 DigitalXeronThere is a lack of sanity
join:2003-12-17
Hamilton, ON | User requests and exceptions All,
I just got through reading the regular BOFH article here ( »www.theregister.co.uk/2012/11/09···sode_11/ )
And it has an excellent point in that exceptions create problems. A user (be it internal or external) "just this once" wants to do something, meanwhile that item becomes longterm and becomes an attractive item for other users to request, then before you know it, your whole company is no longer within the prescribed policy.
Management tends also to make this difficult, personally while I am myself in a position of management of an organization and actively enforce the IT policies, I find that a lot of management from other organizations unwilling to enforce the IT policies they themselves have developed/signed off on because often times they have been excepted from policy, have written themselves as special cases or it just would create too much headache for them from complaining employees/customers.
On the same coin, other side, from an operational standpoint, it's easy to enforce policy when management is behind you, but what do you do when such goes out the window?
I started this thread interested to hear other's experiences in this ongoing issue: What do you do beyond the obvious of citing the policy when faced by a complaining user (who perhaps is management in themselves)? Any examples you can share?
--
--Kradorex Xeron
[an error occurred while processing this signature] |
|
 PToN
join:2001-10-04
Houston, TX | Policy enforcement is the most difficult thing i have ever done. And it is not still completed.
I have to design 10 different versions of the same policy and apply the policy by departments, as each department may operate different from others.
Upper managers are not always behind them, they just want something done so as long as the user says "i need this to complete my job" the user will get it with nothing i can do.
All i do is record the event and when it backfires, i show them why, when and who authorized even when IT voted against it.
It is truly a pain in the a$$. |
|
 DC DSLThere's a reason I'm Command.Premium
join:2000-07-30
Washington, DC
kudos:2
 ·Covad Communicat..
·Verizon Online DSL
| reply to DigitalXeron
If someone wants me to allow an exception, regardless of whether I or the rest of IT concur, I require they get their top-level person to put the request in writing, noting the objections and reasons to not do it, and agreeing to accept full responsibility and costs/chargebacks if things go kaflooey. I changed my policies a while back and now my fee triples if someone needs me to undo something I advised them not to. Seeing in writing that they are on the hook if it goes boom deters quite a few of them. Those who proceed usually find out in short order that not listening to Papa Bear is not a good idea.
--
"Dance like the photo isn't being tagged; love like you've never been unfriended; and tweet like nobody is following." |
|
 KilroyPremium,MVM
join:2002-11-21
Ann Arbor, MI | reply to DigitalXeron
said by DigitalXeron:On the same coin, other side, from an operational standpoint, it's easy to enforce policy when management is behind you, but what do you do when such goes out the window? This is the key. If management doesn't support the policies there isn't much difference in not having a policy.
The policy has to apply to everyone equally. If you have a policy that says no personal printers, network printers only. The first personal printer that shows up and is supported is the start of the fall. That applies to IT also. We have to be held to a higher standard. We can't pull the do as I say and not as I do.
--
“Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.” ¯ Robert A. Heinlein |
|
| reply to DigitalXeron
Posting this as ANON just in case.
I currently work for a CTO that has made it very clear that POLICIES are an inconvience to the end users and we are to have a few as possible, and the few that we have are OPT-IN.
So I have an enviornment where the users rule and any common sense and security practices have long been thrown out the window.
And you wonder why companys continue to hacked, its because of management like this as I am sure this CTO is not alone.
I have been written up more than once the last couple of years trying to enforce even basic policies. |
|
|
|
| Time to bail. |
|
 exocet_cmI am the law - Judge DreddPremium
join:2003-03-23
New Orleans, LA
kudos:2 | reply to DigitalXeron
For my non-profit IT gig, management supports everything the other admin and I do. If it is in the policy it gets enforced. If it isn't then the "CEO" has to approve it. No exceptions except for emergencies (like actual emergencies not "I need this font downloaded using FTP" kinda emergency).
For my regular day job, the other admin and I are our management. It is easy for us to look across the desk and change policy. We have no written policy specifically for IT but do have rules concerning data storage (which is a lot of our job). We report to non-technical supervisors who don't care what we do as long as we don't break things (because damages can be costly).
--
"I have measured out my life with coffee spoons..." - T.S Eliot
"I have often regretted my speech, never my silence." - Publilius Syrus
Ma blog: »www.johndball.com |
|
