Having re-read the "Insider IT Hacker" thread, it dawns on me that nobody has ever sat down and actually written the SysAdmin code of ethics.

OK, fine, somebody probably has, but let's keep it fun and short.  Like maybe the "SysAdmin's 10 commandments" or something.  This should be a fun discussion, and perhaps when we're through, we'll have thought about our jobs, our responsibilities, and perhaps given someone else unfamiliar with what we do a little insight.

I'll start it off, with a couple of things that I think are important.

1) The SysAdmin will take personal responsibility in protecting data from both internal and external threats to integrity or privacy.
2) The SysAdmin will take personal responsibility in the implementation of disaster recovery, including backup functions.
3) While it is understood that the SysAdmin *can* view personal or confidential information, including documents, e-mails, and network traffic, (s)he will hold him/herself to a "higher standard", and only review that information when necessary.


What do you think?  I'm sure that my start could be re-worded more eloquently, but it's a place to begin.  Let's hear what you have to think about the SysAdmin Written Code of Ethics!

Just my 2¢
-Cole's Law:  Shredded cabbage

--Greg  http://parallel.tzo.com

MOst of these are more specific application of the first one:

The sys_Admin will not use his or her administrative rights to deliberately cause a problem for someone else in the organization. (I worked one place where the sys admin would deliberately change my code to make me look bad because he didn't want there to be two people who were familiar with the database) Personal feelings and corporate politics should not be allowed to interfere with the integrity of the system.

If leaving a position, the sys admin will willingly provide all information needed to continue to properly operate the system including passwords, locations of files, etc. This is not his/her personal information and it must be provided to the company when leaving.

The sys admin will not hide information by storing it on a home computer or some other place where it will be inaccessible to another sys admin. Nor will the sys admin ever copy company data to a non-company computer or allow anyone else to do so.

Just because something can be done doesn't mean it should be done! The sys admin will refuse to do tasks that would require him/her to negatively impact the security of the system and/or the integrity of the information in the system no matter who in the organizartion asks for this to be done. It is the sys admin's job to point out when things are a bad idea and refuse to do them when they would go from being a bad idea to an active danger to the organizations systems. This should be done even when the sys admin's own job will be at risk for refusing. Any such requests and refusals will need to be documented by the sys admin and provided to higher authority where available including the reasons for said refusals.

"NOTHING is more important in a database than integrity." ESquared

Here is a good start:  SANS Institute

--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886: How can I maximize my chances of getting an answer?
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

That's not bad... but it leaves some big holes as far as "job duties".  It's a good start for a code of ethics though.

Just my 2¢
-Cole's Law:  Shredded cabbage

--Greg  http://parallel.tzo.com

That's an interesting question.  I'm not sure that job duties belong in a code of ethics; it's up to the employer to determine those.  The ethical obligation of the Sys Admin is to their best to fulfill those job requirements.

--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886: How can I maximize my chances of getting an answer?
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

I'm not sure I agree CC.

In other positions I have been required to do things that I would see as against the code of ethics for a data provider. But it was within the job description my employer provided.

Fee

The question should be Is it worth trying to do? not Can it be done?

==> In other positions I have been required to do things that I would see as against the code of ethics for a data provider

Such as?

--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886: How can I maximize my chances of getting an answer?
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

I've been asked to provide subsets of data that show a completely different result.

This would have been used in negotiations to give our side an advantage - I find that unethical.

Fee

The question should be Is it worth trying to do? not Can it be done?

I agree, there is an ethical issue, but is it an IT ethical issue?

I first and foremost see it as possibly a management ethical problem - the request is, at least in my opinion, is ethically questionable.  That brings us to the IT aspect, or in general terms, the employee side of the question.  What are the ethical responsibilities of the employee when the employer makes an unethical request?  And the parallel question, is the employee capable of judging how ethical is the request?

--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886: How can I maximize my chances of getting an answer?
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein

The League of Professional System Asministrators has also published a code: http://lopsa.org/CodeOfEthics also conveniently downloadable in poster or diploma style.

_____
Jeff
It's never too early to begin preparing for International Talk Like a Pirate Day
"The software I buy sucks,  The software I write sucks.  It's time to give up and have a beer..." - Me

There was an interesting article in ComputerWorld the other week about IT ethics.  You can read it here:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9035481&pageNumber=1

They had some interesting points.  The one I found most interesting was that when you discover something illegal (like child pornography) you should report it to management, but that in most states you don't have a legal obligation to report it to the police.  The assumption is made that you report it to management and let management and legal sort it out with the law, if necessary.

I wonder how many people would go that route?

I suspect an ethical issue is an ethical issue. If I'm being asked to do something that I strongly believe is unethical then I will explain why I think so and why I don't want to comply. It's regardless as to whether technology is involved.

Fee

The question should be Is it worth trying to do? not Can it be done?

>The assumption is made that you report it to management and let management and legal sort it out with the law, if necessary.

Look where that got the Catholic bishops.

Ethical and legal are two different concepts. Perhaps legally you can report something to management and let them sort it out and you can't be held liable. That is not necessarily the ethical position. For instance, if the CEO of your company was committing fraud with the aid of the accounting department and you found out about it, would you simply report it to management? Or would you report it to the police? Would it make a differnce if you knew that the company was likely to go under and many people would have their livilihood and or retirment income affected if action was not taken (think Enron)?

"NOTHING is more important in a database than integrity." ESquared