Vendor Access Policy

• Vendors will comply with all applicable The City Of El Paso policies, practice standards and agreements, including, but not limited to:
  • Safety Policies
  • Privacy Policies
  • Security Policies
  • Auditing Policies
  • Software Licensing Policies
  • Acceptable Use Policies
• Vendor agreements and contracts will specify:
  • The City Of El Paso information the vendor should have access to
  • How The City Of El Paso information is to be protected by the vendor
  • Acceptable methods for the return, destruction or disposal of The City Of El Paso information in the vendor’s possession at the end of the contract
  • The Vendor will only use The City Of El Paso information and Information Resources for the purpose of the business agreement
  • Any other The City Of El Paso information acquired by the vendor in the course of the contract cannot be used for the vendor’s own purposes or divulged to others·
• The City Of El Paso will provide an IS point of contact for the Vendor. The point of contact will work with the Vendor to make certain the Vendor is in compliance with these policies.
• Each vendor will provide The City Of El Paso with a list of all employees working on the contract. The list will be updated and provided to The City Of El Paso within 24 hours of staff changes.
• Each on-site vendor employee will acquire a The City Of El Paso identification badge that will be displayed at all times while on The City Of El Paso premises. The badge will be returned to The City Of El Paso when the employee leaves the contract or at the end of the contract.
• Each vendor employee with access to The City Of El Paso sensitive information will be cleared to handle that information.
• Vendor personnel will report all security incidents directly to the appropriate The City Of El Paso personnel.
• If vendor management is involved in The City Of El Paso security incident management the responsibilities and details will be specified in the contract.
• Vendor will follow all applicable The City Of El Paso change control processes and procedures.
• Regular work hours and duties will be defined in the contract. Work outside of defined parameters will be approved in writing by appropriate The City Of El Paso management.
• All vendor maintenance equipment on the City Of El Paso network that connects to the outside world via the network, telephone line, or leased line, and all The City Of El Paso IR vendor accounts will remain disabled except when in use for authorized maintenance.
• Vendor access will be uniquely identifiable and password management will comply with the City Of El Paso Password Practice Standard and Admin/Special Access Practice Standard. Vendor’s major work activities will be entered into a log and available to The City Of El Paso management upon request. Logs will include, but are not limited to, such events as personnel changes, password changes, project milestones, deliverables, and arrival and departure times.
• Upon departure of a vendor employee from the contract for any reason, the vendor will ensure that all sensitive information is collected and returned to The City Of El Paso or provide proof of its destruction within 24 hours.
• Upon termination of contract or at the request of The City Of El Paso, the vendor will return or destroy all The City Of El Paso information and provide written certification of that return or destruction within 24 hours.
• Upon termination of contract or at the request of The City Of El Paso, the vendor will surrender all The City Of El Paso Identification badges, access cards, equipment and supplies immediately. Equipment and/or supplies to be retained by the vendor will be documented by authorized The City Of El Paso management.
• Vendors are required to comply with all City Of El Paso auditing requirements, including the auditing of the vendor’s work.
• All software used by the vendor in providing service to The City Of El Paso will be properly inventoried and licensed.