Code of Conduct for IT Administrators

Introduction

Privileged access enables an individual to take actions which may affect computing systems, network communication, or the accounts, files, data, or processes of other users. Privileged access is typically granted to system administrators, network administrators, staff performing computing account administration, or other such employees whose job duties require special privileges over a computing system or network.

Individuals with privileged access must respect the rights of the system users, respect the integrity of the systems and related physical resources, and comply with any relevant laws or regulations. Individuals also have an obligation to inform themselves regarding any procedures, business practices, and operational guidelines pertaining to the activities of their local department.

In particular, the principles of academic freedom, freedom of speech, and privacy of information hold important implications for computer system administration. Individuals with privileged access must comply with applicable policies, laws, regulations, precedents, and procedures, while pursuing appropriate actions required to provide high-quality, timely, reliable, computing services.

General Provisions

  1. Privileged access is granted only to authorized individuals. Privileged access shall be granted to individuals only after they have read and signed this Agreement.
  2. Privileged access may be used only to perform assigned job duties.
  3. If methods other than using privileged access will accomplish an action, those other methods must be used unless the burden of time or other resources required clearly justifies using privileged access.
  4. Privileged access may be used to perform standard system-related duties. Examples may include:
    • installing system software;
    • relocating other individuals' files from critically overloaded locations;
    • performing repairs required to return a system to normal function, such as fixing files or file processes, or killing runaway processes;
    • running security checking programs.
  5. Privileged access may be used to grant, change, or deny resources, access, or privilege to another individual only for authorized account management activities or under exceptional circumstances. Such actions must follow any existing organizational guidelines and procedures. Examples may include:
    • disabling an account apparently responsible for serious activities such as: making attacks on root (UNIX) or the administrator account (Windows), or using a host to send harassing or threatening email, or using software to mount attacks on other hosts or engaging in activities designed to disrupt the functioning of the host itself;
    • disconnecting a host or subnet from the network when a security compromise is suspected;
    • accessing files for law enforcement authorities with a valid subpoena.
    In the absence of compelling circumstances, the investigation of information in, or suspension of, an account suspected to be compromised should be delayed until normal business hours to allow appropriate authorization and/or notification activities.
  6. In all cases, access to other individuals' electronic information shall be limited to the least perusal of contents and the least action necessary to resolve a situation.
  7. Individuals with privileged access shall take necessary precautions to protect the confidentiality of information encountered in the performance of their duties.

    If, during the performance of their duties, individuals with privileged access inadvertently see information possibly indicating inappropriate use, they are advised to consult with their supervisor. If the situation is an emergency, intervening action may be appropriate.

Authorization

Under most circumstances, the consent of the account owners should be obtained, if possible, before accessing their files or interfering with their processes. However, if good faith efforts to obtain consent are not successful, or would unduly interfere with performance of assigned duties, refer to any organizational guidelines or procedures for taking such actions without consent.

Notification

In either case, the employee or other authority shall, at the earliest possible opportunity consistent with law and other University policy, attempt to notify the affected individual of the action(s) taken and the reasons for the action(s) taken.

Recourse

If conflicts or disputes arise regarding activities related to this Agreement, individuals may pursue their rights to resolve the situation through other existing procedures. Such procedures would include relevant provisions of employment policies or contracts, student or faculty conduct procedures, or other such documents which pertain to the particular individual's affiliation with the University.

Agreement

Signature_____________________________ Date_____________________________
Print Name_____________________________
 
Supervisor_____________________________ Date_____________________________
Title_____________________________ Department
_____________________________
Approved by Vice President of Information Technology - Rev. 10/05/2004

Signers of this Document

Maintained by itweb
Last modified: Feb 06, 2006, 13:33 EST
[WPI] [IT] [Back] [Top]