General discussion


Access policy for technical staff

By Orgeon Tech ·
I could use some help regarding the development of a security policy for my sys admins and network staff.

My concern is that they have the highest rights of anyone, but how can I develop a policy that is clear about looking at things they shouldn't? I am concerned that they can looking at confidential informaiton that could be used for personal gain.

Do you have a policy specific to the admin's?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

It comes with the job

by TomSal In reply to Access policy for technic ...

We are nearly 100 employees large, so at larger shops I don't know what they do.

We have three "administrator" level employees in our MIS department, of which I am one.

We have a very simple policy in plain English regarding admin access policies - its barely one typed page long. It merely states in a paragraph the "authority" entrusted to the employee for the sake of performing specific job duties. Then the legalise kicks in. The admin needs to sign this document, they get a copy as well as HR.

Beyond that there's a confidentiality agreement that needs to be signed, that document is quite involved and nearly 4 pages typed.

I think that is good enough, we have yet to have a problem with an admin abusing their rights.

Of course since there's only 3 of us that kind of makes it easy to track anyway.

Bottomline - it comes with job. Don't hire someone who doesn't display professionalism for an admin position. If they are only responsible for System "X", don't even give them rights to systems "Y" and "Z".

Related Discussions

Related Forums