Third Party Access Procedure
This procedure describes the security rules that must be followed at the Company in order to maintain the security of information processing facilities of Company accessed by third parties. These standards are designed to minimize the potential exposure to Company from damages that may result from unauthorized use of the Company resources. Damages include the loss of sensitive or Company confidential data, intellectual property, damage to public image, damage to critical Company internal systems, etc.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. REQUIREMENTS
3.1 GENERAL REQUIREMENTS
3.2 THIRD PARTY AGREEMENT SECURITY REQUIREMENTS
3.3 HARDWARE AND SOFTWARE INSTALLATION AND MAINTENANCE
3.4 GRANTING ACCESS TO THE COMPANY’S SYSTEMS AND DATA
4. ROLES AND RESPONSIBILITIES
4.1 THIRD PARTY
4.2 DEPARTMENT MANAGER
4.3 TECHNICAL STAFF IN-CHARGE WITH THE ACCOUNTS MANAGEMENT
4.4 INFORMATION SECURITY SECTOR
5. EXCEPTIONS
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
7. APPENDIX A – AGREEMENT TO COMPLY WITH INFORMATION SECURITY POLICIES
Pages: 10
Review Third Party Access Procedure.