This sample policy contains guidelines and procedures employees should follow when overseeing third-party entities.

This policy applies to all employees, contractors, vendors, business partners and anyone who acts as an agent of the company or any of its subsidiaries and is involved with the design, construction, maintenance, use, connection or removal of the company information, systems and networks. The requirements of this policy must be included in all contract negotiations that will or could affect the information security posture of the company.