What are the best practice(s) for vendors who need occasional access to company server files?
What are the best practice(s) for vendors who need occasional access to company server files?
We have a employee who is seeking a vendor of hers have access to files on the server. He has his own laptop. We are a HIPAA related facility.
What would some reliable suggestions be for vendors to securely access server files?
My first two questions are:
(1) How is this "vendor" going to be accessing files?
Onsite?
Remotely (VPN, etc)??
(2) Is this "vendor" in a HIPPA covered entity?
https://www.hipaajournal.com/covered-entities-under-hipaa/
(1) How is this "vendor" going to be accessing files?
Onsite?
Remotely (VPN, etc)??
(2) Is this "vendor" in a HIPPA covered entity?
https://www.hipaajournal.com/covered-entities-under-hipaa/
ASKER
Good questions.
I setup up a NAS device the staff can share with vendors and only what's essential for the vendors to access. The NAS would be on its own independent network yet, fully accessible to the staff.
Some vendors will be HIPAA related hence, covered entities --some not.
I setup up a NAS device the staff can share with vendors and only what's essential for the vendors to access. The NAS would be on its own independent network yet, fully accessible to the staff.
Some vendors will be HIPAA related hence, covered entities --some not.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Read is better served in a controlled environment, like a webserver, with credentialed MFA access, that's only accessible through VPN.
Read/write could be cloudlike portal, or if none is available, just Windows Networking to a special shared drive where you can't dig deeper (meaning it's already the most drilled down folder). Again, ONLY accessible through VPN (with VPN access having MFA enabled).