Metropolitan State VPN Policy

Internal Policy: VPN Access to Metro State Administrative Computing
Resources

I. Purpose

To create policies and guidelines for the Division of Information Technology  regarding VPN access to Metro State administrative computing services not
otherwise accessible to home users.

II. Scope

This policy applies to all remote access to Metro State Administrative computing resources maintained by the Division of Information Technology.

III. Policy Statements

The Metro State administrative computing resources contain a great deal of  private and confidential information regarding members of our College community.  The institution must take appropriate measures to safeguard this information.  Therefore, the Metro State administrative computing resources are not accessible off campus.  The Metro State administrative computing resources will be made available through an encrypted Virtual Private Network (VPN) service to authorized college employees who have a genuine business need to access these resources remotely.

  1. Access to Metro State administrative computing VPN services may be requested for any full time employee (staff, faculty or administrator) that can provide a
    business justification for VPN access.  VPN services will not be made available to student or part time employees.
  2. Support for VPN services will be provided on IT-approved college owned laptop computers with functioning whole drive encryption.
  3. VPN access will not be provided for any non-IT approved system without the written approval from both the Vice President of the requesting department and
    the Vice President for Information Technology.
  4. Employees who wish to use VPN services to access Metro State administrative computing services remotely may apply on-line for VPN access.  As a part of the
    application for VPN access, the applicant will be required to:
    1. Provide a business justification for their need to access Metro State administrative computing services remotely.
    2. Affirm that they will use the services in accordance with the College’s computing, security and privacy policies.
    3. Affirm that they have an IT-approved college owned laptop with functioning whole drive encryption.
    4. Affirm that they keep their computer up to date with all patches and other security updates for their computer’s operating system.
    5. Affirm that they run a name brand anti-virus scanner on their computer.
    6. Affirm that they have a firewall installed on their home network or that they have a personal firewall installed on their computer.
    7. Affirm that they will disconnect from the Metro State VPN service when using their computer for personal use (such as surfing the WEB or listening to NET radio, etc…).  VPN users should only perform MSCD related activities while connected to the Metro State VPN service.
    8. Affirm that they will disconnect from the Metro State VPN service when not using their computer or not accessing Metro State administrative resources.
    9. Affirm that they will not redistribute the VPN client software or share the VPN access key.

IV. Reporting Violations

Any suspected violations of these policies, or unauthorized access to computing resources, or any other condition which could compromise the security of Metro State computing resources must be reported to the Director of Information Security at 1-877-35AskIT (1-877-352-7548)

V. Remedies for Non-Compliance

Failure to comply with these policies may result in one or more of the following actions: a) suspension of access to the network for the individual, educational or administrative unit violating the policy, b) when appropriate, disciplinary action ranging from warning to termination and (for students) expulsion from the College, depending on circumstances, in accordance with applicable policies and procedures, c) when appropriate, initiation of civil or criminal proceedings.

VI. Authority

The College President grants authority to the Vice President of Information Technology to oversee compliance with this policy. Questions regarding this policy, or requests for variances from the policy, should be directed to the Interim Vice President of Information Technology at (303) 556-5321.

Approved: August 2004
Revised: June 2008