Third-Party Access

Access to system or business resources shall only be granted via explicit discretionary access control (e.g., identification, authentication and authorization) in accordance with County security policies.

 

Rationale:

Access based on County security and role-specific policies will ensure appropriate access is provided with maximum protection of resources with minimal administration and disruption. 

 

Implication:

· County will provision appropriate access for third-parties as needed to support the business.

· Third party access must adhere to this principle and standard County processes that include business and CTO Security participation.