Third-Party Vendor Access
Overview
Third parties who access CSU information assets must be required to adhere to appropriate CSU and campus information security policies and standards. The CSU Information Security policy, which adheres to ISO 27002:2013, provides direction and support for managing third party relationships and guidance for granting access to third parties.
Are you eligible?
Current faculty and staff; system administrators in academic; and administrative departments can request vendor accounts.
Cost
There is no direct cost to you or your department.
Get Started
To request third-party vendor access or make changes to existing vendor account access, please see below for further instructions.
If a request is made for a new vendor account and vendor group, the SDSU Sponsor will create a ServiceNow ticket and provide the following information:
- SDSU Sponsor Name
- SDSU Sponsor Department
- New Vendor Representative: First Name, Last Name, Email Address, Phone, and Company, Access End Date of Vendor Account
- IP Addresses and Network Ports (e.g. 443 [HTTPS], 80 {HTTP], 3389 [RDP}, etc.) that the vendor will need access to
- SDSU Sponsor Name
- SDSU Sponsor Department
- Description of Changes Requested
- Existing Vendor Representative(s) to be deleted or
- New Vendor Representative to be added (provide first name, last name, email address, phone, and company, access end date of vendor account)
If a request is made for updates to existing access requirements, the SDSU Sponsor will create a ServiceNow ticket and provide the following information:
- SDSU Sponsor Name
- SDSU Sponsor Department
- Description of Changes Requested
- Existing firewall rules to be deleted or
- New firewall rules to add (provide IP addresses and ports)
Get Help
Submit a ServiceNow ticket. Access should only be activated on an as-needed basis and disabled when not in use.
Get Help
To request a service, create a ServiceNow Ticket and assign the ticket to “IT-ITSO-Help Desk”.
https://it.sdsu.edu/get-help
Report an Incident
Please contact the Information Security team immediately if you experience or are aware of any of the following: