by Anonymous (not verified)
External contracting policy at the university

Here's a concise summary of the university's external contracting policy in English:

Objective: Ensure security, protection, integrity, availability, and privacy of information and IT systems when using external service providers.

Scope: All contracts with external providers (consultants, analysts, programmers, technical service companies).

General Policies:

  • Provider selection.
  • Critical service management.
  • Service continuity.
  • Information system audits.

University Duties:

  • Requirement determination.
  • Documentation and auditing.
  • Information management.
  • External employee management.
  • Effectiveness monitoring and evaluation.
  • Protection and control management.
  • Penalty compliance.
  • Separation of duties.

External Provider Duties:

  • Service Level Agreement (SLA).
  • Non-disclosure.
  • Prohibition of unauthorized modifications.
  • Information encryption.
  • Qualified personnel.
  • Systems protection.
  • Change management.
  • Business continuity plans.
  • Security incident communication.

Practical Simulations:

  • Acceptable Contracting (E-Learning System):
    • Requirement determination.
    • Service Level Agreement.
    • Continuous audit.
    • National team approval.
    • Service continuity assurance.
    • Result: Successful and secure project completion, improved educational service.
  • Unacceptable Contracting (Student Information System):
    • Unqualified recruitment.
    • Protection failure.
    • Failure to report incidents.
    • Lack of change control commitment.
    • Result: Security breaches, data loss risk, contract termination, and fines.

Recommendations:

  • Strict auditing.
  • Continuous training.
  • Strengthening sanctions.

Read more articles

Policy for using mobile devices within the university
Newer
Policy for using mobile devices within the university
Backup policy
Older
Backup policy
University Presidency
Anonymous (not verified)
1
min read
A- A+