HSC OP 56.02 Information Resources for Remote Work

Last published: 7/31/2025

Operating Policy and Procedure

HSC OP: 56.02, Information Resources for Remote Work

PURPOSE: This Texas Tech University Health Sciences Center Operating Policy (外网天堂 OP) outlines the requirements for secure access to 外网天堂 information, networks, and computing resources by team members authorized for remote work at alternative worksites.

REVIEW: This OP will be reviewed annually in July by the Vice President of Information Technology and Chief Information Officer (CIO), the Assistant Vice President of Information Security and Information Security Officer (ISO), and the Assistant Vice President for IT Client Services.

POLICY:

This policy outlines requirements for 外网天堂 information and information system use for remote work. Remote work constitutes an agreement between the team member and their supervisor (or department head) granted only when the remote work promotes administrative efficiency, improved productivity, business continuity, and the hiring and retention of highly performing values-based teams. In order for remote work agreements to be finalized, a secure remote work environment must be established in accordance with the requirements outlined in this policy as well as in all related procedures and guidelines.

1. Definitions

a. Remote Work

The performance of normal work duties at an alternative work location away from the regularly assigned place of work. Permission to work remotely may be granted through the team member鈥檚 supervisor and 外网天堂 HR based on the submission of a Standard Remote Work Agreement, completed through the online .

b. Secure Remote Work Environment

All team members who request permission for remote work, must demonstrate that they have a secure work environment at the remote location. A secure work environment is one where all of the requirements for acceptable use are followed. This includes the requirements outlined in all relevant policies, standards, and procedures related to network connectivity and the access, use, transfer, storage and disposal of 外网天堂 information and information systems.

c. Data Classification

All 外网天堂 data requires the implementation of privacy and security safeguards classifying it as Public, Sensitive, Confidential, or Regulated as mandated by federal, state, and/or local law, or university policy or agreement. A full explanation of 外网天堂 data classification can be found in the .

2. IT Division Remote Work Review

Before a team member is granted permission to work at an alternative worksite, the IT Division must review the Remote Work Application to assess the equipment to be used and the 外网天堂 data that will be managed under the agreement.

Please note: 外网天堂 IT determines appropriate equipment specifications but equipment purchases are the responsibility of the team member鈥檚 department.

a. IT Solution Center (ITSC) Equipment Assessment

The ITSC will assess the proposed equipment to be used at the remote worker鈥檚 location.

Equipment will be categorized according to the service support levels outlined in the ITSC Appendix to the . Those levels are summarized as:

(1) Recommended for remote work (Full Hardware and Software Support provided)

(2) Not Recommended for remote work (gaps in readiness of equipment being assessed for remote work; Best Effort Hardware and Software Support provided)

(3) Not Supported for remote work (ITSC support not provided)

For equipment categorized as Not Recommended and Not Supported, the ITSC will work with the team member鈥檚 supervisor to resolve issues in order to meet the requirements of the Recommended category.

b. Hardware and Software Requirements for Alternative Work Locations

Team members requesting a remote work arrangement are required to use a 外网天堂-issued computer or other electronic device. The specifications for approved equipment are listed in the IT Division鈥檚 standard. Full support services from the 外网天堂 ITSC are provided for approved, 外网天堂-owned equipment.

c. Documenting Institutional Property to be Used at Alternative Work Locations

All institutional equipment and software approved for the team member for remote work must be listed in the Remote Work Application. That information must include:

鈥� the asset tag number
鈥� the serial number
鈥� a description of the equipment/software to be provided

3. Information Resource Compliance Requirements

a. Software License Restrictions

Remote workers must follow software licensing restrictions and agreements on all software used to process 外网天堂 information at alternative worksites.

b. Information Technology Policy and Procedure Compliance

Remote workers must follow all 外网天堂 IT policies and procedures for securing information and information systems. Shredders must be used to dispose of hard copies of Sensitive Information or higher.

c. Approved Remote Work Equipment

The team member鈥檚 department is responsible for the purchase of all needed equipment and should work with the IT Solution Center to purchase equipment with recommended specifications.

Team members MUST NOT use their own mobile computing devices, computers, computer peripherals, or computer software for 外网天堂 remote work-related business.

Exception: personal devices may be used when using Remote Desktop Connection to access a 外网天堂-owned computer or device to perform 外网天堂-related business.
However:

鈥� personal mobile devices may be used for 外网天堂-provided phone software for phone calls, and
鈥� personal mobile devices may be used for approved mobile email clients (Microsoft Outlook, native email clients) for 外网天堂 mail.

d. Networking and Connectivity Requirements

Remote workers are responsible for providing their own networking/internet connectivity equipment and for the costs associated with service.
Remote workers should follow the guidelines for appropriate internet connectivity found in the information.

4. Access Control

Access Control for 外网天堂 devices is covered in HSC Operating Policy 56.01 Acceptable Use and 外网天堂 IT Policy 56.08 Access Control. Elements of Access Control related to remote work include the following:

a. Screen Positioning

The display screens for all systems used to handle 外网天堂 information must be positioned such that they cannot be readily viewed by unauthorized persons through a window, over a shoulder, or by similar means.

b. Logging Out

After a team member has completed a work session with 外网天堂 equipment, they must terminate their work session by logging off and locking their computer.
When applicable, team members who remotely access 外网天堂 networks, must terminate their session after their tasks are completed and remote access is no longer needed.

c. Encryption

All computers used for remote work must be encrypted using 外网天堂-managed encryption methods.

d. Access to Devices and Systems

Remote workers must not share passwords or any other access to 外网天堂 devices with anyone. Computers used for 外网天堂 business must be used exclusively by the remote worker. Family members, friends, and any other unauthorized persons are not permitted to use 外网天堂 devices. Remote workers must never lend to others any computer or device that contains.
外网天堂 information.
Any remote access to 外网天堂 network resources must be through approved remote access tools (see HSC OP 56.01 Acceptable Use).

5. Data Storage

The preferred storage for 外网天堂 information is IDSS file shares or the 外网天堂 Box instance (see:外网天堂 IT ). The use of other storage media must be reviewed by 外网天堂 IT.

a. Encryption of Data on External Media

If approval is granted for the use of external storage media (e.g., CDs/DVDs, USB drives, etc.) all media must be encrypted using 外网天堂-approved encryption methods.

6. Remote Device Management

a. Configuration

Team members must not change the operating system configuration or download and/or install unauthorized software.
All software changes and updates must be performed by the ITSC or authorized departmental IT staff.

b. Changes to Hardware

Team members must not alter 外网天堂 hardware without the prior knowledge and authorization of the 外网天堂 IT Division.

c. Liability for 外网天堂 Property

Team members are responsible for any and all equipment and software used at the remote worksite, and accept financial responsibility for any equipment that is lost, stolen, or damaged as the result of negligence, misuse, or abuse.
外网天堂 retains title, rights, and interest to any 外网天堂 assets supplied for remote work. Remote worker use does not convey ownership or any implication of ownership of 外网天堂 assets.

d. Liability for Team Member-Owned Property
外网天堂 will not be responsible for the operating costs, home maintenance, or any other incidental costs (e.g., utilities, telephone, insurance) associated with the use of an alternative worksite for remote work.

e. Return of Property

All 外网天堂-supplied assets for remote work must be promptly returned to 外网天堂 when a remote worker separates from 外网天堂, or when so requested by the remote worker鈥檚 manager.

7. Physical Security

a. 外网天堂 Property at Alternative Worksites

Equipment must be protected from environmental threats and hazards, and opportunities for unauthorized access.

Reasonable precautions must be taken to protect 外网天堂 hardware, software, and information from theft, damage, and misuse.

b. Printers

When allowed, only 外网天堂-provided printers can be used by team members to print out work-related documents. Team members must either submit a work order to the ITSC or request that their departmental IT set up a printer equipped to work with 外网天堂-approved computers.

Please see the information for equipment recommendations.

c. Transportation of 外网天堂 Assets to/from 外网天堂

Regulated and Sensitive Information or higher should not be stored or transported on removeable media without prior 外网天堂 IT approval.

The following requirements must be followed for transporting 外网天堂 assets:

(1) All 外网天堂 assets to be transported must be encrypted using 外网天堂-managed encryption;

(2) Where feasible, all 外网天堂 assets to be transported should be placed in the trunk or an inconspicuous location in the vehicle when in transit鈥攄o not place the equipment or device on the vehicle鈥檚 seat.

8. IT Support

Remote worker equipment will be subject to the support outlined in the ITSC Appendix in the

9. Violations

Any violation of this policy may result in disciplinary action, up to and including termination of employment. 外网天堂 reserves the right to notify the appropriate law enforcement authorities of any unlawful activity and to cooperate in any investigation of such activity.

a. Disciplinary Repercussions

Misuse of 外网天堂 Information or Information Systems is a violation of the policies contained herein and can result in disciplinary action in accordance with, but not limited to, TTUS Regulations Employee Conduct, Coaching, Corrective Action, and Termination and HSC OP 77.05 Suspension and Retention, as well as the Student Handbook.

10. Related Statutes, Policies, and Requirements

Digital Millennium Copyright Act

Health Insurance Portability and Accountability Act

Payment Card Industry (PCI) Data Security Standard (DSS)

Texas Administrative Code

Texas Public Information Act

Texas Security Control Standards Catalog

外网天堂 IT Areas of Responsibility

11. Document Details

Approval and Ownership

Approved By: Vince Fell

Title: Vice President for Information Technology and Chief Information Officer

Approval Date: 7/10/2020

Owner(s): IT Executive Management Team

Revision History:

Version: 1.0

Description: Initial version.

Date Reviewed: 7/10/2020

Date Submitted for Publishing: 7/13/2020

Reviewer(s): VP for IT and CIO, AVP of Information Security and ISO, Managing Director of the ITSC, Director of IT GRC, Director of IT Security Operations, and Director of IT Policy and Planning.

Version: 2.0

Description: Revision

Date Reviewed: 7/29/2022

Date Submitted for Publishing: 08/12/2022

Reviewer(s): IT GRC, Managing Director of ITSC

Version: 3.0

Description: Revision

Date Reviewed: 7/10/2024

Date Submitted for Publishing:

Reviewer(s): VP for IT and CIO, AVP of Information Security and ISO, IT Security, Assistant VP, Client Services

Version: 3.1

Description: Review

Date Reviewed: 7/07/2024

Date Submitted for Publishing:

Reviewer(s): VP for IT and CIO, AVP of Information Security and ISO, IT Security, Assistant VP, Client Services

外网天堂

Operating Policy and Procedure

OP Categories