Remote Access Policy
Office Responsible for this Policy: Library & Technology Services
Applies to: All Wellesley College employees, contractors and agents
1.0 Policy Statement
The Remote Access Policy defines standards for connecting to the Wellesley College network from any host.
2.0 Overview & Purpose
The College provides VPN (a Virtual Private Network) to connect to campus resources (keyed software, file storage, online apps, etc.) using College or personal devices from off-campus locations. VPN can be used on devices including desktops, laptops, tablets, and smartphones. Logging in to the VPN using your College account, creates an encrypted connection between your off-campus, Internet-connected device and the Wellesley campus network. As a result, your device will have very similar access to network resources as it would on campus.
The standards for VPN use outlined in this policy are designed to minimize the potential threat to Wellesley College information technology resources and thereby protect sensitive college data.
This policy applies to all Wellesley College employees, contractors and agents (hereafter referred to as “user”) with a Wellesley College-owned or personally-owned device used to connect to the Wellesley College network.
It is the responsibility of Wellesley College users to ensure that their remote access connection is given the same consideration as their on-site connection. For example, computers logged in via VPN should not be left unattended, or be used by unauthorized persons. It also their responsibility to protect their user credentials to prevent unauthorized users from accessing the Wellesley College network from other devices. Any user accessing Wellesley resources remotely bears responsibility for the consequences should the access be misused.
Remote access must be strictly controlled. Control will be enforced via domain password authentication. For information on creating a strong domain password see Wellesley College’s Password Guidelines.
To use VPN, a device must have an updated operating system, virus protection, and malware protection. For minimum configuration requirements, see the “Computing Resources for Remote Access”.
General responsibilities for the use of devices on Wellesley’s network (on-campus or remote) are included in the Wellesley College Acceptable Use Policy
At no time should any Wellesley College user provide their login or email password to anyone, including family members.
4.3 Additional Requirements for Accessing Secure Data Remotely
For users that wish to access our secure resources remotely via Secure SSL VPN, they will be required to complete a mandatory online data security training and sign a statement agreeing to safeguard the data as required in the Written Information Security Program (“WISP”). All Administrative staff are already required to take this training and sign the agreement, so they will be eligible for secure SSL-VPN access if they meet the computer requirements listed above.
4.4 Additional Requirement for Contract Workers
Any contract worker requesting remote access privileges to the Wellesley College network, systems and data contained therein must submit a signed copy of the System Access Agreement for Contract Workers before he or she will be granted access. In signing the agreement, the contract worker acknowledges that he or she has read and agrees to abide by this Remote Access Policy and the Wellesley College Acceptable Use Policy. If the contract worker will have access to secure data, he or she will be required to complete the online security awareness training as outlined in section 4.3 above.
Failure to abide by the responsibilities outlined in this policy will result in the user’s remote access capability being revoked until he or she produces proof that the problems have been remedied. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Any contractor that violates this policy will have access privileges revoked immediately and will be subject to fines that are at a minimum equivalent to any and all damages incurred by the College. He or she may additionally be subject to legal action.
6.0 Policies Cross-Referenced
7.0 Effective Date
This policy was last revised 10/25/19.