Third Party Access Agreement

All extranet links or access to network resources must be accompanied by a valid business justification approved by the third party and by the KDCC contractor or the legitimate agent. Typically, this function is performed under the third-party contract. All new Extranet connectivity goes through a security check with the Office of IT Manager. The purpose of the audits is to ensure that each access best meets commercial requirements and that the principle of least access is respected. All network connections and resources that require access to non-public resources are covered by this directive, regardless of the technology used for the connection. Connecting to third parties, such as internet service providers (Internet service providers, ISPs), which provide access to the internet for XXX or the public telephone network, is NOT a matter of this directive. If access is no longer required, the sponsor must inform the IT manager in XXX, which ends access. This may mean changing existing permissions until the end of the circuit. IT security teams must check their respective connections each year to ensure that all existing connections remain necessary and that the access provided meets the requirements of the connection. Links that have been established to be obsolete and/or are no longer used for commercial transactions or other authorized business transactions are immediately terminated.

If a security incident or finding that a circuit is obsolete and is no longer used to conduct commercial transactions or other authorized business transactions requires a change in existing authorizations or a termination of connectivity, the IT manager will notify the POC of the contracting authority to sponsor the change before any action. All new third-party and XXX connection requests require the third party and the representative to accept the third-party contract and sign it. This agreement must be signed by the IT manager and a representative of the third party who is legally entitled to sign on behalf of the third party. By signing this agreement, the third party undertakes to comply with all the guidelines to which it is referred.

Posted in Uncategorized