Educause Security Discussion mailing list archives
Re: Confidentiality agreements and IT staff
From: Dennis Tracz <dntracz () UCALGARY CA>
Date: Thu, 29 Mar 2012 09:49:38 -0600
All of our IT, University Development Office & Research Accounting staff are required to sign a Confidentiality Agreement prior to being granted system access. The rationale here is that by virtue of their position they may be exposed to Confidential Information. This is still a paper based agreement. However, we are looking at combining this with an annual ethics & conflict of interests declaration (hopefully electronic). Personally I think that this on its own does very little to prevent or even deter unauthorized disclosure. It's more of an after the fact C.Y.A for audit/regulatory compliance & or grounds for dismissal. Dennis N. Tracz, CISSP-ISSMP, CISM, CGEIT Director, Information Security & Compliance University of Calgary Office: (403) 220-4010 Cell: (403) 305-4010 ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of David Seidl [dseidl () ND EDU] Sent: Thursday, March 29, 2012 7:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Confidentiality agreements and IT staff Folks, I'm curious if you currently require all or most of your IT staff to sign a confidentiality agreement at hire on a recurring basis, and if so, what your reasons for doing so are. We've had one in place for new hires for years, and our business staff has asked if we can dispense with it as a general requirement for all IT staff. I've done a bit of review, and can't find a direct requirement to point to for people who don't have direct compliance related assignments. Thanks in advance for your feedback and comments! David David Seidl, CISSP, GCIH, GPEN Director of Information Security Office of Information Technologies University of Notre Dame Notre Dame, IN 46556 (574) 631-7305 dseidl () nd edu
Current thread:
- Confidentiality agreements and IT staff David Seidl (Mar 29)
- Re: Confidentiality agreements and IT staff Valdis Kletnieks (Mar 29)
- Re: Confidentiality agreements and IT staff Bob Bayn (Mar 29)
- Re: Confidentiality agreements and IT staff Dennis Tracz (Mar 29)
- Re: Confidentiality agreements and IT staff Brian Helman (Mar 29)
- Re: Confidentiality agreements and IT staff Dennis Tracz (Mar 29)
- Re: Confidentiality agreements and IT staff Brian Helman (Mar 29)
- Re: Confidentiality agreements and IT staff Dennis Tracz (Mar 29)
- Re: Confidentiality agreements and IT staff David Seidl (Mar 30)