List: Security implications of approving third party access (authorizers/approvers only)?

For a full overview of the UCT role model for third parties, see: UCT role model for third parties

See also: Policy: Roles and responsibilities of Third Party System users

Authorizers/approvers must ensure that the correct role and only the required access is assigned to mitigate the following potential security risks and avoid unnecessarily wasting UCT resources:

Potential security risk

Mitigation

Incorrect internet access has been granted.

  • If your guest/third party is visiting UCT for only a few days, and only requires WiFi and internet access, do not register them as a third party.

  • Instead, register them for Guest WiFi Access. See: Wireless access for UCT guests

Incorrect role has been assigned.

Incorrect time period has been assigned to third party user.

  • Ensure that the time period is only for the duration of access required.

Incorrect identification has been provided.

  • Verify if the third party user ID/passport corresponds to the user’s actual ID/passport number.

User already exists in the Third party system.

  • Search the system for this person (in case another department has already registered them).