Question HLAP-03

Do you have a documented and currently implemented strategy for securing employee workstations when they work remotely (i.e., not in a trusted computing environment)?

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Briefly summarize your response.

Answering "YES"

Provide supporting documentation of your strategy.

Reason for Question

Telecommuting in the IT world is the norm and an institution should know that proper safeguards are in place when remote access is allowed. Vendor responses vary greatly, so confirm the context of the response if it is not clear. Many cloud services can only be managed remotely, so there is often a gray area to interpret for this response. In the context of the CIA triad, this question is focused on confidentiality. Printed documents, mobile device use, and remote access are all relevant to this question. A vendor's response to this question will provide insight into their overall business process. Vendor business activity that poses additional security risks should be met with increased concern.

Follow-Up Inquiries

Request additional documentation that outlines the security controls implemented to safeguard your institutional data.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]