Remote access is one of the highest-risk entry points in any corporate network. This template ensures every VPN, RDP, or cloud access request is documented, justified, and tied to a named manager — giving your IT security team the information they need to make informed provisioning decisions before granting network access.
Remote access requests require more scrutiny than internal software access because they extend the corporate network perimeter beyond the office. A VPN misconfiguration or an unmanaged personal device can introduce vulnerabilities that no firewall can catch. A structured request form brings discipline to this process — ensuring that every access grant is deliberate, documented, and tied to a legitimate business need.
This template captures the critical distinctions that shape IT's provisioning decision: what type of access is needed (VPN, RDP, cloud SSO), whether the device is company-issued or personal, and whether access is temporary or ongoing. Temporary access requests should have a defined end date, and IT should have a process to revoke it when that date arrives. Without that structure, temporary access becomes permanent by neglect.
formformform makes this form easy to deploy and share across your organization. You can link it from your security policy, embed it in your VPN setup documentation, or add it to your IT service catalog. Every submission is stored with a full timestamp and the employee's stated justification — creating the audit trail that compliance frameworks require.
Employees request VPN access before international travel, specifying destination countries and duration so IT can account for geographic restrictions.
Contractors request time-limited VPN credentials tied to a specific project, with an automatic revocation note for the end date.
Newly remote employees request ongoing VPN access from home, noting their home router and ISP to assist with troubleshooting.
Developers request SSH access to production or staging servers, specifying which environments and which IP addresses to whitelist.
IT support technicians request Remote Desktop access to assist employees with device issues without requiring physical presence.
Employees using personal MacBooks or Windows machines for remote work request access subject to device compliance verification.
Field technicians request cellular VPN access for working at client sites, specifying the mobile device model and carrier.
During office closures or emergencies, employees submit bulk remote access requests so IT can rapidly provision work-from-home capability.
DevOps engineers request approved access to cloud infrastructure consoles from non-office locations with MFA requirement acknowledgment.
Offshore development teams request access to onshore systems for integration work, with IP range whitelisting and access window specification.
Executive assistants request expedited VPN provisioning for C-suite traveling to investor meetings or board events.
Organizations with seasonal staff request temporary VPN access with automatic expiry tied to the end of the seasonal contract period.
Click 'Use this template' to clone the form into your formformform account.
Update the remote access type dropdown to reflect the specific remote access technologies your organization supports.
Enable notification to your IT security team's inbox or on-call alias.
Add a policy paragraph below the heading linking to your Acceptable Use Policy for remote access.
Share the link in your remote work policy, VPN setup guide, and IT portal.
Build a companion offboarding step to revoke temporary access when the specified end date arrives.
it is much harder to revoke access retroactively than to set an expiry during provisioning.
unmanaged personal devices should go through a device health check (MDM enrollment or minimum OS version) before VPN access is granted.
a one-day business trip should still have a reason on record. It takes 30 seconds and creates an audit trail.
employees change roles, leave the company, or no longer need remote access. Scheduled reviews prevent credential sprawl.
full-tunnel VPN routes all employee traffic through your network, including personal browsing. Split-tunnel limits exposure while still securing business traffic.
include a brief notice that personal devices may need to meet minimum security requirements (encryption, OS version, antivirus).
Full-tunnel VPN routes all internet traffic through the corporate network, which maximizes visibility but can slow connections. Split-tunnel VPN only routes corporate traffic through the VPN, leaving personal browsing on the regular internet. Your IT team chooses which type to provision based on the role and risk level.
Yes, the form captures device type. However, personal device access typically requires additional security checks — your IT team will use the device description field to assess whether the machine meets minimum security requirements before granting access.
formformform stores all submissions with dates. You can export the data and use the needed-by date and temporary/permanent field to build a revocation checklist. For automated revocation, connect the form to your IAM system via Zapier or a custom webhook.
Yes. Contractors should always select 'Temporary' and specify an end date in the justification field. IT teams can then configure time-limited credentials that expire automatically.
Each submission creates a timestamped record of who requested access, why, what type, and which device. This is exactly the evidence auditors request when reviewing access control for frameworks like SOC 2, ISO 27001, and HIPAA.
Manage software access provisioning with a structured request and approval form.
Give employees a clear path to report phishing, malware, and security breaches.
Streamline equipment requests with a structured IT asset request form.
Ensure new hires have everything they need on day one with a structured IT setup request.
Let employees report IT issues with all the context your team needs to fix them fast.
Free forever. No credit card required. Customize everything.
Use this template