1. Purpose
This policy establishes secure remote access requirements to ensure the confidentiality, integrity, and availability of Speak AI Inc.'s network and systems. It defines controls for Virtual Private Network (VPN) use, encryption, multi-factor authentication (MFA), and monitoring.
2. Scope
This policy applies to all employees, contractors, and third parties who require remote access to Speak AI Inc.'s internal systems, applications, and data.
3. Secure Remote Access Requirements
3.1 VPN Usage
Remote access to Speak AI Inc. systems must be conducted through an approved VPN.
VPN connections must use strong encryption protocols (e.g., AES-256, TLS 1.2 or higher).
Split tunneling must be disabled to prevent unauthorized traffic flow.
3.2 Authentication & Authorization
Multi-Factor Authentication (MFA) is mandatory for all remote access users.
Unique credentials must be issued to each authorized user.
Access must be granted based on the principle of least privilege (PoLP).
Remote access accounts must be reviewed periodically and disabled if inactive.
3.3 Device Security Requirements
Only company-approved and secured devices may be used for remote access.
Endpoints must have up-to-date antivirus software and security patches.
Personal devices are prohibited unless explicitly authorized and secured.
3.4 Encryption & Data Protection
All remote sessions must be encrypted using industry-standard protocols.
Sensitive data must not be stored on local devices without encryption.
File transfers between remote devices and internal networks must be logged and monitored.
3.5 Monitoring & Logging
All remote access activity must be logged and monitored for suspicious behavior.
Automated alerts must be enabled for unauthorized access attempts.
Regular audits must be conducted to ensure compliance with this policy.
3.6 Access Revocation
Remote access privileges must be revoked immediately upon termination or role change.
Temporary remote access must be approved with an expiration date.
4. Compliance & Enforcement
Any violations of this policy may result in disciplinary action, including termination.
IT security teams must conduct regular security assessments to enforce compliance.
Users must acknowledge this policy before receiving remote access privileges.
5. References & Supporting Documents
Speak AI Network Security Policy: https://help.speakai.co/en/articles/9363486-network-security-policy
Speak AI Access Management Policy: https://help.speakai.co/en/articles/9363448-access-management-policy
Speak AI Encryption Policy: https://help.speakai.co/en/articles/9367850-encryption-policy
Speak AI Vulnerability Management Policy: https://help.speakai.co/en/articles/9369290-vulnerability-management-policy
6. Contact Information
For questions or concerns regarding remote network access, please contact [email protected].
This policy is subject to periodic review and updates to align with evolving security best practices and industry regulations.