First, you should have non-disclosure agreements in place with every consultant that you work with. That agreement must be signed before the consultant starts any work for you. While this is just a piece of paper and won't secure your system for you, it will give you recourse down the road if security issues come up.
Second, you should also come to an agreement with the consultant, in writing, defining who owns the code that is developed while the consultant is working for you. That agreement can get confusing, and you should take some time to negotiate with the consultant. What you are trying to avoid is having the consultant develop new programs and features that they can then turn around and sell to their other clients while you have paid for the development expense. Complications can arise with code that the consultant brings in with him and installs on your system. That code clearly belongs to the consultant and it is being used for your benefit. Provision in the agreement must be made for give and take in this area. If the consultant develops some code that they then wish to use elsewhere, you should be able to work out some remuneration for your company for making the code available to the consultant.
While there are many special requirements for consultants, perhaps the most important one is remote access to your system. In the old days when consultants "dialed in" to connect to your system from a terminal emulator, security was tight. But, with today's networked world, that situation is quite different. Consultants these days connect to your system via the Internet and that brings new concerns. First, your system must be sitting behind a firewall. Then, the easiest solution, which works for a lot of installations, is to implement a Virtual Private Network (VPN). That will allow a secure connection into your house network. Once that connection is made, the consultant can connect to your iSeries to get their work done. I have such arrangements with a number of customers where I do consulting. With some, we use MS VPN while others have implemented Citrix. I'm sure there are other arrangements, as well. Take the time to investigate the best solution for you. Granting direct Internet access to your system is generally not a good idea -- unless you have strict controls implemented at the server exit point level and even then I have my reservations.
This article raises only a few issues involved. If you have more ideas in this area, let me know so I can share them in a future tip. If you have specific questions about this topic, e-mail me at email@example.com. All e-mail messages will be answered.
About the author: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.