Remote Access Policy

RELATED COLLEGE POLICIES 

Acceptable Use of Information Technology Resources Policy, Electronic Mail Policy, Password Policy, Privacy Policy 

POLICY CATEGORY 

Information Technology Services (ITS) 

APPROVAL AUTHORITY 

President’s Leadership Team 

POLICY OWNER 

Vice President, Information Technology Services and Chief Data Officer 

POLICY STAKEHOLDER 

Data and Technology Council 

CONFIDENTIAL LEVEL Public, Internal, Confidential:  Public 

APPROVAL DATE 

9/2019 

EFFECTIVE DATE 

9/2019 

REVIEW FREQUENCY 

Annual 

PURPOSE/SCOPE  

The purpose of this policy is to define the process and requirements for remote, direct, and secure connections to any system on the Bristol Community College (“Bristol” or “college”) network. These requirements are designed to minimize potential damages to the Bristol network, which may result from such remote access and/or unauthorized use of college resources. Damages include, but are not limited to, the breach of confidential, sensitive, or organizational information and intellectual property, damage to public image, damage to critical internal systems, the compromise of system functionality or the corruption of information integrity. This policy must be read in conjunction with the Acceptable Use of Information Technology Resources Policy 

This policy applies to all Bristol Community College employees, students, contractors, and third parties (“users”) who may access Bristol applications, systems or hardware remotely through a direct connection. The following persons (“users”) are authorized to use Bristol information technology resources: (1) current faculty; (2) current staff; (3) current students; (4) authorized contractors or vendors; and (5) authorized visitors. This policy does not apply to external facing systems designed to be used online via the internet. External facing systems are systems provided for employees and students to access email, files, or course materials. The applicable College policy/policies shall apply to external facing systems. 

POLICY STATEMENT 

All remote access to Bristol applications, systems, and hardware shall be authorized and approved in advance, and any access not explicitly authorized and approved is prohibited. Remote direct access to specific applications, systems, components, and technology infrastructure shall only be granted to users with a legitimate business or academic need for such access.  

The level of access granted and privileges assigned shall be limited to the minimum required to perform assigned duties. Employees and third parties authorized to utilize remote connections shall ensure that unauthorized users are not allowed access to the Bristol internal network utilizing these connections. All individuals and machines, while accessing the network, including college-owned and personal equipment, are an extension of Bristol network.  

All devices, including personally owned computers that are directly connected to the network via remote access technologies, must use current anti-virus software and patches. Security patches for installed operating systems, web browsers, and common applications shall be applied. A firewall must be enabled on each applicable device. 

Remote access services may be used only to conduct college-related work. Personal, private, or commercial use of any service available remotely is not permitted. Users agree to protect Bristol information assets from unauthorized access, viewing, disclosure, alteration, loss, damage, or destruction. Remote access to data or services may not be used to copy private or personal information such as that residing on a privately-owned computer, to college file shares or other college-owned information systems. Remote access to data or services may not be used to store college information on a personal system, file share or other non-college owned system without prior approval from Information Technology Services.  

 ENFORCEMENT 

Any employee found to have violated this policy, intentionally or unintentionally, may be subject to disciplinary action, up to and including loss of access rights, or termination of employment.  

 Any student found to have violated this policy, intentionally or unintentionally, may be subject to disciplinary action, up to and including expulsion from the college.  

Any contractor or third party found to have violated this policy, intentionally or unintentionally, may be subject to legal action.  

ROLES AND RESPONSIBILITIES 

 This section provides details on the college personnel who will take part in the development, approval, and to whom the policy applies.  

ROLE 

RESPONSIBILITY 

Information Technology Services 
  • Ensure awareness and compliance with this policy; 
  • Review this policy periodically and update as needed in response to environmental and/or operational changes; 
  • Ensure that this policy and all component policies and procedures are maintained and implemented; 
  • Determine which employees need remote access to their resources; 
  • Ensure that individuals assigned to remotely access their applications are authorized and assigned duties require access capabilities;  
  • Ensure that the IT infrastructure is protected against unauthorized remote access.  

All Users 
  • Understand and adhere to this policy;  
  • Safeguard user IDs and passwords; 
  • Immediately report suspected violations of this policy to manager or Information Technology Services. 

RELEVANT REGULATIONS 

This section provides a crosswalk for this policy to the applicable best practice security frameworks, both within Massachusetts and at the national level.  

Framework 

CIS Critical Security Controls v6.1 

Regulations and Requirements 

PCI DSS - MA 201 

Supporting 

Standards and Procedures 
  • CSC  5 - Controlled Use of Administrative Privileges 
  • CSC 14 - Controlled Access Based on Need to Know 
  • CSC 16 - Account Monitoring and Control 

 
  • PCI Requirement 2 - Do not use vendor-supplied defaults for system passwords and other security parameters 
  • PCI Requirement 8 - Identify and authenticate access to system components. 
  • PCI Requirement 12 - Maintain a policy that addresses information security for all personnel. 
  • MA 201 CMR 17:00 - Section 17.04 
  • COBIT 5 DSS05 - Manage Security Services 
  • COBIT 4.1 - DS5.3 Identity Management  
  • DS5.4 User Account Management 
  • NIST Core Framework - PR.MA-2, PR.PT-3, PR-AC-3, PR-AC-4, PR.AT-2 

REVISION HISTORY 

This section contains information on the approval and revision history for this policy. 

Version Number 

Issued Date 

Approval 

Description of Changes 

1.0 

3/2016 

Massachusetts CIO Council 

Development and adoption of collaborative and standardized IT policies 

1.0 

7/2016 

Massachusetts Community College Counsel’s Office 

Recommendation on contents provided by college counsel 

1.0 

12/2016 

Standardized Control Framework 

Mapping of Controls from COBIT to CIS Critical Security Controls v6.1 

1.0 

9/2019 

President’s Leadership Team 

Policy adoption 
POLICY CONTACT 

Name:Jo-Ann Pelletier 

Title:Vice President, Information Technology Services and Chief Data Officer 

Email:jo-ann.pelletier@bristolcc.edu 

Phone:774.357.2412 

In this section
Contact Details

Information Technology Services
777 Elsbree St
Fall River, MA
02720
Phone: 774.357.3333
Location: A209
Find a Course

Select your desired term, location and subject to begin your search.


Non-credit courses Wintersession courses

Upcoming Events

  • Thu, 9 Apr 2020 04:00:00 GMT

    New Bedford Department of Transitional Assistance (4/9/2020)

    Start Date: 4/9/2020
    End Date: 4/9/2020
    Information Sessions are hosted by our Admissions staff and provide an overview of the College and our many degree and certificate programs as well as an opportunity to learn more about the admissions process and the many opportunities we offer students. We encourage you to bring your questions!
  • Fri, 10 Apr 2020 04:00:00 GMT

    New Bedford Career Center (4/10/2020)

    Start Date: 4/10/2020
    End Date: 4/10/2020
    A representative from Bristol's Admissions Office will meet with Mass Hire customers to provide information regarding Bristol’s programs and services as well as facilitate the admissions process. Students may be referred to the Academic Advisor responsible for coordinating college enrollment with dislocated worker benefits (i.e. Section 30, Federal Trade programs, etc.). For information regarding benefit program eligibility or to schedule an appointment with a Bristol Admissions Counselor, please contact the New Bedford Mass Hire center.
  • Fri, 10 Apr 2020 13:30:00 GMT

    PLACEMENT TESTING-Fall River-Friday, April 10, 2020-9:30am-Building G, 2nd Floor, Room 218-15642 (Cancelled) (4/10/2020)

    Start Date: 4/10/2020 Start Time: 9:30 AM
    End Date: 4/10/2020 End Time: 11:30 AM

    Fall River Campus - G - Commonwealth College Center
    Room: G218

    All students enrolled in a degree or certificate program are required to take college placement tests in order to ensure appropriate placement in classes. The results of the assessment, in conjunction with academic background information, are used by college academic advisors to assist you with course selection. Testing at Bristol is free and students are allowed one re-test. Students can expect to finish the exam in 1.5 to 2 hours. Students may be exempt from testing by using SAT, ACT, CLEP or AP scores. Email us for further information.
More Events

Non-Discrimination Policy
Bristol Community College is committed to a policy of affirmative action and non-discrimination. Contact diversitytitleix@bristolcc.edu.

Location:
Bristol Community College

Attleboro Campus, 11 Field Road, Attleboro, MA 02703

Fall River Campus, 777 Elsbree Street, Fall River, MA 02720

New Bedford Campus, 800 Purchase Street, New Bedford, MA 02740

Taunton Center, 2 Galleria Mall Drive, Taunton, MA 02780
Find us on:
Call us on: 774.357.2811774.357.2811

© Copyright Bristol Community College. All rights reserved

Contact Us Public Records Request