Approver(s):

Executive Council

Authorizes Release:

Vice President for Administration and Finance

Responsible Area:

Information Services

Review Cycle:

Annually or as required

Last Review:

June 2020

Related Policies and Additional References:

None

Summary

A Virtual Private Network (VPN) provides a secure encrypted network connection over the Internet between authorized St. Mary’s University users and the University internal network. VPN offers secure access for faculty and staff who need access to information technology systems that are not otherwise available from off-campus networks.

Purpose

The use of this service is intended to allow remote access into the campus network for the purpose of achieving the goals and mission of the University. When a system connects to the network by utilizing remote connection services (VPN), it becomes an extension of the campus and is subject to the same policies (where applicable) as any directly attached system.
This service is provided at no cost to authorized users only on University owned devices.

Scope

Virtual Private Network (VPN) is provided as a service by Information Services to authorized faculty, staff, contractors, consultants (hereafter notes as “users”) and authorized third party guests utilizing VPNs to access the St. Mary’s University campus network.

Policy

Approved St. Mary’s University users and authorized third parties may utilize the benefits of VPNs, which are a “user managed” service. This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees.

  • VPN accounts will only be provided to St. Mary’s University users upon approval of an official request.
  • VPN will only be used with University owned devices (no personal equipment)
  • It is the responsibility of the VPN user to ensure that unauthorized users are not given access to the University internal networks.
  • All computers connected to the University internal networks via VPN, must use the most up-to-date antivirus software and operating system patches. St. Mary’s University periodically scans computers connected to the University network to assure compliance with the above. Devices identified as a potential security threat may be blocked from the University network until further action is taken by the user.
  • VPN users will be automatically disconnected from the University network after thirty minutes of inactivity. The user must then logon again to reconnect to the network.
  • Approved VPN client software is available for Windows 7 and 8, 10, Mac OS X and IOS. Approved users are responsible for the installation of the VPN software on their devices.
  • Only one active VPN connection is allowed per user.
  • St. Mary’s University sponsored third parties such as software consultants or support personnel, must be sponsored by a department to gain VPN access. In addition, the third party must complete and sign the Confidential Information Agreement and comply with the Third Party Vendor Access Policy.
  • VPN Access will be reviewed annually.

Enforcement

Any user found to have violated the requirements of this policy may result in termination of the user’s VPN privileges.

Users may also be subject to sanctions, including the loss of computer or network access privileges, disciplinary action, suspension, termination of employment, dismissal from the University, and legal action.

Some violations may constitute criminal offenses under local, state, and federal laws. The University will carry out its responsibility to report such violations to the appropriate authorities.

Back to top