asked on
Any legal reason to back my argument that the MD should not have access to the Administrator account
I have a slightly uncomfortable situation at work. We have a new MD who is an IT enthusiast and loves to want to know about solutions to issues. But his enthusiasm has grown to a point whereby he has demanded for admin passwords and administrator level privileges on all systems on the Network. I know this is not right as this gives him too much visibility into other people's dtat/communications. He has recently obtained the another system administrators login details into the E-mail Content Control System (thereby having the ability to all the e-mails that were sent from our Network and all that were sent to our network, including the subjects of such e-mails. The System Admin knows it was wrong of him to demand for this, but since he is the Boss, he found it difficult to say 'No'.
I have discussed the matter with the person who would be able to advise the MD against this practice, but even this mediator has said unless i can find something in the law which forbids this (rather that just something that says it is best practice), then he will find it difficult to explain to him why it is not acceptable.
Is there any statute in the law or something remotely resembling a legal position on this that i can pass to this mediator to help put a stop to this practice?
Do CEOs and MDs of other companies also demand administrator access privileges as well as admin accounts though their day to day tasks do not require them to have knowledge of the administrator accounts.
I have discussed the matter with the person who would be able to advise the MD against this practice, but even this mediator has said unless i can find something in the law which forbids this (rather that just something that says it is best practice), then he will find it difficult to explain to him why it is not acceptable.
Is there any statute in the law or something remotely resembling a legal position on this that i can pass to this mediator to help put a stop to this practice?
Do CEOs and MDs of other companies also demand administrator access privileges as well as admin accounts though their day to day tasks do not require them to have knowledge of the administrator accounts.
SecurityIT Administration
Last Comment
Gospodin Rasputin
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I'd tell the other doctors that he is getting access to their emails and patient info.
@DaveBaldwin I think the OP means Managing Director, not Medical Doctor...
Oh, you may be right.
:-)
ASKER
1. My users have occassionally asked me if their e-mails are monitored....so I sense people will soon lose faith in the integrity of our system.
2. Our system is well documented, the Managing Director is curious, he has an habit of connecting to the Servers using terminal services to feel around. We do not encourage self-service and there is always a tech support person to help, but he just seem to want to do things himself. And we all know how dangerous little knowledge is.
3. The approach suggested by ArneLovius above would suit us (well, not really as he is not a Technical Support person, rather a very enthusiastic user), but he does not just ask for ocassional admin acces, he specicically states that he requires admin rights to all deployed systems and including third party systems. I am afraid that the moment other employees find out he has this much access to the system,, their trust in the confidentiality of their data would be shattered.
2. Our system is well documented, the Managing Director is curious, he has an habit of connecting to the Servers using terminal services to feel around. We do not encourage self-service and there is always a tech support person to help, but he just seem to want to do things himself. And we all know how dangerous little knowledge is.
3. The approach suggested by ArneLovius above would suit us (well, not really as he is not a Technical Support person, rather a very enthusiastic user), but he does not just ask for ocassional admin acces, he specicically states that he requires admin rights to all deployed systems and including third party systems. I am afraid that the moment other employees find out he has this much access to the system,, their trust in the confidentiality of their data would be shattered.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
The Superior member of the Board who wished to take the matter up with him specifically told me he will need something that says 'it is illegal' rather than best practice recommendation'.
I guess I am stuck with this one then.
Thank all. I will split the points if no other input.
I guess I am stuck with this one then.
Thank all. I will split the points if no other input.