Issue 93 
15th September 2003
 
  Useful links

Discussion Forum

Solution Providers

Upcoming Events

Glossary of Terms

Links

Resources

Case Studies

Openup.ie
 

ABOUT THIS NEWSLETTER

eBusinesslive is published by Enterprise Ireland. If you have any comments or ideas for future topics please email @
ebusiness@enterprise
-ireland.com
 

To subscribe to the eBusiness newsletter:
 

To unsubscribe from the eBusiness newsletter:
 

 

Archives

To read previous issues of eBusinesslive please visit our archive.
 

Unable to click through?

If you are not able to click-through to the full article, it may be because your systems administrator has disabled Internet access. Please either contact your systems administrator or click here to email us outlining your problem, for further assistance.
 

DISCLAIMER

This information has been provided by Enterprise Ireland and by third parties for information purposes only. While every care has been taken to ensure that the content is useful and accurate, Enterprise Ireland and any contributing third party shall have no legal liability or responsibility for the content or the accuracy of the information so provided, or, for any loss or damage caused arising directly or indirectly in connection with reliance on the use of such information. Copyright © 2003 Compiled for Enterprise Ireland by Inspiration.
All rights reserved
 

You can contact any Enterprise Ireland staff member worldwide by emailing firstname.familyname@
enterprise-ireland.com

 
 

The Programmes of Enterprise Ireland are co-funded by EU Structural Funds.
 

3rd Party Access - Keep Control!

Allowing an external party, such as a customer or supplier, access to your systems can have many advantages; business processing may be handled more efficiently, costs may be reduced and your service offering may expand.

However it is essential that an effective process is put in place to protect your systems from the risks involved in 3rd party access. These risks are considerable and can include the loss of data, virus attacks and a loss of control over the handling of your company databases.

A considered approach is required to maximise the benefits and minimise the risks. Check out these simple pointers on establishing suitable but essential controls ……
  • Ensure your appointed Systems Administrator is involved at the outset and takes full responsibility for establishing secure 3rd Party access. It is likely that he/she will require training on the systems of the 3rd party. An understanding of the specific internal business issues that gave rise to the need for 3rd party access should also be given. And of course training in the latest industry developments which affect 3rd party security is essential.
  • Develop a Risk Assessment analysis; what are the risks versus the benefits.
  • Develop a detailed plan. This should highlight the objectives, detail the steps to be taken and document the proposed manner in which the risks are to be eliminated/minimised.
  • Document usage policies and make sure the 3rd party signs up to these.
  • Review the security standards of the 3rd party; if there are any weaknesses insist these are implemented before access is allowed.
  • Agree levels of authorisation with all parties; regularly review these and implement a procedure whereby expired authorisations e.g. a member of staff leaving, are removed on a timely basis.
  • Monitor user activity to be confident that your systems are being used in an appropriate manner.
  • Check the legal obligations of allowing 3rd party access.
For more detailed information, check out
http://www.netsecure.ie/ns/media/docs/bus_chapter5.doc