Internal Documentation

Remote Access Policy

Purpose

This policy establishes the rules and procedures for accessing Cadence OneFive’s network, systems, and data in our fully remote, horizontal work environment. It aims to ensure the security and integrity of organization resources while supporting our distributed and collaborative workforce.

Scope

This policy applies to all team members of Cadence OneFive, including employees, contractors, and temporary staff, as all personnel require remote access to organization networks, systems, or data.

Policy Statement

As a fully remote, horizontal organization, Cadence OneFive recognizes that all work is performed via remote access and decisions are made collaboratively. The following policies and procedures are designed to maintain security and productivity in this distributed, consent-based work environment:

Access Provisioning

  1. All team members will be granted appropriate remote access upon joining the organization, as part of the onboarding process.
  2. The IT Team will maintain an up-to-date list of all users and their access levels.
  3. Access levels will be reviewed quarterly by the IT Team in collaboration with relevant consent stakeholders to ensure they align with current roles and responsibilities.

Access Methods

  1. Access to organization systems that contain customer data must be established using organization-approved Virtual Private Network (VPN) solutions.
  2. Cloud document services, such as Google Drive, do not require the use of a VPN for access.
  3. Multi-factor authentication (MFA) is mandatory for all connections to organization resources, including cloud services.

Security Requirements

Network Security

  1. Team members must ensure their home Wi-Fi networks are secure and encrypted with WPA2 or WPA3.
  2. Use of public Wi-Fi for accessing organization resources is discouraged. If necessary, a VPN must be used for accessing non-cloud-based organization resources.

Data Protection

  1. Sensitive organization data must not be downloaded or stored on personal devices.
  2. All work-related data must be stored on organization-approved cloud storage solutions (e.g., Google Drive).
  3. If temporary local storage is necessary, data must be encrypted and deleted once no longer needed.

Acceptable Use

  1. All use of organization systems and resources must comply with the Acceptable Use Policy.
  2. Team members are responsible for maintaining a secure and professional work environment, even when working from home or other remote locations.

Monitoring and Auditing

  1. Cadence OneFive reserves the right to monitor and log all access to organization resources for security purposes.
  2. Regular audits of access logs and user accounts will be conducted by the IT Team.

Support and Troubleshooting

  1. The IT Team will provide remote support during defined business hours.
  2. Team members are responsible for maintaining reliable internet connectivity. The organization may provide stipends or reimbursement for internet services as per the organization’s compensation policy.

Equipment and Resources

  1. Cadence OneFive will provide necessary equipment (e.g., laptop, headset) for remote work as specified in the team member’s contract.
  2. Team members are responsible for maintaining their work equipment and reporting any issues promptly to the IT Team.

Security Incidents

  1. Team members must immediately report any suspected security incidents or loss of organization-issued devices to the IT Team.
  2. In case of a lost or stolen device, remote wipe procedures, if available, will be initiated to protect organization data.

Policy Amendments

  1. Proposed changes to this policy can be initiated by any team member.
  2. Amendments will be reviewed and approved through the organization’s established consent decision-making process, involving relevant stakeholders.

Termination of Access

  1. Access to organization systems will be terminated immediately upon a team member’s departure from the organization.
  2. Team members must return all organization-issued equipment as part of the offboarding process.

Policy Compliance

Failure to comply with this policy may result in remedial actions, up to and including termination of employment or contract, as determined through the organization’s established conflict resolution and decision-making processes.

See also the Bring Your Own Device Policy.

Policy Review

This policy will be reviewed annually by the IT Team in collaboration with relevant consent stakeholders, and updated as necessary to reflect changes in technology, business needs, or regulatory requirements.

Visibility

This document is confidential and is a proprietary work product of Cadence OneFive. The information contained herein may not be copied or distributed without the specific written consent of Cadence OneFive.

Employee Acknowledgment

I have read and understand the above policy of Cadence OneFive. I agree to adhere to the policy and understand that violations of this policy may result in disciplinary action, up to and including termination of employment.