The Service
Information Services Policies...
Use of third parties policyPlease note that as this policy is periodically reviewed and updated, if you print it from the website, its accuracy cannot be guaranteed for more than a 24 hour period following printing.
This Third Party Access Policy defines the requirements of HFRS for the engagement and management of Third Party Access.
This Third Party Access Policy shall apply to all third parties who have access to HFRS information assets or information processing facilities. It is the Third Party Access Policy of HFRS to ensure that the engagement and use of any third party is properly authorized, managed and reviewed.
Third party access (contractors, business partners, consultants and vendors) shall only be provided following formal authorization by the ICT Manager using the supplier remote access form and shall be, if necessary, monitored. Third party access to information assets shall be granted in increments (not exceeding one year) according to business needs and identified risks. Information owners shall specify access time frames and be prepared to offer justification for such access.
All Third Party Accesses shall be authorised via the supplier remote access form.
Access accounts shall be issued to named individuals who are prohibited from sharing access with any other person.
Any third-party connection shall take place from a physically secure environment. Formal checks shall be undertaken prior to allowing any third party access connections.
A level of security agreed by HFRS and the third party, and formally documented shall support external connections.
A list of authorised third party connections shall be maintained by HFRS and shall be reviewed on an annual basis.
A formal deregistration process shall be established for the removal of third party access permissions.
