Third-Party Access (PS-08-011)
PS-08-011 Third-Party Access
Issue Date: 3/20/2008
Revision Effective Date: 3/20/2008
Review Date: 7/1/2018
In almost every aspect of state government, there is a need to outsource services to individuals or companies that are external to state government. The use of these outsourced services also known as third-parties, contractors or consultants introduces certain risks to the enterprise because they have not been vetted through the state human resources and recruiting process. As such, their trustworthiness has not been established. However, for these individuals to be able to provide the services requested of them, there must be a level of trust granted to them that allows access to state facilities and state information assets. This policy addresses the need to identify and address those risks.
Any unescorted, physical and/or logical access to non-public state facilities and/or information assets granted to third parties shall be associated with a signed contract.
When utilizing the services of a third party, the sponsoring agency shall be responsible for assessing and managing the risks associated with the accesses granted to the third party.
The sponsoring agency shall ensure that the third party is aware of and complies with all applicable state, federal, local and agency polices and standards.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
TERMS and DEFINITIONS
Third-Party is synonymous with contractor, service provider, consultant or any other individual or organization external to state government providing services on behalf of, for, or as an agent of state government or otherwise requiring access to non-public state facilities and/or information resources.