IT Employment

General discussion


Technicians handling sensitive data

By brian_seader ·
I'm looking for samples or guidance on creation of a published policy which covers handling of sensitive or confidential data by a PC technician during routine service.

We're not so much looking for a confidentiality agreement that a technician would need to sign, more of document that IS publishes to business units and it's customers which covers policy in this area. The point isn't to address the controversy seen in the media recently regarding Tech's inadvertantly discovering pornography, more covering typical sensitive information.

Examples would be:
A system crashes and the technicans need to handle sensitive data during a recovery process.

During routine troubleshooting, documents or other material which may be seen by a technician.

Anyone have a sample of something given to the customer outlining their policy with respect to such data?

Thanks in advance!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

We don't have separate policies

by James R Linn In reply to Technicians handling sens ...

We do handle lots of information which is secret, and the government adds additional privacy restrictions on us.

But really, the policies should be valid for the rest of the company as well.

An admin assistant can see secrets, as can people picking up printoutsat public area printers, or documents left at photocopiers. We have libraries and document centres where very confidential information is stored in a non-electronic format.

We do ask that admins in the data centres have a higher level of clearance as do some others. But they don't have a different kind of document to sign or catagorization.

I would suggest that the approach to take is to see if existing rules can be reworked to take into account a technician's access.
And hire people you trust. If you find evidence for non-trustworthiness, get rid of them.


Collapse -

Clone policies

by generalist In reply to Technicians handling sens ...

One way to handle this is to clone the policies you use for the systems analysts, programmers and the end users. That level of personnel often has to sign documents that deal with security measures and confidentiality.

Once such things are signed, you will then need to reinforce the fact that people will be dealing with confidential data and should act accordingly. This reinforcement should apply to EVERYBODY, not just the techs.

I wouldn't be surprized if security breeches attributed to techs were actually caused by end users or others.

Related Discussions

Related Forums