Skip to main content

Policies

Go Search
Home
  
Policies > Wiki Pages > Vendor and Consultant Access Security Policy  

Vendor and Consultant Access Security Policy

Purpose:

Vendor or consultant access to Worcester State network or computing resources is permitted only through written permission of the University's Data Security Officer.

 

 

 

Statement:

Vendors or consultants with whom Worcester State has a close association may require access to Worcester State network and computing resources such as remote access, e-mail, and file and  print services. With proper business justification, an account to a specific individual from a vendor/consultant can be approved when requested by a Worcester State employee (the sponsor) and approved by the sponsor’s manager.
 
Access to Worcester State network and computing resources is granted solely for the work contracted and for no other purposes whatsoever. Access to any additional resources requires express, written consent from the information owner as supported by the sponsor and the sponsor’s manager.

 

 

 

Description:

  • Vendors or consultants with whom Worcester State has a close association may require access to Worcester State network and computing resources such as remote access, email, and file and  print services.
  • With proper business justification, an account to a specific individual from a vendor/consultant company can be approved when requested by a Worcester State employee (the Sponsor) and approved by the Sponsor’s manager.
  • The vendor/consultant is responsible for this account and bears responsibility for the conduct of its employees; however, the sponsor is responsible for ensuring that the Vendor/Consultant users are aware of, and adhere to, all Worcester State policies.
  • The Sponsor must submit a completed Request for vendor/consultant Access form. The Sponsor must specify the reason and need for access to Worcester State network and computing resources, keeping in mind the confidential nature of the accessible information.
  • Once the vendor or consultant request is received, an account will be created. The data owners will determine all vendor/consultants access.
  • No account may be shared; if there are multiple personnel from a vendor/consultant , a separate account is required for each vendor/consultant employee.
  • Vendors/consultants must immediately notify the sponsor when a when access to computing resources is no longer needed.
 

 

 

 

Additional Information:

  • The sponsor must, if requested, provide a printed copy of the Worcester State policies listed above.
  • The sponsor must immediately report any suspected violation of this agreement to his/her management and to the local remote access administrator.
  • The sponsor is accountable for the activities of the Vendor/Consultant user.
  • The sponsor is responsible for initiating necessary action to delete the account when it is no longer required.
  • The sponsor is responsible for semiannually reviewing the need for the vendor/consultant account.
  • If physical access to the data center is required, the Vendor/Consultant must have a temporary badge (logged in IT) and be accompanied at all times by the sponsor.

 

 

Approved By: Don Vescio

 

Date of Origination: 5/10/2008

 

Last Review: 9/20/2010

 

 

Last modified at 9/22/2010 3:00 PM  by Ramsdell, Nancy