Académique Documents
Professionnel Documents
Culture Documents
Page 1 of 6
King Saud bin Abdulaziz University for Health Sciences College of Medicine IT Services Department
Access to College of Medicine network facilities by third parties will not be provided until the appropriate measures have been implemented and a contract signed defining the terms for the connection. Third party access must be permitted only to the facilities, services and data, which are required to perform the specified tasks, as outlined to the MIS appropriate Network Manager/Administrator in the original request for access.
1.5 Security Conditions in Third Party contracts Third party access to College MIS facilities must be based on a formal contract, which must address the following issues: A description of each facility, MIS service or type of data to be made available must be included. Compliance with the published College Information Security Policy. Permitted access methods and the control and use of unique identifiers (User Ids) and passwords. A requirement to maintain a list of individuals authorized to use the service. A commitment such that all Third Partys granted access will inform the College in writing of staff changes that affect the integrity of security. This includes the rotation and resignation of employees so that the College can disable user-ids and remove / change passwords in order to secure its resources. Procedures regarding protection of College assets, including information. Responsibilities with respect to legislation including but not limited to the Data Protection Act. The right of the College to monitor and revoke user activity. Responsibilities regarding hardware and software installation and maintenance. The right to audit contractual responsibilities. Restrictions on copying and disclosing information. Measures to ensure the return or destruction of information at the end of the contract. Any required physical protection measures. Measures to ensure protection against the spread of computer viruses.