The Official Web site for the Office of Information Technology - UTSA

This document should be rendered in an HTML format with cascading style sheets and JavaScript turned on.

Office of Information Technology Home Page

Skip to Main Content

Skip to Navigation

Please take a few minutes to read our Accessibility Page which will make your visit through this Web site easier.

Copyright (c) 2010. The University of Texas at San Antonio. All rights reserved.

OIT Home > About OIT > Information Resource Standards >Vendor Access Standard

Vendor Access Standard

UTSA frequently relies on the services of outside vendors to support hardware and software management and operations for customers. In that role vendors might have the ability to view, copy or modify confidential data, raising concern about potential exposure or misuse of UTSA data. 

This standard applies to all persons or companies with whom UTSA enters into contracts to provide services involving IT resources and to those in the UTSA organization who sponsor a vendor or consultant.

Vendor Sponsorship

A vendor account may be requested by a department or individual employee (sponsor) with justification and authorization by the department head.

The sponsor must submit a request for vendor access to OIT, specifying the reason for the request and noting confidential data that will be involved.

OIT will contact the data owners for a determination of appropriate access, based on confidentiality.

Access will be granted solely for the work contracted and for no other purposes. Access to additional resources requires written consent from the information owner as supported by the sponsor.

If physical access to the data center is required, the vendor must be accompanied at all times by the sponsor.

The sponsor is responsible for the handling the purchasing process, restrictions to be covered in contracts, non-disclosure agreements, and other provisions for protection of the data, as well and notification to the vendor of the university data security policies.

The sponsor must monitor closely the work/activities of the vendor report immediately any suspected violation of the agreement or data security policies.

Any vendor access to IT resources shall be granted for a defined and short duration.  On completion the vendor must notify the sponsor of the completion of the task and access to the system(s) will be disabled.

Vendor Requirements

The vendor shall be required to follow these steps in the event of unauthorized use or disclosure of confidential data:

Provide written notice within one (1) day after the vendor’s discovery of such use or disclosure; and all information that the university requests concerning such use or disclosure.

Within thirty day after the termination or expiration of a Purchase Order, contract or other agreement, the vendor shall return or destroy, as applicable, all confidential data provided to the vendor by UTSA.
Effective Date:

August 1, 2011

Compliance Date:

September 30, 2011

Last Revision:

May 9, 2011

Account Management

Disposal of Computers
Other Electronic Devices

Laptop Encryption

Policy Exception and Risk Assumption Procedures

Administrative/Special Access

E-Mail Management

Log-in Disclaimer

Security Monitoring

Application Registration

Incident Management

Network Access

Security Training

Enterprise Backup &
Data Recovery

Information Resource Use and Security (pending)

Network Configuration

Server Hardening

Change Management

Information Security Risk Assessment

Password

Software Licensing

Computer Naming Convention

Information Security Administrator (ISA)

Patch Management Standard

Threat Detection and Prevention

Configuration and Asset Management

Information Security Training Standard

Personal Computing

Unauthorized File Sharing

Copiers and Printers

Information Services Privacy

Physical Access

Vendor Access

Data Center

Internet Use

Portable Computing

Web Application Vulnerability Scanning

Data Classification

Intrusion Detection

Protection Against Malicious Software

Wireless Network

 

 

 

Workstation Operating Systems Support

Tools