A network system formed through the connection of two or more corporate intranets. These external networks create inherent security risks, while often also meeting important organizational goals. An extranet opens a backdoor into the internal network and provides a third party with a level of trust. While these risks cannot be eliminated, they can be assessed, managed and mitigated. The foundation of this management is a thorough and detailed e-business contract that specifies who may access data, what data will be accessed and what security controls the partner has in place. It should also detail how shared devices will be managed, procedures for cooperating with technical staff in the event of problems and escalation procedures for resolving difficult technical problems.
Reference(s) in IAPP Certification Textbooks: F86-87