|Title: THIRD PARTY ACCESS||Identification: 9.02
Effective Date: March 26, 2013
FS 1001.64; 1001.65
|Signature/Approval: Dr. Ken Atwater|
This procedure outlines how third party individuals and/or organizations connect to and/or access the Hillsborough Community College (HCC) network.
Third parties requiring network resources access to non-public HCC resources.
- Security Review
All connectivity and resource access will go through a security review by the Information Technology department of the college.
- Third Party Connection Agreement
All new connection requests require that the third party agrees to and signs a Third Party Agreement which outlines the business justification. This agreement must be signed by the Vice President of the Information Systems or designee as well as a representative from the third party who is legally empowered to sign on behalf of the third party. By signing this agreement, the third party agrees to abide by all referenced HCC policies and procedures. All non-publicly accessible information is the sole property of HCC.
- Point Of Contact
The HCC contracting authority will designate a person to be the Point of Contact (POC) for the third party connection. The POC acts on behalf of the HCC contracting authority, and is responsible for those portions of this procedure and the “Third Party Agreement” that pertain to it. In the event that the POC changes, the relevant third party person or organization, must be informed promptly.
- Security Review
- ESTABLISHING CONNECTIVITY
All contracting authorities within HCC that want to establish connectivity or network resource access to a third party are to file an Extranet connectivity request with the Colleges’ IT department accompanied by a “Third Party Agreement” signed by the third party person, organization, or rightful designee. The IT department will then engage the third party to address security issues inherent in the project. The sponsoring contract authority must provide full and complete information as to the nature of the proposed access to IT, as requested.
All connectivity established must be based on the least-access principle, in accordance with the approved business requirements and the security review. All connectivity requests will have a specific beginning and ending date. In no case will HCC rely upon the third party to protect HCC's network or resources. IT will grant access to all approved resources and reserves the right to refuse access on the basis of legitimate security concern as decided by the VP of Information Technology or designee.
- TERMINATING ACCESS
When access is no longer required, the sponsoring contracting authority within HCC must notify the IT, which will then terminate the access.
Any entity found to have violated this Third Party Access procedure may be subject to termination of their agreement and legal action.