VPN rules - Girteka - Responsible Logistics

VPN Access & Usage Policy

  1. General provisions

Access to and use of the VPN also access to the network of UAB “Girteka Competence Center” (hereinafter – the Company) or its subsidiaries, affiliates, parent or holding companies of Girteka group will be controlled by Company’s staff who will issue authentication credentials (e.g., a unique user ID and Password) to authorized users on the company’s which shall provide works and/or services to the Company (hereinafter – Contractor) staff.

Company’s IT division will provide all necessary information and support in order to access the resources via a VPN connection.

Please be advised VPN connection credentials are personal and not to be disclosed to any other person of the Contractor, Company or any third party for any reason whatsoever. The connection credentials must be memorized, and it is strictly forbidden to store it electronically or physically.

In case of compromising the VPN connection credentials or there is a reasonable suspicion of such compromise The Contractor or authorized user will immediately inform the Company’s IT division (via e-mail ServiceSupport@girteka.eu) and will follow its instructions and shall provide full cooperation.

The access shall be granted only strictly for the purposes of providing proper services/works to the Company under the contract and any other activities which are not necessary to achieve the goal herein shall be considered as an unauthorized activity.

Authorized user shall use VPN only for provision of the services/works

VPN authorized user will be automatically disconnected from the VPN after 8 hours after connection. The user must then logon again to reconnect to the network.

Authorized users shall not use the VPN for web surfing that does not otherwise require it for access. When the authorized user has completed accessing VPN, they must end the VPN session prior to normal web access.

Any use of devices allowing split-tunneling is strictly forbidden and considered as a breach of this policy.

All computers connected to our internal networks via VPN must use the most up-to-date anti-virus software that is the corporate standard; this includes personal computers.

Contractor and authorized user must configure their equipment to comply with Company’s VPN policy and standards.

  1. The change of authorized user

The Contractor or authorized user will immediately notify Company’s staff whenever an authorized user in possession of such credentials is terminated or otherwise leaves the employ of the Contractor, and whenever an authorized user’s duties change such that the authorized user no longer requires access to perform work under the contract, and any other reason caused the authorized user lose the right to access.

The Contractor or authorized user will:

  • inform the Company’s IT division (via e-mail ServiceSupport@girteka.eu)
  • provide information in writing about a new person to be granted a VPN connection

After receiving the aforementioned notification and the Company’s IT division shall terminate the authorized user’s access and shall provide new credentials for the new authorized user only after all the necessary information is provided and other procedural steps taken.

  1. Password requirements

Login passwords must be changed every 2 months. Password requirements shall be implemented by the standards set up by the Company’s IT division.

  1. Term of access

Access shall be granted only for the period in accordance and then will be terminated immediately, except when the contract is renewed, and it has been documented.

  1. Right to monitor, control and terminate

Company reserves the right to control and closely monitor any and all activities via VPN and on Company’s network. For this purpose the Company reserves right to use various methods, including but not limited to, periodic walk-through, firewall reports, video monitoring, internal and external audits, and inspection via various security tools.

Authorized user irrevocably consents to such monitoring and control provisions.

Such monitoring can be carried out for the following purposes:

  • to ensure the compliance of the Company with legal requirements;
  • to ensure the investigation of information security incidents;
  • to discover cases of fraud or breaches as well as to establish necessary preventive measures;
  • to ensure the protection of confidential data of the Company and data transmitted by its clients that are processed by the Company from their transfer to third parties;
  • to ensure the integrity, uninterrupted operation of the Company’s information systems and their protection from hacking, data theft, and malware;
  • to ensure an adequate quality level of the services being provided by the Company.

In case of any infringements, breaches, violations of the provisions hereof, the contract between Company and Contractor, the applicable law, as well as unauthorized activities or there is a reasonable suspicion of the possibility of such breaches, violations, infringements, illegal, illicit activities, the VPN access will be terminated immediately without any prior warning until a separate agreement, or until incidents resolved.

  1. Liability

The Contractor and an authorized user shall indemnify and hold Company harmless from any infringement claim made against Company due to any illicit and/or unauthorized activities within the Company’s network which would cause any losses, damages and infringement to the rights of third parties.

The Contractor and an authorized user shall be liable for any loses and damages (including consequential damages) due to compromised connection credentials, infringements, breaches, violations of the provisions hereof, the contract between Company and Contractor, the applicable law and other acts and omissions as a result of the use of right of VPN and network access.

Any and all delays to provide services/works under the contract shall be considered as a breach of contract due to Contractor’s fault in case the VPN and network access was terminated due reasons set forth within clause 5 or clause 2 when the Contractor would not provide a required details for a new authorized user.