Managing Third-Party Access
At UniAPT, managing third-party access is a process marked by stringent control and careful monitoring. Our approach is tailored to ensure that access is granted based on necessity and in alignment with the principle of least privilege. Here's how we manage the different levels of third-party access:
Rigor in Granting Access:
Initial Vetting: Thoroughly assessing the third party's security posture, compliance with industry standards, and reputation.
Access Justification: Each request for access is rigorously evaluated. The third party must justify the need for access, detailing why it is necessary and what specific data or systems they need to engage with.
Approval Process: Access requests go through multiple levels of approval, including security teams and management, ensuring that only authorized and necessary access is granted.
Access Levels:
Full Access: Granted very selectively and typically reserved for trusted partners requiring deep integration with our systems. This level of access is constantly monitored and reviewed on a monthly basis.
Limited Access: The most common level of access, allowing third parties to interact with specific areas of our systems that are necessary for their role. This access is more controlled and restricted to certain functionalities.
View Only: This is the lowest level of access, usually granted to third-party services that need to view but not alter data. It's the most widely granted access, underpinning our commitment to data security and integrity.
Regular Reviews and Adjustments:
Access levels are not static; they are reviewed regularly. The frequency of these reviews and any changes in access levels are carefully documented and monitored.
We employ continuous monitoring tools to track third-party activities within our network, ensuring they adhere to the agreed-upon access levels.
Last updated