Re: Confidentiality agreements and IT staff

[George Farah <george.farah () QUEENSU CA>]

Good day

As part of the personnel security evolution on my campus, working with legal counsel, I created three CNDAs. One for 
staff, one for  contractors and one for vendors. With engagement and collaboration with HR, and different constituents 
on campus, we moved on it with IT staff and those who had access to admin systems. From there we are progressing 
towards integrating in distributed recruitment processes to catch all as they come through the door, staff, faculty and 
students working with the university. 
I am a firm believer in the value of CNDA as a personnel security control.
  
Hope that helps 
Have a great day
George Farah, GIAC/GSEC Gold, CRISC, CISA
University Information Systems Security Manager 
Queen's University, 
Kingston, Ontario, Canada k7l 3n6
george.farah () queensu ca 




-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Seidl
Sent: March-29-12 9:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Confidentiality agreements and IT staff

Folks,

I'm curious if you currently require all or most of your IT staff to sign a confidentiality agreement at hire on a 
recurring basis, and if so, what your reasons for doing so are.

We've had one in place for new hires for years, and our business staff has asked if we can dispense with it as a 
general requirement for all IT staff. I've done a bit of review, and can't find a direct requirement to point to for 
people who don't have direct compliance related assignments.

Thanks in advance for your feedback and comments!

David

David Seidl, CISSP, GCIH, GPEN
Director of Information Security
Office of Information Technologies
University of Notre Dame
Notre Dame, IN 46556
(574) 631-7305
dseidl () nd edu