Policy: Roles and responsibilities of Third Party System users

Purpose

There are three types of users of the Third Party System. The purpose of this document is to clearly define their roles, so that they know what is required of them.

Definitions

Applicable to

This document is applicable to all existing and prospective users of the Third Party System.

Roles and responsibilities details

The Third Party System is a web application accessed online by any UCT staff member with network access via a web browser (such as Edge, Firefox, Chrome or Safari).

In the UCT Third Party System there are two main end user roles: requesters and authorizers/approvers.

Each role is assigned a different level of access which enables them to perform a specific set of tasks. Each role has a different level of responsibility in the request and approval process. Users can belong to more than one role.

See also: UCT role model: third parties

Roles and responsibilities

Role	Described as...	Responsibilities	Related links
Requester (UCT community member)	A UCT staff member authorised to request access to physical or logical UCT resources on behalf of a third party. See also: Requester?	Request access to UCT logical and/or physical resources for a new or returning third party. Note: The requested access period for the third party should only cover the duration required to carry out their third party role.	Signing in or out Viewing an existing third party Requesting access for an existing third party Requesting access for a new third party
Authorizer/approver (line manager)	A role with access to approve third party requests made by UCT staff members (requesters) in their organisational unit (org unit). See also: Authorizer?	Prior to approval: review if the correct role is applied review if the user has the correct access, which will need to be within a specified period (maximum interval is six months, but shorter period may be specified according to period required) Approve third party provisioning requests from their staff members for authorised new or returning third parties.	Security implications of approving a third party account Signing in or out Viewing an existing third party Reviewing an access request for a new or existing third party UCT role model for third parties
System Administrator	A role which has access to all the functionality in the UCT Third Party System.	Ensure that those accessing the Third Party System are abiding by any applicable policies; Monitor site usage and ensure that the system is maintained, patched, and the data is secure allowing access only to those authorised. Update system parameters and configure the Third Party System.	ICTS policies and guidelines The UCT role model UCT role model for third parties

Related links

UCT Role Model: Third parties
Third Party System (external ICTS web site link)
Third Party System SLA (external ICTS web site link)
Third party sponsoring department procedures (external ICTS web site link)
Third party applicant (or existing third party) procedures (external ICTS web site link)
Frequently asked questions about third parties (external ICTS web site link)