Enhance an Existing IT Security Policy Framework

The purpose of this policy is to define standards for connecting to Richman Investments network from any host. These standards have been designed to minimize the potential exposure to Richman Investments from damages which may result from unauthorized use of Richman Investments resources. Damages include intellectual property, the loss of sensitive or company confidential data, damage to critical Richman Investments internal systems, damage to public image, etc. Scope this policy applies to all Richman Investments employees, contractors, vendors and agents with a Richman Investments-owned or personally-owned computer or workstation used to connect to the Richman Investments network. This policy applies to remote access connections used to do work on behalf of Richman Investments, including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to: frame relay, DSL, ISDN, SSH, VPN, dial-in modems, and cable modems, etc. It is the responsibility of Remote Users to make sure that reasonable measures have been taken to secure the Remote Host used to access Richman IT Resources.

This standard applies to all Remote Users of Richman IT Resources including staff, outside contractors, vendors, and other agents. Remote Access Security Standards All Remote Users must follow the security requirements set forth in this standard for any Remote Host accessing IT Resources prior to such access, as well as any guidelines, procedures, or other requirements issued by their departmental IT units and the owners of the IT Resource which are to be remotely accessed. Remote User responsibilities are described below: Remote User Requirements: Remote Users must make sure that their Remote Hosts used to access Richman IT Resources meet all security expectations specified in the End User Guidelines Security prior to accessing any Richman IT Resource. It is the responsibility of Remote Users to take reasonable precautions to make sure that their remote Access connections are secured from interception, spying, or misuse.

All Remote Users are responsible for following applicable Richman policy, including the Richman Data Handling Requirements, when handling any Richman data remotely accessed within the course of the Remote Users job function at Richman. All Remote Users are likely to only remotely access data in agreement with Richman IT policies. Do not save or store Richman sensitive or restricted data on the Remote Host used to access Richman IT Resources. Where applicable, all Remote Users are also responsible for following any guidelines issued by the HIPAA Privacy Compliance Office for remote access to Protected Health Information accessed within the course of the Remote Users job function at Richman.