Vpn Policy

Virtual Private Network (VPN) Policy

Issue Date:3/24/03

Revision Date:

1. Policy Purpose

The purpose of this policy is to provide guidelines for Remote Access IPSec or PPTP/GRE (for AOL ISP users) Virtual Private Network (VPN) connections to the corporate network.

2. Policy Scope

This policy applies to all employees, contractors, consultants, temporaries, and other workers, including all personnel affiliated with third parties using VPNs to access the network. This policy applies to implementations of VPN directed through an IPSec Concentrator.

3. Policy Description

Approved employees and authorized third parties (customers, vendors, etc.) may use the benefits of VPNs, which are a "user managed" service. This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees.

User Responsibilities:

1) It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to internal networks.

a) Use of the remote client will be limited to employees only.

b) Company-owned