Standard for Teleworking and Remote Work

I. Purpose

The purpose of this standard is to establish the university’s obligation to ensure security measures are implemented to protect information accessed, processed or stored at teleworking and remote sites.

II. Scope

It is the joint responsibility of the employee and departmental supervisor approving the teleworking/remote work agreement to ensure that measures are in place to protect information which may be accessed, processed or stored while conducting university business at an off-site location. This standard applies to all employees working remotely including those participating in flexible work and telework arrangements.

III. Contacts

Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at ISCompliance-group@charlotte.edu.

IV. Standard

When employees and departments are considering remote work arrangements or teleworking options, they should follow these security standards:

• Only university owned and OneIT-managed computer equipment should be used, not personally owned devices. Computer equipment must be configured according to the Guideline for Security of Endpoints.
• The employee’s home wireless network should be secured with a password.
• Ensure that unauthorized individuals (e.g., family members, friends) do not use the computer.
• University information should be stored only on approved cloud storage or university network drives as outlined in the Guideline for Data Handling.
• Connect via the university’s VPN solution when accessing Level 2 or Level 3 university information and systems.

EXCEPTIONS: In order to use a non-university owned or an unmanaged computer, a Telework/Remote Work exception request must be submitted to the Office of OneIT for authorization.

Related Resources

• University Policy 311 Information Security
• University Policy 101.22 Flexible Work and Telework Arrangements for SHRA and EHRA Non-Faculty Employees
• Guideline for Data Handling
• Guideline for Security of Endpoints
• Guideline for Remote Access
• ISO/IEC 27002

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by Information Assurance Committee 6/08/15
Updated and approved by Information Assurance Committee 8/05/21