This policy outlines procedures governing third-party access to (Organization) owned systems, network and applications.
A third party is an organization or individual (non-permanent employee) external to the (Organization)
The policy covers the following aspects of third party relationships:
The purpose of this policy is to define standards for all Third Parties seeking to access the (Organization) systems or network for the purpose of transacting business related to (Organization).
This policy is designed to minimize the potential exposure to the (Organization) from risks associated with Third Party Access.
This policy applies to all (Organization) Staff seeking to provide access to the (Organization) system, network or devices attached to the network to Third parties, and to all Third Parties whether they are vendors, contractors, consultant or outsourced professionals.
2. Pre-Requisites: All new connectivity will go through a security review and approval with the Information Security department.
3. Establishing Connectivity:
4. Modifying or Changing Connectivity and Access:
5. Permitted Third Party Access :
6. Third Party Workstations :
Where Third Parties use PC’s / Laptops or any other devises not owned or managed by the (Organization) to access the resources on the (Organization)’s network and systems, Third Parties must ensure the following:
7. Remote Access by Third Parties:
8. Incident Reporting: Third Parties shall report to management any incident affecting information security and privacy, and all observed and suspected security weaknesses in or threats to Information Technology Assets.
9. Terminating Access:
Confidentiality Agreements are must be signed when (Organization) is considering entering into a business relationship with a third party and where there is a need to understand or evaluate each other’s business processes, some of which might be proprietary or otherwise sensitive in nature.
The purpose of this guideline is to ensure a consistent process for the signing and retention of the (Organization) Information Confidentiality Agreement by all individuals having access to (Organization) confidential information.
This guideline applies to (Organization) and to all Third Parties whether they are vendors, contractors, consultant or outsourced professionals.