Remote Access Procedures - Wishes.Inc
Purpose
The purpose of these Remote Access Procedures is to establish guidelines for employees and
contractors who require remote access to the organization's network resources. These
procedures are designed to ensure the security and integrity of the organization's information
and technology assets.
Scope
These procedures apply to all employees and contractors who require remote access to the
organization's network resources.
Authorization
Remote access must be authorized by the employee's manager and approved by the IT
department. A remote access agreement must be signed by the employee before remote
access is granted.
Remote Access Methods
Remote access may be granted using the following methods:
● NMI dashboard
○ Dashlane saved password with 2FA protection
● Cross River Bank API
○ Whitelisted IP address
● Cross River Documentation
○ Whitelisted IP address and
○ Personal password for each team member saved with Dashlane
● Marqeta
○ Dashlane saved password
● Mastercard API
○ Personal password for each team member saved with Dashlane
● Wishes team Slack
○ Personal password for each team member saved with Dashlane

Security Requirements
All remote access connections must comply with the following security requirements:

Authentication - Remote access must be authenticated using a secure authentication method,
such as a strong password or multi-factor authentication.
Encryption - Remote access connections must be encrypted using secure encryption
protocols, such as SSL or TLS.
Anti-virus and Anti-malware Software - All devices used to connect to the organization's
network must have up-to-date anti-virus and anti-malware software installed and enabled.
Firewall - All remote access connections must be protected by a firewall to prevent
unauthorized access.
Access Control - Access to specific network resources must be limited to authorized users.
Logging - All remote access connections must be logged for auditing purposes.

Responsibilities
Employees and contractors who require remote access are responsible for:
Maintaining the confidentiality and security of their login credentials.
Ensuring that their devices are updated with the latest security patches and software updates.
Notifying the IT department immediately if their login credentials are lost, stolen, or
compromised.
Disconnecting from the network immediately after completing their remote access tasks.
Reporting any suspected security incidents or breaches to the IT department.

Enforcement
Any employee or contractor who violates these Remote Access Procedures may be subject to
disciplinary action, up to and including termination of employment.
Review and Update
These Remote Access Procedures will be reviewed and updated annually or as needed to
ensure compliance with changing security requirements and technology advancements.