This page uses javascript to help render elements, if you have problems please enable javascript.
 
Skip to main content
 
 
 
 
 
 
 
You are now inside the main content area
 
 
 
left col

Cyber Services

Vendor Access Request

Secure Access for Trusted Partners

right col
 
left col
right col
 
left col
right col
 
 
left col

What is Vendor Access Request?

A Vendor Access Request is the formal process by which third-party vendors, contractors, or service providers request access to CSUF’s internal systems, data, or networks. This process ensures that all external access is authorized, secure, and compliant with university and CSU policies.

Vendor access may include:

  • Remote access to university systems
  • Temporary access for software support or maintenance
  • Access to sensitive or protected data for contracted services

 

Third-party vendors can introduce significant cybersecurity risks if not properly managed.

Access Requirements

Before access is granted, vendor must:

  • Sign a Data Use Agreement (DUA) or Confidentiality Agreement
  • Undergo a security review by the Information Security Office
  • Provide details about the scope, duration, and method of access
  • Use Multi-Factor Authentication (MFA) and secure connection methods (e.g., VPN)
right col
 
left col

Why is Vendor Access Management Important?

Third-party vendors can introduce significant cybersecurity risks if not properly managed. Effective vendor access controls:

  • Protect sensitive university data
  • Prevent unauthorized access or data breaches
  • Ensure vendors follow CSUF’s security standards
  • Support compliance with CSU, FERPA, HIPAA, and other regulations
  • Maintain accountability and auditability of external access
right col
 
left col
right col
 
left col

How to Request Vendor Access

Step 1: Submit a Request
Step 2: Security Review
  • ISO evaluates the request for risk, data sensitivity, and compliance
  • May require additional documentation or clarification
Step 3: Approval & Provisioning
  • If approved, access is provisioned with time-bound and role-based controls
  • Vendor receives instructions for secure login and usage
Step 4: Monitoring & Expiration
  • Access is monitored for unusual activity
  • Automatically revoked after the approved period unless renewed
right col
 
left col

Best Practices for Departments

  • Only request access for essential services.
  • Ensure vendors understand and follow CSUF’s Acceptable Use Policy.
  • Set expiration dates for all vendor accounts.
  • Notify ISO immediately if a vendor no longer needs access.
right col
 
left col
right col
 
left col

IT Help Desk Support

Faculty/Staff

Call: (657) 278-7777

Email: helpdesk@fullerton.edu

 

Students

Call: (657) 278-8888

Email: StudentITHelpdesk@fullerton.edu

 

IT Helpdesk Website

 

right col