All contracting authorities wishing to access network connectivity or network resources to a third party must submit a request for Extranet connectivity to the IT Manager, accompanied by a “third party agreement” signed by the third party, organisation or legitimate delegate. The IT manager will then assign the third party to resolve the security issues associated with the project. The affiliation contract authority must provide, upon request, complete and complete information on the nature of the access offered to the IT manager. All connections made must be based on the principle of least access, in accordance with approved business requirements and security review. All connectivity requirements have a specific start and end date. Under no circumstances will the third party rely on the protection of the network or resources. The IT manager provides access to all approved resources and reserves the right to deny access due to legitimate security concerns, as decided by the CISO. If access is no longer required, the sponsor`s client within XXX must inform the IT manager who terminates the access. This may mean a change in existing permissions until the circuit is stopped. IT security teams must conduct an annual audit of their respective connections to ensure that all existing connections are still needed and that the access provided complies with the requirements of the connection. Links that prove to be obsolete and/or that are no longer used to carry out operations or other authorized commercial transactions are immediately terminated.
If a security incident or the finding that a circuit is obsolete and is no longer used to carry out operations or other authorised commercial transactions, it is necessary to amend existing authorisations or terminate connectivity, the IT manager will inform the POC of the sponsoring contracting authority of this change before taking action. The KDCC`s client must designate a person as an interlocutor (POC) for the third-party financing link. The POC acts on behalf of the KDCC contracting authority and is responsible for the parts of this Directive and the “third-party agreement” relating thereto. In the event of a change in the POC, the person or body concerned must be informed without delay. All extracted connections or access to network resources must be accompanied by a valid written corporate brief approved by the third party, the client or the legitimate delegate of the KDCC. As a rule, this function is treated as part of the third-party agreement. This document describes the directive by which third parties connect to or access network resources on XXX networks to conduct transactions related to KDCC or other authorized business transactions. All new extranet connectivity goes through a security check with the Office of IT Manager. The checks aim to ensure that all access best meets business requirements and that the principle of least access is respected….