Hi Kim,
We have a tiered system for vendors/suppliers, depending upon their function and what parts of the building they need to access in order to do their work. Depending upon their level of access, they will either be required to sign a confidentiality agreement or a vendor security briefing. Anyone with access inside the building will also be issued a badge that (depending upon badge color) will allow them access to certain areas. The badge must be visibly displayed at all times while they are inside the building. No vendor badge will allow access to either the server room or the mailroom.
Employees are issued either a yellow badge (regular employee) or a green badge (temporary employee). If the employee's job requires them to have access to the server room or the mailroom, their badge will be programmed to allow that access. Employees who do not need to access the server room or the mailroom have no access to those areas, and can only enter those areas when accompanied by an authorized employee.
Vendors who only work outside the building (lawn mowing, snow removal, window washers) are not required to sign anything, and are not issued any badge.
Vendors who need access inside the building for just a short time (dropping off paper supplies, delivering or picking up packages, or potential vendors coming for a face-to-face meeting with an employee) are issued a red badge. The red badge does not allow them access through any secured door. Their access would be only to hallways, restrooms, the lunch room, and the entry lobby. The red badge also means they must be escorted at all times by one of our employees. These vendors would not be asked to sign anything. They would leave a driver license or other photo ID at the security desk in the main entry lobby in exchange for their badge, and would get the ID back when they returned their badge and left.
Vendors who need unescorted access inside the building, including into employee work areas (which are behind secured doors), would be issued an orange badge, which would allow them to get through the electronically secured doors, and they would have to sign a confidentiality agreement. These vendors would include the cleaning crew, or electricians, or people who need to pick up outgoing mail, and people who install or repair doors or windows, or need access to the HVAC equipment on the roof. These are people who would not need to have access to confidential information in order to do their work, but might inadvertently see it on desks or overhear conversations that contained confidential information. If these people need access to the mailroom where mail is printed (such as vendors performing printer maintenance or repair), they would need to be accompanied while inside the mailroom.
Vendors who need unescorted access inside the building, and who also need access to confidential information, would include auditors or regulators. This might also include people who need access to portions of our network, such as our phone software system provider. These people would have to sign a vendor security briefing which provides more detailed restrictions, such as not transferring confidential info onto portable devices like thumb drives, not sending sensitive info outside of the network via email, and not uploading anything into the network without prior approval. These vendors would also get orange badges, and those badges would still exclude them from sensitive areas like the server room and the mailroom. Vendors who need access to the server room to perform their work would still get an orange badge and still have to sign the security briefing, but while inside the server room they would have to be accompanied at all times by an employee authorized to access that area.
------------------------------
Ivan A. Martin
Senior Contract Administrator
Iowa Student Loan
------------------------------
Original Message:
Sent: 07-28-2022 05:17 PM
From: Kim Beesler
Subject: Offboarding vendor questionnaire
Hello,
Not really sure how to do this, but here I go. I am looking for what other companies do when they have a vendor, i.e. IT company, Iron Mountain paper vendor, Air Condition repair personal, Terminex pest control, printer repair personal, etc., enters into a company building to do their job, what other companies do as far as making sure these types of vendors do not obtain any confidential informaion that could be lying around. Does the company have a policy that requires certain vendors to be escorted during their presents? If so, does it outline the types of vendors that need to be escorted and those that don't that they would like to share with me? Do you make them sign a Confidentiality Agreement once for the period of the contract or each time the vendor enteres the building?
I am trying to write up a document so that our staff can ahear to when a vendor enters the building what they are required to do.
Appreciate any assistance.
Original Message:
Sent: 07-21-2022 01:27 AM
From: Srinivasa Rao
Subject: Offboarding vendor questionnaire
Thank you :)
Original Message:
Sent: 07-20-2022 12:17 PM
From: Brittany Padgett
Subject: Offboarding vendor questionnaire
Hi Srini,
In the Offboarding a Vendor toolkit here, there's a checklist you may find helpful, so I wanted to pass it along. It includes questions to consider when terminating a vendor contract. Does anyone else have offboarding/contract termination questionnaires to share?
Thank you,
Brittany Padgett
Community Manager
Original Message:
Sent: 07-19-2022 01:32 AM
From: Srinivasa Rao
Subject: Offboarding vendor questionnaire
Hi,
Do anyone have a questionnaire for the contract termination/Contract expiry/Offboarding vendor?
Thanks & Regards
Srini