Virtual Private Network (VPN) Policy

Purpose
The purpose of this policy is to provide guidelines for Remote Access using a Virtual Private Network (VPN) connection to the College of Staten Island network.

Scope
This policy applies to all College of Staten Island employees, temporaries, consultants, and other workers including all personnel affiliated with third parties utilizing VPNs to access the College of Staten Island network.  Students are not allowed VPN access to the College of Staten Island network.

Policy
Approved College of Staten Island employees and authorized third parties (customers, vendors, etc.) may utilize the benefits of VPNs, which are a “user managed” service.  This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and all costs associated with network access from off-campus.

A VPN account will require annual re-authorization at the beginning of the Fall semester by the employee’s supervisor.  A VPN account holder’s access to the system will automatically expire if they no longer have an affiliation with the College

Additionally:

  • It is the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to the College of Staten Island’s internal networks
  • All computers connected to the College of Staten Island’s internal networks via VPN or any other technology must use the most up-to-date anti-virus software that is the corporate standard (www.cuny.edu); this includes personal computers
  • It is the responsibility of supervisors and department heads to:
    • Determine which of their office/department’s college business activities can and cannot be performed via the VPN from off-campus
    • Determine under what circumstances it is appropriate for an employee to use the VPN to conduct College business
    • Communicate the above to their employees
  • VPN users will be automatically disconnected from the College of Staten Island’s networks after thirty minutes if inactivity.  The user must then logon again to reconnect to the network.  Artificial network processes are not to be used to keep the connection open

Enforcement
This policy regulates the use of all VPN services to the College of Staten Island network and users must comply with the CUNY Acceptable Use of Computer Resources policy.  To maintain security, VPN services will be terminated immediately if any suspicious activity is found.  Service may also be disabled until the issue has been identified and resolved.  Any employee found to have violated this policy may be subject to disciplinary action.