When IT needs access to sensitive data, implement a policy with teeth
Source: TechRepublic
To effectively do its job, the IT department sometimes needs access to information others would prefer to keep to themselves. One solution is this simple policy, which guarantees complete discretion--on penalty of termination.
In the TechRepublic Discussion Center, a member asked for advice about drafting a document that defines IT's access to confidential data, and a host of other members expressed the same need. One IT manager stepped in with just such a document--a data access policy he created so that his staff could properly support the HR department even though sensitive information was involved.
Although situations vary widely, it's a safe bet that most organizations have faced a similar dilemma: Data owners have a responsibility (and in some cases, a legal obligation) to safeguard their information; the IT staff needs access to systems containing that information to keep the systems operational. If you've found yourself in such a spot, this data policy may be what you need. Because the policy must be signed by IT staff and goes in their personnel files--and because the consequences of revealing sensitive information are dire--this simple mechanism is effective at reassuring data owners and keeping the techs aware of the need for absolute discretion.Join the discussion of this download.
In the TechRepublic Discussion Center, a member asked for advice about drafting a document that defines IT's access to confidential data, and a host of other members expressed the same need. One IT manager stepped in with just such a document--a data access policy he created so that his staff could properly support the HR department even though sensitive information was involved.
Although situations vary widely, it's a safe bet that most organizations have faced a similar dilemma: Data owners have a responsibility (and in some cases, a legal obligation) to safeguard their information; the IT staff needs access to systems containing that information to keep the systems operational. If you've found yourself in such a spot, this data policy may be what you need. Because the policy must be signed by IT staff and goes in their personnel files--and because the consequences of revealing sensitive information are dire--this simple mechanism is effective at reassuring data owners and keeping the techs aware of the need for absolute discretion.Join the discussion of this download.
| Format: | WORD | Size: | 96.00 |
| Version: | 1.0 | Date: | Aug 2005 |
| Downloads: | 7952 |
