The following list of IT Security best practices standards are provided for employees and supervisors to review when considering a teleworking proposal. If an employee is submitting a teleworking proposal or working remotely they will need to review this information, then sign, along with their supervisor, acknowledging their comprehension and responsibility to adhere to these recommendations.
Once completed, the signed copy of the standards agreement (statements 1-15 below) along with the workplace flexibility proposal is submitted to the designated recipients.
IT Security Standards adherence form for teleworking proposals
- I will follow good information security practices as described at https://www.unh.edu/it/information-security-services/good-practices-procedures
- I will use University-issued equipment whenever possible (i.e. University laptops).
- It is my responsibility to ensure that the equipment I use for teleworking meets all UNH IT security requirements to include:
- Configure all equipment in accordance with the UNH PDNC4 standard.
- Encrypt all media (i.e. internal hard drives, external hard drives, flash drives).
- Enable all security features on equipment (i.e. passwords, screen locks, remote wipe).
- Enable all automatic operating system, application security and malware protection updates
- If I am unable to accomplish these security measures independently, UNH IT can assist me. (Visit https://www.unh.edu/it/information-security-services or call 862-4242).
- I will not share University-issued equipment (i.e. with other family members).
- I will protect equipment from theft when not in use.
- I will protect all printed material from unauthorized access.
- I will log into the UNH VPN (Pulse Secure) prior to logging into University systems remotely.
- I will store all University information on University servers whenever possible. If not possible, temporary storage of non-restricted data on password protected and encrypted mobile devices (i.e. laptop, jump drive) are permissible with prior supervisor approval. Storage of restricted data on computers, external media and mobile devices must be approved in advance by IT Security to ensure appropriate protections will be implemented.
- I will not use public machines to log into University systems that contain restricted information (i.e. Banner) or public networks, and will not use passwords used for restricted environments on public machines or for other purposes.
- I will familiarize myself with phishing and vulnerability alerts at https://www.unh.edu/it/information-security-services and obtain training from UNH IT if unclear about these standards.
- I will review the UNH IT Policy and Security information at: https://www.unh.edu/it/information-security-services/information-security-policies-standards-and-procedures
- I will report all IT security breaches or equipment compromises immediately by: calling 862-4242 during customary work hours or calling 862-1427 outside of customary work hours.
- I will review IT security services training material and this policy at least annually.
- My supervisor and I will verify my equipment’s configuration is secure to current UNH IT standards at least annually.
Additional UNH Information Technology resources for teleworking or working from Remote Sites
- Email: UNH Exchange email is accessed using MS Outlook or through the Web using a web browser (i.e. Internet Explorer or Firefox). More information on MS Outlook is available on UNH IT's website for Exchange configuration.
- Computer Security: The UNH Virtual Private Network - Pulse Secure (VPN) is needed to access information systems, such as FIS, SIS, and HRIS, from a remote site. The VPN should be used for all remote access to the university because it protects the communication between your computer and the campus.
- Checking Office Voice Mail
- Forwarding Your Office Phone
- Set up Zoom account
- Information Technology Security Updates (i.e. phishing examples and update alerts)