with other family members).
  6. I will protect equipment from theft when not in use.
  7. I will protect all printed material from unauthorized access.
  8. I will activate the UNH VPN prior to logging into University systems remotely.
  9. I will store all University information on University servers whenever possible. If not possible, temporary storage on password protected and encrypted mobile devices (i.e. laptop, jump drive) is permissible.
  10. I will not use public machines to log into University systems that contain restricted information (i.e. Banner) or public networks.
  11. I will familiarize myself with phishing and vulnerability alerts at http://it.unh.edu/itsecurity and obtain training from UNH IT if unclear about these standards.
  12. I will review the UNH IT Policy and Security information in the UNH Faculty and Staff Blackboard Organization.
  13. I will report all IT security breaches or equipment compromises immediately by: calling 862-4242 during customary work hours or calling 862-1427 outside of customary work hours.
  14. I will review IT security training material at least annually.
  15. My supervisor and I will verify my equipment’s configuration is secure to current UNH IT standards at least annually. 

Additional UNH Information Technology resources for teleworking or working from Remote Sites