Does the individual assigned to your company have to sign a non-disclosure in addition to their sponsoring company? When asked to sign a non-disclosure agreement does someone from security go over the document with them to assure all questions have been satisfactorily answered? You must determine your approval process in order to assure proper access. Who can authorize a temporary, consultant or third-party vendor? Is it the sponsoring manager? What safeguards are in place to assure they receive only the information necessary in order to perform the job they were hired to do? Is there a different naming standard for non-employees? Are data owners and guardians involved in the approval process if the information is under their control? Do you have an information security policy, which defines what information is classed at? Do non-employees who are granted access (such as electronic mail) automatically receive "Internal Use Only" information? Are third parties advised this information is not to be released outside of the company? Where are the third parties physically located? Will development be at a remote site or on site? What controls are in place to assure information and development is secured? Are consultants temporaries who develop or modify applications or documentation your company is the legal owner of? This should be clearly agreed upon in writing before any development is undertaken. What kind of screening mechanisms does your company use to assure the third party is who they said they are? Vendors, consultants and contractors should have the same hire-on criteria used for employee selection (including background verifications) and should be held fully accountable for their actions and responsible on your systems.
Dig Deeper on Information security policies, procedures and guidelines
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.