Virtual Private Network Policy

Virtual Private Network Policy

1. Purpose
The purpose of this policy is to provide guidelines for utilizing the Ohio Christian University (OCU) Virtual Private Network (VPN) to connect to the OCU campus network.

2. Scope

This policy applies to all OCU employees, consultants, contractors, temporaries, and other workers including all personnel affiliated with third parties who utilize the OCU VPNs to access the OCU network.

3. Definitions

1. A Virtual Private Network (VPN) utilizes the Internet to carry private data. This is accomplished by encrypting the connection so that secure communications can occur between a properly configured computer located anywhere with an Internet connection and the OCU network. In practice this means that employees can access technology resources which are located on the OCU network in much the same way that they would access those resources if they were physically located at the OCU campus.
2. OCU Campus network refers to the interconnected local and wide area networks maintained and managed by the OCU IT Department.

3. Approval process

1. Approved OCU employees and authorized third parties (vendor support, etc.) may utilize the VPN. Employees requesting VPN access should discuss the need to work from home with their supervisor. Students and student employees are NOT eligible.
2. Access will be granted only after the vice president who oversees the user or user group (i.e., employees, contractors, consultants, and vendors) concerned,has granted their approval by signing and submitting this policy to the AVP for IT.
3. The user must have read, understood, and signed this policy.
4. VPN accounts will be created within 2 business days. If the request is urgent please indicate this and the request can be expedited.

4. Responsibilities

1. The VPN client software will only be installed on OCU owned computers.
2. This policy relates to connecting to the OCU network via the VPN. It does not imply that OCU will reimburse the cost of obtaining a connection to the Internet. It is however, important to note that VPN services work best over broadband connections (cable modem or DSL). Use of dial-up Internet service is not recommended for regular VPN activity.
3. Accessing the OCU VPN requires authentication. Authentication credentials will be provided only after approval has been provided by the appropriate vice president. For OCU employees their VPN username will match their OCU email/network username. For non-OCU employees the ID will be assigned by the IT Department. The password must comply with the OCU Password Policy. Sharing authentication credentials is not permitted.
4. It is the responsibility of the employee or company who has been granted VPN access to ensure that unauthorized users are not allowed access to OCU campus networks. For example, others within an employee’s household should not be allowed to connect to the OCU network via VPN unless those individuals have also been granted permission and connect using their assigned user credentials.
5. Confidentiality: It is important to remember that whether one connects to the OCU network from on campus or remotely all privacy and confidentiality policies remain in effect. For this reason it is important to avoid storing any sensitive data (i.e., student records or information related to any OCU constituent) on your computer’s hard drive, USB drives, or any other portable media. Sensitive data should be stored on OCU servers in order to prevent unauthorized accessto sensitive data should a computer, UBS drive, or other technology be lost or stolen.

5. VPN restrictions

1. OCU VPN services are to be used solely for OCU business and/or academic support purposes. All users are subject to auditing of VPN usage.
2. When actively connected to the OCU campus network, the VPN may force all traffic to and from the remote node through the VPN connection.
3. OCU campus network access for non-OCU personnel will be limited to the resources to which they need access. Open access for these accounts will not be permitted. Additionally, VPN connections made to OCU must contain access restrictions at the remote termination point of the tunnel that prevent unauthorized access to the OCU network. Connections should not be accessible by unauthorized users or the Internet.
4. User created VPN access points will not be permitted on the campus network.

7. Enforcement
This policy regulates the use of all VPN services to and from the OCU campus network. To maintain security, VPN services will be terminated immediately if any suspicious activity is found. Service may also be disabled until the issue has been identified and resolved. Any OCU employee found to have intentionally violated this policy might be subject to disciplinary action. Non-OCU employees and vendors are directly responsible for damage as a direct result of policy violation. Intentional and non-intentional violation will result in termination of VPN service.

I have read, understood, and agree to abide bythe above Virtual Private Network Policy.

User Signature: ______Date: ______

Please indicate a timeframe in terms of when access should be allowed. If access is being granted for an indeterminate length of time please leave the termination date blank.

Desired beginning date: ______Access Termination date: ______

Please sign in order to grant approval:

Immediate Manager: ______Date: ______

Vice President: ______Date: ______