Vendor Access to College Networks Policy
Establishes a procedure for vendors who need to access the SUNY Plattsburgh Network, electronically or physically.
|Policy Number||Policy Owner|
- 1.0 Purpose
- 2.0 Revision History
- 3.0 Units and Persons Affected
4.1 SUNY Plattsburgh, in order to protect its internal computer network, requires vendors and contractors to abide by rules and standards as outlined below.
4.2 Physical connection to the network.
4.2.1 Plans for network connections will be reviewed and approved by network operations before beginning work.
4.2.2 Any wiring (including patch cables) done or provided by the contractor or vendor will be installed and certified according to TIA/EIA, BICSI, and National Electrical Code standards. Wire map will be according to TIA/EIA 568B. All network wiring will be certified to a minimum of Cat 5E, or better, depending on the requirements of the equipment installed.
4.2.3 All terminations in the wiring closet will be in approved patch panels.
4.2.4 The final connection to the network in the wiring closet will be done by network operations, after reviewing the cable installation and certification to ensure that the cables will be patched to the proper switch port and vlan.
4.2.5 Any troubleshooting and testing after installation will be done with or by Network Operations to ensure the security of the network.
4.3 Remote and/or wireless access to the network.
4.3.1 Needs for off-campus access to secure, private networks will be coordinated with network operations.
4.3.2 Access to secure, private networks will be provided by Network Operations through a secure VPN server. Usercodes and passwords will be provided by network operations for the period necessary upon review of the access needs of the vendor. Network operations will maintain the VPN hardware and logging of accesses to the network.
4.4 Access to Computer Information Services controlled spaces and networks.
4.4.1 Because of implemented firewalls, access to software applications managed by Computer Information Systems (CIS) will require coordination with CIS. VPN usercodes and passwords to access these applications will be provided by CIS. Based upon a review of vendor needs, all VPN accounts will be available for a specific duration of access, and access will automatically expire at the end of that duration.
4.4.2 Vendor physical access to servers, located in Computer Information Systems, will only be allowed when accompanied by a member of the CIS staff.
- 5.0 Definitions
- 6.0 Responsibilities
- 7.0 Procedures
- 8.0 Forms
- 9.0 Appendix
- 10.0 Distribution and Training
For additional information about this policy, please contact the Policy Owner listed above.