Using the Internet at work
Discussion
Flooble said:
Work is still generally a task which requires concentration and effort.
Ha!Flooble said:
Bear in mind also that most large corporates will have compliance requirements and even small firms supplying those large corporates are likely to have to comply with the same mildly bonkers IT Security policies full of auditing and control requirements - SAS70 and later iterations, primarily there to justify lots of auditors and other people who the big consulting & outsourcing firms can supply.
All the same. Except for when it's ISO27001, or PCI, or... I've always just said "no, thanks". Most companies I've worked with seem to get away without it at least for the duration of a contract with a token nod to pretend to consider it next time. I'd imagine if you're closer to finance you probably wouldn't get away with avoiding it so much.
768 said:
I'd imagine if you're closer to finance you probably wouldn't get away with avoiding it so much.
This is the crux of it. If your service is providing or supporting a control that is relevant from a financial perspective then it would be expected that you are operating yourself with appropriate controls. Outside of this then it is very rare that anything would be prescribed and any vendor would be well served to tell a customer to bugger off. We work with around 1/3 of the FTSE 100and have never had anything like this opposed on us, or our customers impose this stuff on their suppliers outside the scenario I described. I work for a small company <20 people. Pretty much everyone uses the internet for personal reasons any time they like. Staff are often watching sports like tennis or F1 on beside their work. One always seems to have Facebook open, one just looks at news websites, I'm usually on PH although don't post when at work as I don't want them to know my username on here. We all get the work done, so no harm really.
Company policy from memory states it is allowed for 'reasonable use'. I think the general unwritten rule is don't let it get in the way of your work and then it's OK though. We have waves of being very busy and some sitting around, so internet use varies accordingly I've noticed.
Company policy from memory states it is allowed for 'reasonable use'. I think the general unwritten rule is don't let it get in the way of your work and then it's OK though. We have waves of being very busy and some sitting around, so internet use varies accordingly I've noticed.
bga said:
768 said:
I'd imagine if you're closer to finance you probably wouldn't get away with avoiding it so much.
This is the crux of it. If your service is providing or supporting a control that is relevant from a financial perspective then it would be expected that you are operating yourself with appropriate controls. Outside of this then it is very rare that anything would be prescribed and any vendor would be well served to tell a customer to bugger off. We work with around 1/3 of the FTSE 100and have never had anything like this opposed on us, or our customers impose this stuff on their suppliers outside the scenario I described. a) We only have one developer
b) We don't have any operations staff
c) We don't host any services for you (or anyone else) so why would you care who looks after our solitary network attached storage device?
I was about to try and write some convoluted "policy" document (the guys I have dealt with do love their documents) which tried to meet his demands while stating the reality. Instead I've just filled in 100-odd rows of demands with "No" :-)
I'll be back next week when this backfires on me
Gassing Station | Jobs & Employment Matters | Top of Page | What's New | My Stuff