Skip to main content

Managing Third Parties Supplemental Policy

Number: 8040.0 Revised: August 15, 2010

Granting Access to Third Parties

Third party service providers may be granted access to campus information assets when needed to accomplish an authorized and necessary business-related task.  All such access must be documented in writing and authorized using procedures approved by the Information Security Officer.  All such access shall be based on the security principles of ‘need-to-know’ and ‘least required privilege’ and must be subject to ongoing monitoring and oversight by the Information Security Officer. Third parties are subject to all campus information security policies, standards, and processes.

Back to to Sacramento State Information Security Policy Website