Inter-company networking includes an internal user (normally an employee) and an external user (one not employed by the company). Both legal and technical controls are needed in employing basic computer security when dealing with an external user. Appropriate legal agreements include contracts describing the work to be performed, confidential disclosure agreements if data to be shared is proprietary, and loan agreements if terminals or other hardware are loaned to the external user. Technical control measures will vary from system to system depending on the type of processor, the operating system, and the application. All external connections must be registered with the site administrator and fully documented. Risk categories are defined as high, medium, and low. Controls and required management approval are proportional to the risk. If equipment is loaned to vendors or other external users, basic physical controls, such as motion detectors and alarm systems, should be required. A certification review, including business controls review, connection review, and technical review, should take place before each medium- or high-risk connection goes into service to further ensure security of access.