Guest Access Policy
Overview
Guest access to the company's network is occasionally necessary for customers, consultants, or vendors who are visiting the company's offices. This can be simply in the form of outbound Internet access, or the guest may require access to specific resources on the company's network. Guest access to the company's network must be tightly controlled.
Purpose
The company may wish to provide network access as a courtesy to guests wishing to access the Internet, or by necessity to visitors with a business need to access the company's resources. This policy outlines the company's procedures for securing guest access.
Scope
The scope of this policy includes any visitor to the company wishing to access the network or Internet through the company's infrastructure, and covers both wired and wireless connections. This scope excludes guests accessing wireless broadband accounts directly through a cellular carrier or third party where the traffic does not traverse the company's network.
Policy
Granting Guest Access
Guest access will be provided on a case-by-case basis to any person who can demonstrate a reasonable business need to access the network, or access the Internet from the company network.
-
AUP Acceptance: Guests must agree to and sign the company's Acceptable Use Policy (AUP) before being granted access. The company may provide additional paperwork for guests to sign at its discretion such as non-disclosure agreements.
-
Approval: Guest need for access will be evaluated and provided on a case-by-case basis. This should involve management approval if the request is non-standard.
-
Account Use: Guest accounts, if offered, are only to be used by guests. Users with network accounts must use their accounts for network access. Guest accounts must be set up for each guest accessing the company's network. Guest accounts must have specific expiration dates that correlate to the business need for the individual guest's access. Login accounts must be given an expiration date that coincides with the end date of the guest’s need for access.
-
Security of Guest Machines: Guest machines must be audited by authorized IT personnel before being allowed to access the network. The company should ensure that that the Network Access Policy will be adhered to, which may involve a virus/malware scan prior to being granted access.
​
Guest Access Infrastructure Requirements
Best practices dictate that guest access be kept separate, either logically or physically, from corporate the network, since guests have typically not undergone the same amount of scrutiny as the company's employees. At a minimum, guest access must be logically separated from the company's network via a demilitarized zone (DMZ), firewall, or other access controls. Guest access should be provided prudently and monitored for appropriateness of use.
Restrictions on Guest Access
Guest access will follow the “principle of least privilege” and be restricted to the minimum amount necessary. Depending on the guest needing access, this can often be limited to outbound Internet access only. The company will evaluate the need of each guest and provide further access if there is a business need to do so.
Monitoring of Guest Access
Since guests are not employees of the company they are not considered trusted users. As such, the company will monitor guest access to ensure that the company's interests are protected and the Acceptable Use Policy is being adhered to.
Applicability of Other Policies
This document is part of the company's cohesive set of security policies. Other policies may apply to the topics covered in this document and as such the applicable policies should be reviewed as needed.
Enforcement
This policy will be enforced by the Executive Team and authorized IT personnel. Violations may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties up to and including termination of employment. Where illegal activities or theft of company property (physical or intellectual) are suspected, the company may report such activities to the applicable authorities.
Definitions
-
Account A combination of username and password that allows access to computer or network resources.
-
DMZ A quarantined area on a network that has limited access to other systems.
-
Guest A visitor to the company premises who is not an employee.