SOP for Remote Support Sessions

  • 4 minutes to read

Purpose

This SOP defines the process for initiating and conducting remote support sessions between the Organization seeking certification (OSC) and the External Service Provider (ESP). It ensures compliance with security policies by protecting Controlled Unclassified Information (CUI) and preventing unauthorized data exfiltration during remote support activities.

Scope

This procedure applies to all users within the OSC who require remote technical support for Windows endpoints and M365 Cloud PCs. It includes responsibilities for both the OSC and the ESP IT team when establishing and managing remote sessions using Microsoft Quick Assist or other approved remote support tools.

Responsibilities

Organization seeking certification (OSC) Responsibilities

Step 1: Prepare for the Remote Support Session

  1. Ensure that an Authorized Manager has approved this remote support session request.
  2. Close all CUI-related files and applications before initiating the session.
  3. Ensure no sensitive data is visible on-screen before granting access.
  4. Communicate with the ESP IT team to coordinate session timing and connection method.

Step 2: Establish the Quick Assist Remote Session

  1. Open Quick Assist on Windows
    • Click the Start Menu and type Quick Assist, then press Enter.
    • If prompted, sign in with your Microsoft account.
  2. Enter the Support Code
    • The ESP IT team will provide a 6-digit security code.
    • Enter the code in the “Get Help” section and click “Submit”.
  3. Approve the Remote Session
    • A prompt will appear asking if you want to share your screen. Click Allow.
    • If the ESP requests full control, carefully review the request before clicking Allow.

Step 3: Monitor the Support Session

  1. Stay present and engaged throughout the session.
  2. Notify the ESP IT team if any sensitive information inadvertently appears on the screen.
  3. When troubleshooting is complete, ensure the session is properly ended by following the steps below.

Step 4: Ensure the Session is Properly Ended

  1. Verify with the ESP IT team that all troubleshooting actions have been completed.
  2. Manually close the Quick Assist session by clicking “Leave” or “End Session”.
  3. Confirm with the ESP that the session has ended and no remote access remains active.
  4. Restart your device (recommended) to ensure all remote session processes are closed.

External Service Provider (ESP) IT Team Responsibilities

Step 1: Initiate a Remote Session

  1. Confirm that the remote support session request originates from or is approved by an Authorized Manager.
  2. Communicate with the OSC user to determine the appropriate time for troubleshooting.
  3. Generate a Quick Assist session code by opening Quick Assist and clicking “Give Assistance”.
  4. Provide the 6-digit security code to the OSC user and instruct them to enter it.
  5. Ensure the session is established only with the authorized OSC user.

Step 2: Request and Gain Screen Control (only if necessary)

  1. After the OSC user enters the session code, request View Screen or Full Control:
    • Instruct the OSC user to review and approve the request before proceeding.
    • If full control is granted, use it only for troubleshooting purposes.

Step 3: Security and Compliance Requirements

  1. No recording, screenshots, or unauthorized data capture is permitted.
  2. Do not access files or applications unrelated to the issue.
  3. If sensitive data appears on screen, terminate session immediately, and notify the OSC user.
  4. Terminate the session immediately once troubleshooting is complete.

Step 4: Ensure the Session is Properly Ended

  1. Confirm with the OSC user that troubleshooting has been completed.
  2. End the Quick Assist session using the “Leave” or “End Session” button.
  3. Verify that the session has been fully closed before disconnecting.
  4. Ensure no residual remote access remains active.

Step 5: Document the Support Case in Freshdesk

  1. Open the Freshdesk ticket corresponding to the support request.
  2. Update the ticket with the resolution details, ensuring clear and concise documentation.
  3. Add any additional internal notes in the Private Notes section for review by other Nimbus Logic technicians for potential new SOP’s / procedures to avoid or prevent any issues addressed.
    • Include troubleshooting steps taken.
    • Note any recurring issues or patterns observed.
    • Highlight any escalation requirements or follow-ups needed.
  4. Close the ticket if the issue is fully resolved. If further action is needed, assign it accordingly.

Review & Maintenance

This SOP will be reviewed annually or as needed based on changes in compliance requirements, Microsoft cloud services, or security policies.