Telecommuting Guidelines

We all have a shared responsibility to protect the confidentiality, integrity and availability of Cal Poly information assets. The following guidelines are intended to provide you with the tools and information to protect yourself, your computer, and help prevent the unauthorized access or use of University information while working remotely.

Before Telecommuting

Work with your technical support team to ensure the following settings are in place prior to remote work:

1. Telecommuting should only be done on a state-owned computer, which has many of these guidelines for telecommuting already in place.
2. Cal Poly-provided antivirus, Sophos Central Endpoint Protection, should be installed and the operating system firewall enabled. Refer to our Antivirus Download page for details.
3. Ensure only required software for official duties installed on the computer.
4. Enable automatic updates for the operating system and installed software.
   1. Overseas telecommuters should disable automatic updates while traveling and enable them upon return. See our Travel Tips for details.
5. Full-disk encryption enabled, either with Windows’ BitLocker or the Mac’s FileVault.
6. Cal Poly’s VPN software must be installed. See our VPN link for details.
7. Enable a timed screensaver or screen lock that asks for your password to login again.
8. The state-owned computer should be bound to Cal Poly’s Active Directory, which enables login with Cal Poly Portal credentials.
9. Ensure all local computer accounts have passwords compliant with Cal Poly’s password requirements.
10. Guest accounts should be disabled.
11. User administrator rights should be disabled.

While Telecommuting

While telecommuting, be aware of the following best security practices:

1. State-owned computers should only be used for official duties.
2. Access to Cal Poly resources should be accessed through Cal Poly’s VPN. Some on-campus services require access through the VPN. See our VPN link for details.
3. The state-owned computer should be logged off or turned off when not in use for extended period of time. When stepping away from your computer, the computer should also be locked.
4. Ensure you’re connected to wireless networks you trust.
5. Level 1 and Level 2 data may not be stored locally on any device. Refer to our Information Classification Standard for details.
6. The state-owned computer should be updated with security updates to the operating system and installed applications, such as Firefox, Chrome, or Acrobat, during the telecommute.
   1. Do not update software while telecommuting overseas. See our Travel Tips for details.
7. Shared logon or access to the state-owned computer is not allowed.