Third-Party Access

Access to system or business resources shall only be granted via explicit discretionary access control (e.g., identification, authentication and authorization) in accordance with County security policies.



Access based on County security and role-specific policies will ensure appropriate access is provided with maximum protection of resources with minimal administration and disruption. 



· County will provision appropriate access for third-parties as needed to support the business.

· Third party access must adhere to this principle and standard County processes that include business and CTO Security participation.