Description
The university establishes personnel security requirements including security roles and responsibilities for third-party providers and monitors provider compliance.
Applicability
-
This Control applies to all information resource owners and unit managers.
Implementation
-
1
It is the responsibility of the information resource owner, or designee, to:
-
1.1
Establish and document personnel security requirements including security roles and responsibilities for third-party providers;
-
1.2
Require third-party providers to comply with personnel security policies and procedures established by the university;
-
1.3
Require third-party providers to notify unit managers of any personnel transfers or terminations of third-party personnel who possess university credentials, or who have information resource privileges within 72 hours; and
-
1.4
Monitor provider compliance.
-
1.1