Remote-access Guide

vendor remote access agreement

by Adolf Bayer Published 3 years ago Updated 2 years ago
image

Why do service providers and vendors use multiple remote access tools?

If a service provider or vendor introduces a security vulnerability to even one client, it can spell disaster for their business. Vendors often use multiple remote access tools because legacy tools can't meet all of their clients' needs, which can vary widely.

What is a vendor access policy?

This policy establishes vendor access procedures that address information resources and support services, vendor responsibilities, and protection of [LEP] information. Scope This policy applies to all [LEP] staff who interact, utilize, or manage vendor contractors who used [LEP] information resources. Policy GENERAL

What are the requirements for remote vendor access and password management?

– Remote vendor access must be uniquely identifiable and password management must comply with [LEP] password standards. [LEP] reserves the right to determine applicable virtual private network and encryption technologies used to access their systems and network.

What are the resources that the vendor accesses under the contract?

Resources that the vendor accesses Security measures vendor will take to protect [LEP] data Acceptable methods for the return, destruction, or disposal of [LEP] information under vendor control at the end of the contract

image

Why do vendors use multiple remote access tools?

Vendors often use multiple remote access tools because legacy tools can't meet all of their clients' needs, which can vary widely. Some require more advanced tiers of service while others have simpler or less frequent needs, impacting the way vendors need to interact with their various customers and systems.

What is the role of external vendors?

External vendors, outsourcers, and contractors play a vital and growing role in organizations, but when given access to your network and systems, they can be difficult to monitor and manage.

What is the biggest thing to think of in terms of having a relationship with a vendor?

The biggest thing to think of in terms of having a relationship with a vendor is that it only takes one for something to go wrong. A vendor is frequently seen as the path of least resistance for a bad actor to get into a network or multiple networks. Let’s look at the best practices associated with third-party remote vendor access.

Is a user account shared?

User accounts aren’t shared and every action is tied to an individual – helping ensure accountability and compliance. The platform restricts access to specific machines and ports on the customer side while leaving the technician connected to their own network.

What happens if you terminate a contract with Swedish?

Upon termination of the contract, agreement or other official business arrangement with Swedish, remote access will be terminated. Any hardware, including SSG tokens / fobs and Swedish-provided equipment, will be returned to the Swedish Information Service Department.

Can third parties access PHI?

Third parties may of necessity come in contact with Swedish production systems containing Protected Health Information (PHI). All vendors must file a Business Associates Agreement (BAA) with the Swedish Privacy Office before they can access Swedish PHI.

Do you need two factor authentication for Swedish systems?

Department of Health and Human Services for access to systems containing PHI and is required by the Payment Card Industry Data Security Standard (PCI-DSS v.2.0). Two-factor authentication is satisfied by “something you have” and “something you know” such as the SSG token plus the vendor’s assigned username and password.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9