Remote Access Policies
In addition to the policies stated below, all users must adhere to all campus and UMMC policies accordingly.
- All user accounts must be approved and submitted by administrators or authorized personnel.
- All user accounts are assigned to a specific user and must not be shared with anyone else.
- Shared accounts are not permitted.
- All data files stored on network drives are protected by backup. It is the user's responsibility to save data files to the server for sharing and backup purposes. Personal files, not related to the mission of the department, are not allowed on departmental servers. Medicine I/S has the right to remove these files without warning or notification. Any patient health information or sensitive data must be stored on departmental servers or authorized campus systems.
- Medicine I/S is not responsible for any data not stored on the server. Each user must take the necessary steps to protect, secure, and backup any data stored on local media such as flash drives, hard drives, CD, DVD etc.
- PHI/PII is not to be stored on local storage in any capacity.
- Passwords change regularly. Login to our Self-Service Password Recovery Portal for more information regarding password policies.
- Sharing or visually displaying your password (e.g. post-it note on monitor) is strictly prohibited, against campus policies, and will be removed by Medicine I/S if discovered. When possible, these rules will be enforced automatically.
- Internet web-browsing for personal use is at the discretion of your supervisor and must not interfere with the completion of employee’s work responsibilities.
- All users must lock or logoff their PC when it will be unattended.
- All desktop computers must be powered on overnight. We recommend choosing the “Restart” option when shutting down at the end of the day.
- Attempts to remove or disable any security software is strictly prohibited.
- All users will be granted 'standard user' rights on their computer, admin rights are for use by IT staff only.
- Any user account that is inactive for 90 or more days will be disabled due to inactivity. If an account is expected to be inactive for an extended amount of time and needs to remain active, a Service Desk ticket must be entered to notify Department of Medicine IS so that the account can be protected.
- Any user account that is disabled for more than 60 days will be deleted.
- Many factors are taken into consideration when addressing incidents and service requests, including but not limited to:
- Scope of the request (i.e. how many users/devices are affected)
- Ability to perform work in another fashion or on another device
- Current ticket volume
- Priority of other requests
- Method of resolution and urgency of tickets will be at the sole discretion of I/S staff and any delegated users or technicians.
- Personal devices are not supported.
- Visit our Support Page for more details
Remote Access Policies
- Multi Factor Authentication (A.K.A Two-Factor Authentication) is required for all remote access solutions. The campus has standardized on Duo MFA.
- Outlook Web Access is the supported method for accessing Department of Medicine email off-campus. We cannot guarantee the functionality or reliability of any other method of access.
- All Department of Medicine-supported devices must be connected to the internal network or connected through VPN at least once every 30 days to ensure domain and encryption credentials are up to date. Failure to connect can result in the inability to use the device.
- In the event you can't work remotely and a resolution is not imminent, you must come in to work or make alternate arrangements with your supervisor.
- No special urgency is given to users working remotely when support is requested.
- Department equipment used remotely must be used for work purposes only, by the employee only, and should not be modified unless directed by the I/S team. In addition, it must be returned to the department when you are no longer employed.
- If departmental equipment is used remotely and it physically breaks, repair will be delayed and you may need to make alternate arrangements with your supervisor.
- Usage of remote access systems (VPN, Medicine Remote Desktop, etc) will be reviewed periodically. Users not found to be using the system will have their access to that system revoked.
- Software not provided by the Medicine I/S must be approved before purchase or installation. Support will be provided for these applications on a best effort basis. Storing and maintaining source media/discs for such applications is the responsibility of the user.
- The I/S team maintains licenses for all provided software, unless otherwise noted.
- It is the responsibility of the user to manage all licensing for applications not provided by the I/S team.
- All computers, laptops, and similar equipment must be purchased through Medicine I/S. An administrator must approve the request before a quote or purchase is made. A new UMB Employee Equipment Acknowledgement Form must be signed by the recipient of a laptop prior to receiving the laptop.
- Personal devices are only permitted on guest networks.
- All equipment purchased by the University is property of the University of Maryland, Baltimore.
- Desktop/Laptop lifecycle support - 7 years maximum.
- Equipment must only be modified, moved, or re-configured by Medicine I/S.
- All computers and laptops must be maintained and managed by Medicine I/S.
- Hardware support is not provided for smart phones and tablet devices. Please see your manufacturer or carrier for assistance.
- Desktop computers can only be ordered and custom-built through the Department of Medicine Service Center.
- Medicine I/S will only connect computers purchased through the Department of Medicine Service Center to the network.
- Minimum specifications:
Dual core or better processor, 4Gb memory, Windows 7 Professional OS.
- Laptops and home desktop computers must be approved through the Department of Medicine Service Center.
- A new UMB Employee Equipment Acknowledgement Form must be signed by the recipient of a laptop prior to receiving the laptop.
- We only support Dell Business devices for laptops.
- All supported external computers must be encrypted and comply with the FPI/SOM laptop policy.
- Minimum specifications:
Core i3 or better processor, 8Gb memory, Windows 7 Professional OS
- New requests for Macs will only be accepted if a specific business justification is made and approved by Medicine I/S. Macs are not completely compatible with our systems and cannot be managed as required by campus policy.
- Hardware support is based on the Apple Care contract purchased with the computer.
- The Department of Medicine and the Department of Epidemiology has a contract with LaserLine for toner, maintenance and repair. Support is limited to departmentally owned/UMPPA network printers—and some local printers. (UMM or FPI owned printers are not covered.) All supported/contracted printers will contain a LaserLine label with support information.
- HP is the standard for network and local printers.
- Xerox is the standard for copiers/multi-function devices.
- All Epic printers must be obtained through the EPIC Portfolio team by contacting the UMM Helpdesk.
- Local printers are HIGHLY discouraged and not recommended.
- All new printer purchases will be procured through I/S. Please enter an "incident ticket" to order. The list of approved printers can be found here.