Am trying to locate a sample security policy that specifically addresses the issue of vendor accessing customer’s network/data.