 |
|
|
| > |
QUESTION POSED ON: 25 November 2003
Do you have any guidelines for allowing suppliers/vendors access to production data? What type of security should be in place? Do you know anyone who has done this and been successful?
|
|
| > |
EXPERT RESPONSE
We are playing with this idea as well. Obviously, access for
suppliers/vendors should be limited to precisely the data and functionality
they need to know. This is an area that we will continue to see
recommendations in the next few years due to many companies' emphasis on
Supply Chain projects.
The biggest hurdles I have uncovered are managing the user accounts from a
distance: how do we track users, turnover, and password management? I
have noted that many companies are turning to off-the-shelf provisioning
products that manage many of these 'opportunities' and allow for
distributed administation by a vendor delegate. My personal opinion is
that vendor access should be limited to functionality and data specific to
that vendor's business relationship. Furthermore, user accounts should be
"silo'd" in an associated user group and reviewed on a periodic basis
(hopefully automatically) for usage and access. Obviously, I suspect that
any organization allowing vendors access will have supporting legal and
contractual language that governs both use and the expectation of
confidentiality.
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
