Loyola University Chicago

- Navigation -

Loyola University Chicago

Information Technology Services

Vendor VPN Access Procedure

Scope

This document describes the procedure to activate VPN access for vendors to Loyola networks and systems for maintenance and support.

 

Purpose

Vendors requiring remote access to Loyola’s intranet for configuration, maintenance, and emergency support are required to use the Loyola VPN service.  As outlined in PCI-DSS requirement 8.1.5, access is enabled only when needed and disabled when not in use.

 

Procedure

Enabling Access:

When the vendor requires access to a system on the Loyola environment through a scheduled window or to respond for emergency support, the Loyola primary system contact shall contact the Loyola ITS Helpdesk to have access enabled.

ITS Helpdesk

773-508-4487

helpdesk@luc.edu

 

The Loyola primary system contact must provide the following information to the Helpdesk when requesting access:

-          Vendor Organization

-          VPN account name & associated email address

-          Name and contact (phone/email) for staff performing maintenance

-          System(s) to be accessed

-          Anticipated time window of access required

The ITS Helpdesk will assign the ticket the UISO department with the above information for the account to be enabled.  Once enabled, the user provided as the vendor staff member will be notified of the account activation.

Emergency Procedure:

The ITS Helpdesk maintains a list of emergency contacts that can be contacted in case of an emergency situation requiring vendor VPN access.

Disabling Access:

When the vendor has completed their maintenance of the necessary systems, they should notify Loyola that access is no longer required and can be disabled. 

The vendor should do this by replying to the email with notification of account enabling.  The UISO department will disable the account until further use is requested.

In the event that the vendor does not provide notification that all necessary work is completed and access is no longer required, the Loyola vendor VPN account will be automatically disabled after 24 hours. 

Questions about this procedure:

 If you have questions about this procedure, please contact the University Information Security Office at datasecurity@luc.edu.

Compliance Driver: PCI-DSS v3.0

History and Updates

Initial Procedure Created: November 7, 2012

PCI Compliance Review, July 7, 2013

Approved: November 6, 2013

Author: University Information Security Office (UISO)

Version: 1.1

 

Loyola

Information Technology Services
1032 W. Sheridan Ave. · Chicago, IL 60660 · 773.508-4ITS

InfoServices@luc.edu

Notice of Non-discriminatory Policy