This tool contains two sample policies that outline procedures governing third-party access to company-owned networks and applications. The policy explores the roles and responsibilities of various stakeholders, ensuring that access is granted in a controlled and secure manner. The document delineates the procedures for managing third-party access, including the use of company equipment, software and network resources by temporary workers, contractors, consultants and business partners.

It further specifies the conditions under which noncompany equipment can be connected to the company's network. The policy also highlights the necessity of contractual agreements that define security responsibilities and the right to audit the controls used by third parties. Organizations can leverage this policy to evaluate whether they have robust security protocols and practices in place for managing third-party access, thereby mitigating potential security risks.

According to this policy:

• ISS is responsible for receiving and approving temporary, contractor, consultant and third-party access privileges.
• The director of IT operations is responsible for the review and approval of all B2B third-party access requests.
• The legal and purchasing departments are responsible for negotiating terms and agreements with the third party.
• The legal and purchasing departments will consult with ISS to determine needs/requirements before any agreement is reached.