Management of the Services that Provided by Third Parties

The purpose of this policy is to ensure that the university manages information security risks that may arise from the activities of third parties providing services to the university. 

This policy applies to all members of UTAS-Sur, whether on a temporary or permanent basis as well as any third parties working with or contracted by the university, it covers all environments where the university’s information systems are operated.  

Information Systems and Educational Technologies Center.

Assistant Vice Chancellor for UTAS – Sur .

Any violation of this policy by all members or third parties (suppliers, contractors, business partners, etc.) will be subject to disciplinary and legal actions in accordance with the laws of the Sultanate of Oman, including regulations related to cybersecurity, university’s policies, labor laws, and electronic transactions.

 Contract Management: 

A formal contract must be signed between the university and all third parties providing services or using the university’s information systems. 

 

 Information Security Controls: 

The information security policies and procedures of the university must be provided to contractors/suppliers who must acknowledge and comply with them. 

 

 Service Approval: 

The university reserves the right to approve or reject any services provided by third-party employees based on their technical competence, operational capabilities, security considerations, and any other relevant factors that may pose risks to the university. 

 

 Information Exchange: 

The university requires all third parties to sign a formal confidentiality agreement before sharing its information with them. 

 

 Performance Management of Third Parties: 

In the event of a breach by a third party, the university’s management has the right to take the necessary actions in accordance with the signed agreement with that party. 

 

The university departments that receive services from third parties are responsible for monitoring and reporting on the performance of those parties in accordance with contract requirements. This is done to provide feedback and improve service levels from third parties. 

 

This policy shall take effect from the approval date