Guideline for VPN Access

I.  Purpose

The purpose of this document is to provide guidance for protecting highly restricted university information resources from unauthorized access or disclosure when connecting to university systems remotely via UNC Charlotte’s Virtual Private Network (VPN).

II. Scope

This guideline is applicable to UNC Charlotte faculty, staff, students and all authorized users granted remote access to university information resources via the VPN. Every authorized user of university information resources has a responsibility to take appropriate measures to safeguard that information.

III. Contacts

Direct any general questions about this guideline to your unit’s Information Security Liaison. If you have specific questions, please contact OneIT Information Security Compliance at

IV. Guidelines

Certain university systems contain highly restricted information and may be accessible only via the campus network.  When authorized individuals have a business need to reach these restricted resources remotely, they may be provided with access to the university’s VPN solution which provides a mechanism for secure access. Use of the university's multi-factor authentication solution is required when using the VPN solution.

Individuals granted access to the university VPN should:

  • read the Standard for Responsible Use and understand that this standard extends to university resources accessed via the VPN.
  • utilize computer equipment that has current malware/antivirus protection and current operating system patches.
  • use a password-protected profile on the computer to prevent unauthorized individuals (e.g., family members, friends) from accessing university information.
  • store sensitive university information data only on approved cloud storage or university network drives as outlined in the Guideline for Data Handling.
  • not allow any unauthorized users to access university resources via the VPN.
  • disconnect from the VPN when it is no longer needed.  The VPN session will automatically terminate after a period of inactivity.

Related Resources

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.

Revision History

Initially approved by Information Assurance Committee   9/23/16
Updated   10/1/20