PS-7 Third Party Personnel Security

Description

The university establishes personnel security requirements including security roles and responsibilities for third-party providers and monitors provider compliance.

Applicability

This Control applies to all information resource owners and unit managers.

Implementation

1 - It is the responsibility of the information resource owner, or designee, to:
- 1.1 - Establish and document personnel security requirements including security roles and responsibilities for third-party providers;
- 1.2 - Require third-party providers to comply with personnel security policies and procedures established by the university;
- 1.3 - Require third-party providers to notify unit managers of any personnel transfers or terminations of third-party personnel who possess university credentials, or who have information resource privileges within 72 hours; and
- 1.4 - Monitor provider compliance.
  
  Related Resource
  Information Resources Contract Clauses: Vendor Access Language

PS-7 Third Party Personnel Security

Description​

Applicability​

Implementation​

Description

Applicability

Implementation