Vendor Access Policy for Networking & Computing

Resources for:

As the demand for access by on-site vendors increases, Fairleigh Dickinson University has created a Vendor Access Policy for Networking and Computing. The intent of the policy is to define the categories of non-employees that are on our campuses and provide rules and guidelines around their networking & computing needs. All business units should utilize the Contract Review Process which has been instituted by the Office of the General Counsel prior to initiating any of the below processes. Fully executed contracts that have been reviewed and approved may be requested by members of OIRT prior to providing any access for the non-employees below.

Effective Date: 3/1/2023
Last Revision: 1/14/2024

Contractors/Consultants

The University employs individuals from companies that perform work on behalf of the University and expressly for the University. Examples could be an employee from a staffing agency working within IT to augment the staff in assisting with a series of projects, or an individual hired from an agency to work within Human Resources to assist in processing forms. These individuals are hired under contracts and are held tothe terms and conditions of those contracts. In most cases, working as part of the University, these individuals need computing functionality identical to those of university hired staff, as they are acting on behalf of the University & fulfilling a role specific to the University. All work done by these individuals is part of the university’s data property, and therefore, these individuals should be provided with University issued devices such as desktop/laptop computers, landline phone extensions, etc.

Individuals hired from companies outside of the University to conduct business on behalf of the University must meet the following guidelines and are provided with the following access:

  1. The hiring manager or department head must complete an HR Personal Information Notice (PIN) to begin the process.
  2. Contractors/Consultants will always be issued a University NetID in the format of Firstinitial.Lastname@v.fdu.edu.
  3. Once the NetID has been created & communicated to the hiring manager, a Vendor Employee Technology Form must be completed if the contractor/consultant needs access to certain FDU systems. The form to be found in the Staff and Faculty Forms tile of SAMISupport.

SAMI Support

  1. All Contractors/Consultants are required to complete the Written Information Security Program (WISP) training immediately after an account is provisioned. Validation of completion is needed within the first 30 days.
    1. WISP training reminder on day 15
    2. WISP training daily reminder every day after day 15
    3. Disable account day 30 with an email sent to the manager
  2. All contractors/consultants must read and accept the following additional policies:
    1. Policy for the acceptable use of email
    2. Acceptable use policy for computer usage
    3. FDU alert policy
    4. Password policy
  3. Contractors/Consultants will be able to sign up for FDU Alert through Colleague Self-Service. Instructions can be found here:
  1. Contractors/consultants issued a university managed laptop/desktop are entitled to an email address without the vendor designation at the request of the hiring manager. This would be requested by the manager through the Vendor Employee Technology Form by clicking the “Convert Vendor NetID” box.

Note

It is strongly recommended that contractors/consultants be issued University managed equipment. Access to certain systems may be denied if personal equipment is used.

  1. Contractors/consultants must be terminated at the end of their contract using the same methodology utilized for current faculty and staff. It is the unshared responsibility of the managing department to submit termination paperwork per the HR process for any contractor/consultant who had been issued a NetID.

Volunteers

The University utilizes volunteers in non-paying positions during the school year. Examples of these roles include but are not limited to preceptors & chaplains. These individuals do not need access to any University systems with the exception of email. As such, they need access to Internet services & email but they do not require an FDU managed laptop/desktop.

Volunteers must meet the following guidelines and are provided the following access:

  1. Volunteers will be issued a NetID in the format of Firstinitial.Lastname@v.fdu.edu to be able to authenticate to FDU’s wireless network (and wired network in the future).
  2. Volunteers are required to complete the Written Information Security Program (WISP) training immediately after an account is provisioned. Validation of completion is needed within the first 30 days.
    1. WISP training reminder on day 15
    2. WISP training daily reminder every day after day 15
    3. Disable account day 30 with an email sent to the manager
  3. All volunteers must read and accept the following additional policies:
    1. Policy for the acceptable use of email
    2. Acceptable use policy for computer usage
    3. FDU alert policy
    4. Password policy
  4. Volunteers will be able to sign up for FDU Alert through Colleague Self-service. Instructions can be found here:
  1. All volunteer accounts will expire at the end of the fiscal year and must be renewed by their FDU manager by completing a PIN form.
  2. Volunteers must be terminated at the end of their contract using the same methodology utilized for current faculty and staff. It is the unshared responsibility of the managing department to submit termination paperwork per the HR process for any contractor/consultant who had been issued a NetID.

On-Campus Vendors

The University outsources various functions to entities (Vendors) that operate independently but work exclusively on our campuses and provide services for our faculty, staff & students. These employees are individually managed by their corporate entities and are largely held accountable by their corporate management.

While on campus, employees of these vendors might need access to the Internet to interact with their corporate websites or communicate with their corporate managers. In many cases today and in most all cases in the future, these employees will need to authenticate through the University’s network in order to conduct their business. The University has established a process whereby the Fairleigh Dickinson University department responsible for that vendor completes the Human Resource forms necessary in order to create a non-employee record within our Colleague system.

Employees of on-campus vendors must meet the following guidelines and are provided the following access:

  1. Vendor employees will be issued a NetID in the format of Firstinitial.Lastname@v.fdu.edu to be able to authenticate to FDU’s wireless network (and wired network in the future).
  1. Vendor employees will be able to add their contact information to FDU Alert by sending an email to fdunotify@fdu.edu
  2. All vendor employee accounts will expire at the end of the fiscal year and must be renewed by their FDU manager by completing a PIN form.
  3. Vendor employees must be terminated through FDU’s systems when they either are removed from their assignment at Fairleigh Dickinson University or are terminated by their employer using the same methodology utilized for current faculty and staff. It is the unshared responsibility of the managing department to submit termination paperwork per the HR process for any contractor/consultant who had been issued a NetID.

Elevated Vendor Privileges

From time to time, the employee of an on-campus vendor might have justification for having access to FDU email or a need to access systems and/or applications that reside behind FDU’s firewalls. If such a case is identified, the FDU department responsible for that vendor would need to contact the Director of Systems with a formal request for additional vendor access. The FDU department must present solid business justification for the elevated access. The Director of Systems will review each request and either approve or reject the request based on business needs and security posture. The Director of Systems might consult with the Data Security & Incident Response Team before providing an answer.

Employees of on-campus vendors approved for elevated access must meet the following guidelines and are provided the following access:

  1. Vendor employees will be issued a NetID in the format of Firstinitial.Lastname@v.fdu.edu to be able to access FDU’s wireless network (and wired network in the future).
  2. All vendor employees are required to complete the Written Information Security Program (WISP) training immediately after an account is provisioned. Validation of completion is needed within the first 30 days.
    1. WISP training reminder on day 15
    2. WISP training daily reminder every day after day 15
    3. Disable account day 30 with an email sent to the manager.
  3. Vendor employees will be able to sign up for FDU Alert through self-service. Instructions can be found here:
  1. All vendor employees with elevated access must read the following additional policies:
    1. Policy for the acceptable use of email
    2. Acceptable use policy for computer usage
    3. FDU alert policy
    4. Password policy
  2. If the vendor employee needs to access FDU systems and/or applications, issuance of a University managed laptop/desktop may be required. This would be at the expense of the requesting department.
  3. Upon departmental request, vendor employees will only be provided access to the specific University Systems and applications approved by the Director of Systems.
  4. All vendor employee accounts will expire at the end of the fiscal year and must be renewed by their FDU manager by completing a PIN form.
  5. Vendor employees must be terminated through FDU’s systems when they either are removed from their assignment at Fairleigh Dickinson University or are terminated by their employer using the same methodology utilized for current faculty and staff. It is the unshared responsibility of the managing department to submit termination paperwork per the HR process for any contractor/consultant who had been issued a NetID.

Last Modified: January 17, 2024