Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Guidance of acceptable use for IT Technicians 1

Status
Not open for further replies.
n2nuk

n2nuk

IS-IT--Management
Dec 24, 2002
190
GB
I have recently recruited two new trainee's to our IT support team. The new recruits will be supplied with admin level access rights and hence will have full unrestricted access to our network.

Because of this I am currently in the process of writing guidance documents that explains the do's and dont's of being a techie for example not snooping in on users mailboxes or home directories etc..

This document will ensure where the boundaries are and will be protection for the trainee and the company should any abuse occur.

Does anyone have any guidance notes that they have been supplied or had to develop for similar circumstances?
I just want to make sure I cover all the areas i.e. file security, accessing the web, security on the network etc..

Thanks

Naz
 
Sort by date Sort by votes
Do you really want to give new trainee's domain admin access before they know what they are doing? I'd start them out with less access then gradually give them more when they've shown that they know what they are doing and won't abuse the power.

Denny
MCSA (2003) / MCDBA (SQL 2000) / MCTS (SQL 2005) / MCITP Database Administrator (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
Hi mrdenny

You are correct in asking the question, its something that I have questioned and have issues with, but the powers above me have deemed it OK for the trainees to have these priveliges, hence my belt and braces approach to ensure they dont do something they are not supposed to.

Regards

Naz
 
Upvote 0 Downvote
Do not make this a specific rule book. Like "Do not read HR Documents" because I'd just do a "Test Restore" which happens to be HR Data which has to be verified....

I would speak to the powers that be about increasing the level of audit in classified areas.

But the bottom line is a tech can do pretty much anything they like, if you don't trust a tech escort them off site. period!

You should use your current IT policy for the new starters with amendmends specific to their job role. The policy already states about internet, email, phone usage etc. This is an excert from the ne I wrote:

3. SYSTEM SECURITY
3.2 Accessing other computers and networks

A User’s ability to connect to other computer systems, applications, programs and any other electronic resource through the network or by modem does not imply a right to connect to those systems or to make use of those systems unless specifically authorised by the operators of those systems.

3.3 Accessing Other User’s Files

Users may not alter or copy a file belonging to another User without first obtaining permission from the owner of the file. Ability to read, alter or copy a file belonging to another person does not imply permission to read, alter, or copy that file. Users may not use the computer system to “snoop” or pry into the affairs of other Users by unnecessarily reviewing their files and e-mail.

Took me weeks to write...... oh the fun!

Iain
 
Upvote 0 Downvote
This is a good topic because there are a lot of kids entering the workforce that are absolutely unaware of things most of us would find blindingly obvious.

Print them each a copy of the Sage Code of Ethics (the diploma version is frameable.)

_____
Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]
 
Upvote 0 Downvote
Hi there,

Many thanks Spirit and MasterRacker, Its good to know that others do share these concerns.

Like you say most of these thing are obvious to experienced IT staff, I have been on a couple of the serious IT websites looking for guidance but did not turn up anything (ITIL, BCS, etc)

I am in the process of writing up my 'guidance' document, I hope you dont mind Spirit if I were to 'plagarise' your writings?

Thanks

Naz
 
Upvote 0 Downvote
Nah, there's a lot of these out there nowadays when I worte mine it was awful because the only things out there were written by lawyers that didn't know what a file server was!

Good luck

Iain

P.S. Do the inductions carrying a baseball bat! [cannon]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Cristian Nadu
  • Locked
  • Question
Procrastination among IT professionals...is this a real issue?
Replies
15
Views
1K
Cristian Nadu
Cristian Nadu
OCsurfer
  • Locked
  • Question
Tips on strategies for findind a new job. What has worked well for you? 5
Replies
11
Views
821
Saviom Software
Saviom Software
johnnygage
  • Locked
  • Question
Anyone gotten rid of their server monitoring system? 2
Replies
11
Views
380
fredericofonseca
fredericofonseca
kjv1611
  • Locked
  • Question
IT Support Tracking? 3
Replies
7
Views
299
holdmusic34
holdmusic34
johnnygage
  • Locked
  • Question
How do I ask for about two months off? 1
Replies
7
Views
826
johnnygage
johnnygage

Part and Inventory Search

Sponsor

Back
Top