Remote Access Policy

Purpose 

The purpose of the Southwestern Oklahoma State University (SWOSU) Remote Access Policy is to establish a framework that ensures the secure, efficient, and authorized utilization of remote access to SWOSU's information technology (IT) resources. This policy aims to protect the confidentiality, integrity, and availability of university data and IT systems while promoting a collaborative and technologically advanced academic and business environment. 

 

Scope 

This policy applies to all individuals who access SWOSU IT resources remotely, including but not limited to faculty, staff, contractors, and any other individuals granted access privileges. The policy encompasses all methods of remote access, including virtual private networks (VPNs), remote desktops, and similar technologies that facilitate off-campus connectivity to University IT resources. 

 

Statement 

SWOSU recognizes the importance of responsible and efficient remote access methods in fostering a collaborative and technologically advanced academic and business environment.  

 

Policy 

1. Authorized Remote Access Methods 

Users seeking remote access must adhere to the following guidelines: 

- Remote access is permitted solely for approved business or academic support purposes. 

- All remote desktop access, VPN, or similar methods must be approved by both department managers and SWOSU ITS. Access must be facilitated through the IT Help Desk. 

- Multi-factor authentication must be used for remote desktop access and VPN access. 

- University-approved software for remote access, such as LogMeIn, may be required for specific use cases and will be provided and supported by the IT Help Desk. 

2. Request and Approval Process 

- Users are prohibited from self-approving remote access software.  

- All requests for remote access must be submitted through the SWOSU Support Portal or the IT Help Desk. 

- All remote access requests must be approved by the requestors department manager and the SWOSU ITS department. 

3. Software Installation and Authorization 

- Installing non-University remote access software on SWOSU IT resources is strictly prohibited unless explicitly provided or approved by the SWOSU Information Technology Services Department. 

- The SWOSU ITS department may remove any unauthorized remote access software from University IT resources, with exceptions requiring explicit approval. 

4. Audit and Logging 

- All remote access activities are subject to regular audits in accordance with the Logging Standards Policy to ensure compliance and security. 

5. Password and Authentication Policies 

- Users must adhere to the password and authentication policies outlined in the Password Management Policy and the Acceptable Use Policy. 

6. Network Interface Guidelines 

- SWOSU IT resources must not have multiple interfaces concurrently active to enhance network security. 

7. Duration and Revocation of Access 

- Remote access will only be granted for the duration necessary to fulfill approved business or academic support requirements. Access should be promptly revoked when no longer needed. 

8. Security Guidelines for Remote Access 

- Users must follow the Clean Desk and Clear Screen Guidelines when using remote access to ensure the security of sensitive information. 

9. Policy Violation Consequences 

- Violations of this policy may result in disciplinary actions based off associated handbooks. Violations may result in the suspension or removal of remote access privileges, and, in severe cases, legal action. 

10. Review and Updates 

- This policy will undergo periodic reviews, and updates will be made as necessary to align with evolving security best practices and University requirements. 

 

Enforcement 

Individuals who violate this policy may be subject to disciplinary action based on associated handbooks. When appropriate, SWOSU may restrict or suspend a violator’s access to SWOSU resources pending further investigation of a possible violation of this policy. Individuals who violate security policies, standards, or security procedures are subject to disciplinary action up to and including dismissal but may also include criminal or civil legal actions. 

 

Incident Reporting  

Violations of this policy should be reported to the SWOSU ITS Helpdesk via phone at (580) 774-7070 or via email at helpdesk@swosu.edu.  

 

Policy Review 

ITS Operations Administrator will be responsible for reviewing and updating this policy at least annually. 

 

Revision & Approval History 

Date of Change	Version	Responsible	Summary of Change	Date Approved	Approved By
1/25/2023	1	ITS	Created as policy	6/26/2025	ECC