Dow Jones SaaS 3rd Party Data Access Guidelines

The News Corp. Identity & Access Management Policy (dated Sept. 1, 2017) (the “Policy”) , News Corp. Information Protection Policy and Acceptable Use Policy (date Sept. 1, 2017) provides direction and establishes requirements for managing access to the Company’s information, information assets, systems, networks and associated services.

These Guidelines are intended to provide guidance and details to implement and supplement the Policy at Dow Jones to ensure that 3rd party data access is properly managed for SaaS applications.These guidelines apply to any Apps (includes Apps, plugins , addons, API etc) that allow 3rd party systems to access SaaS data.

System Owners

Apps, Plugins, Addons and APIs

  1. For any SaaS system, whitelisting shall be enabled by default. System owners shall be responsible for maintaining the whitelist.
  2. If whitelisting is not available in the SaaS system, the blacklisting shall be enabled. System owners shall maintain the blacklist and update the list when apps are identified as malicious.
  3. If whitelist and blacklist features are unavailable in the SaaS systems, System Owners shall maintain a list of acceptable apps for a SaaS.
  4. System Owner shall conduct due diligence before whitelisting an app/plugin and may reach out to Infosec for assistance.
  5. API/Plugins/Apps developed internally shall follow the News Corp. Secure Software Development Policy (Dated Feb 1, 2017)

Data Links

  1. For SaaS systems that allow users to share data in system with external users (e.g. google docs/sheets, dropbox folders), access shall only be given to 3rd parties that have an NDA with the Company and have been approved for remote access.
  2. External printing/saving shall be disabled unless System Owner receives approval from cybersecurity.

End Users

  1. Only install addons and plugins that are whitelisted.  Do not install addons and plugins that are blacklisted.
  2. If the SaaS System doesn’t have whitelist or blacklist, only install apps and plugins that are approved by System Owner.
  3. If you have concerns or are unsure of an addon or plugin, please contact vendors@newscorp.com for authorization and include the app and business reason.
  4. Limit sharing data based on the News Corp. Data Classification and Protection Policy (restrict sharing data classified as confidential and private).
  5. Review list of third party users (quarterly) with access to data or shared links and revoke their access as soon as possible.
* Copyright © 2025 Central Collaboration. All rights reserved.