A 4-page generic information security policy concerning third-party IT support, maintenance and related services.
Giving IT system, information services, software and other suppliers, support and maintenance people unfettered access to the organisation's IT systems and data is risky, potentially even reckless, without the appropriate information security controls in place. The information risks should be identified, evaluated and treated in the normal way.
Note: now is a good time to do this. Don't look back after an incident, wishing you had dealt with it earlier!
Delivered as an editable MS Word document, easily customized for your organization's specific needs.