Cyber Security Policy Manual

R EMOTE A CCESS P OLICY

P URPOSE The purpose of this policy is to define rules and requirements for connecting to the City of Greensboro's network from any host. These rules and requirements are designed to minimize the potential exposure to the City of Greensboro from damages which may result from unauthorized use of City of Greensboro resources. Damages include the loss of sensitive or City of Greensboro confidential data, intellectual property, damage to public image, damage to critical City of Greensboro internal systems, and fines or other financial liabilities incurred as a result of those losses. This is not a substitute policy for telecommuting employees. There is a separate Telecommuting Policy (Policy B-17 in the online Personnel Policy Manual) for those employees who telecommute on a regularly scheduled basis. S COPE This policy applies to all City of Greensboro employees, including full-time staff, part-time staff, contractors, consultants, vendors, trainers, temporary staff and the like who utilize City-owned computers to remotely access the organization’s data and networks. Employment at the City of Greensboro does not automatically guarantee the granting of remote access privileges. The City reserves the right to inspect the home workspace during work hours to ensure required conditions are met. The inspection will be conducted by a member of the Human Resources Department in th e Health & Safety Division who should be accompanied by the employee’s department Human Resources Representative (HR Rep) and the employee’s supervisor or manager. Any non-exempt employee working overtime (i.e. checking email/voice mail messages) without prior approval from the supervisor may be denied further remote access privileges and be subject to corrective action up to and including dismissal. Any overtime worked after general scheduled hours will be compensated as required by FLSA. Any and all work performed for the City of Greensboro on said computers by any and all employees, through a remote access connection of any kind, is covered by this policy. Work can include (but is not limited to) e-mail correspondence, Web browsing, utilizing intranet resources, and any other City applications used over the Internet. Remote access is defined as any connection to the City of Greensboro’s network and/or other applications from off - site locations, such as the employee’s home, a hotel room, airports, cafés, satellite office, wireless devices, etc.

Non-City Owned Computers include employee owned laptops and home computers. Non-City owned computers can present risks to the City’s systems and applications. For example, Malware

Cyber Security Policy Manual

22