The objective of the Third Party Access Policy is to maintain the security of information processing facilities of Company accessed by third parties. These standards are designed to minimize the potential exposure to the Company from damages that may result from unauthorized use of Company resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical Company internal systems, etc.
In order to access information processing facilities of the Company, every vendor or contractor (including their employees and partners), should provide a written document with all the details of this access and the responsibilities of both parties, either in contract or in an annex to the main contract. If necessary, the annex should allow the security requirements and procedures to be expanded in a security management plan to be agreed between the two parties.
To assess all the risks and to document the security requirements and procedure, a cross-functional team will be formed, led by the Information Security Team and comprising, as required, specialists from relevant departments. Access to information and information processing facilities by third parties should not be provided until the appropriate controls (as established by the above nominated cross-functional team) have been implemented and a contract has been signed defining the terms for the connection or access.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. REQUIREMENTS
4. ROLES AND RESPONSIBILITIES
4.1 DEPARTMENT MANAGER
4.2 INFORMATION SECURITY DEPARTMENT
4.3 EMPLOYEE
5. EXCEPTIONS
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
Pages: 8
This bundle contains all the products listed in the Risk Management section. Take advantage of the 25% OFF when buying the bundle!
Adequate Capacity Management Policy must be defined and implemented at the Company, in order to be possible to correctly monitor the performance of the existing or future Company systems, to forecast their future evolution and identify possible bottlenecks.
The objective of this standard is to define the configuration to be met by all servers owned or managed by Company that are located outside of the firewalls. The standards are designed to minimize the exposure to Company from damages that may result from malicious activities from both internal and external entities. Internet facing devices located outside the Company firewalls are considered part of the DMZ.
Review Third Party Access Policy.
You must be logged in to post a review.