Maintaining the privacy of end users is a primary design consideration and long-term objective of the Impulse Point SafeConnect™ Network Access Control (NAC) Solution.
SafeConnect NAC enables organizations to take more proactive measures in ensuring a secure IT infrastructure. The goal is to provide for an environment free of security threats and vulnerabilities—which promotes the exchange of ideas, information, and content to create a positive and productive network environment for all parties.
Each campus maintains full and complete control over their own policies and how, or even if, these policies are enforced. Each campus determines their strategy for allowing full access, warnings, quarantines, and remediation.
The software installed as part of the SafeConnect NAC Solution (i.e., the Policy Key) does not report or log any activity other than what is required to ensure end user compliance with the endpoint security policies set forth by the organization.
No direct personal information is collected or stored. In situations where the end user device is found to be out of compliance with stated security policies, the SafeConnect System will warn or quarantine the endpoint device based on the policies defined by the organization within the SafeConnect Policy Manager.
SafeConnect collects no information until it is configured by the user’s policy administrator. All queries of a user’s machine must be explicitly formulated by the organization’s policy administrator before they can be evaluated by SafeConnect. SafeConnect does not gather any personal information, or perform any checks, that is not configured by a policy administrator.
Additionally, SafeConnect has been designed with personal privacy in mind and can respond to a limited range of true/false questions. These questions center around the health and configuration of the endpoint and the impact it may be having on network performance. The system cannot respond to open-ended questions, or general requests for information. The system can only return a true/false answer and the transaction occurs over an encrypted communications channel. For example, “Is XYZ anti-virus software up to date and running on this device?” The answer is either true or false.
Real-time policy status metrics of endpoint devices under policy management are kept in a secure database within the SafeConnect Policy Enforcer Appliance, which remains on the organization’s premises. The SafeConnect system database contains no information that can link directly back to end user personal content. The data collected is related only to the status of specific policies defined by the organization.
Under certain circumstances end users may be denied network access and quarantined based on the organization’s acceptable use policy enforcement rules. In such circumstances the system provides remediation guidance to the end user to become compliant with security policy. As always, the data collected is related only to policy status and it is used solely for statistical trending and compliance auditing by the organization.
In short, Impulse Point will never collect or store personal information from its customer’s constituents, and will never communicate directly with end users outside of a SafeConnect Managed Network environment.
A: No. SafeConnect does not gather any information, or perform any checks, that are not configured by a policy administrator. SafeConnect is completely passive until it is configured by the organization’s policy administrator. All queries of a user’s machine must be explicitly formulated by the organization’s policy administrator before they can be evaluated by SafeConnect. Impulse Point will never collect or store personal information from its customer’s constituents.
A: The SafeConnect Policy Key is a lightweight persistent client agent (less than 1MB in size). The SafeConnect Policy Key certifies that the endpoint device adheres to the specific endpoint security policies of the organization on a continuous/real-time basis.
A: The Policy Key is downloaded to a new user as part of the device registration process. It can also be pre-distributed via the organization’s software distribution mechanism of choice for managed environments, such as MS SCCM, Zenworks or through active directory group policies.
A: Yes. However, the decision on who can, and cannot, access an organization’s network remains with the organization that owns and manages the network. Many organizations require that users must read, accept, and adhere to a collection of Acceptable Use Polices (AUP) as a condition of gaining access to the network. This may include the installation of a policy key. This, of course, is the decision of the organization.
A: No. The SafeConnect Policy Key automatically dissolves (uninstalls itself) after a pre-determined time of inactivity. Users can also uninstall the policy key themselves if they choose.
A: Impulse Point is committed to protecting the privacy of your organization and the end user community you support. We have established security, technology, and business processes to ensure that personal information is never collected or stored by our applications or services.
An independent examination of our privacy practices certifies that Impulse Point and the SafeConnect product both conform to the American Institute of CPAs (AICPA) standards. The completion of a Service Organization Controls – Type 2 (SOC 2) Privacy Report resulted in an independent CPA firm finding that Impulse Point’s Privacy Statement is accurate.