My superintendent recently I approached me and asked what protections or policies were in place to ensure privacy and confidentiality of e-mails, documents, etc. in regards to the my role as the network administrator. Do your Network Admins need to sign a code of ethics? Or is the general operating procedure to trust them to do their job and stay out of business that is not related to them? I think the Superintendent was trying to ensure protection for the Network Admin if any accusations were to come up.
I never had to sign one when a company employee and, surprisingly, I've never had a client ask me to sign one now that I am consulting. I do make it clear in bids, though, that I make a data confidentiality pledge. If I hired am employee or subcontracted any work, I would include data confidentiality in the work standards section of our agreement.
I work for a law enforcement organization. Everyone here has signed the form that says I have read the employee handbook and will abide by its instructions. We can be disciplined, fired, or prosecuted for violating confidentiality.
We have policies and procedures in place we are required to read, but we were not required to sign anything. We also have auditing in place should there be any doubt that access is being used for nefarious purposes other than legitimate business. Quest has a good auditing software among their many products.
In thinking more about your question, I remembered one I had seen that was pretty good from Sans.org. https://www.sans.org/security-resources/ethics.php
Discuss This Question: 6  Replies