Fair enough .. and that's part of the risk assessment you do for conducting business at that level. Nothing too far wrong with it if you understand and accept the risk and have no legal/regulatory necessity to comply. There are other controls you may wish to put in place ... from a very basic level a paper based system of held records for use of particular credentials. For every solution there are many nuts to crack ... or cats to skin ... or something .. a
________________________________ From: John Aldrich [mailto:[email protected]] Sent: 27 August 2010 15:40 To: NT System Admin Issues Subject: RE: Password sharing policy A couple problems - our email is hosted, and while I can share email usernames/passwords, that's about all I can do. Second, we don't have a lot of money right now to spend on IT, or anything much. Third, we're privately held, and don't process credit cards so there's very little regulatory compliance of which I'm aware, that we could fall afoul of. From: Alan Davies [mailto:[email protected]] Sent: Friday, August 27, 2010 10:02 AM To: NT System Admin Issues Subject: RE: Password sharing policy What's wrong with sharing mailboxes, etc. instead so there's some prospect of auditing? Same with folder ACLs. If you have the money, there are enterprise solutions to ease the pain ... There's nothing I can think of that would cause me to allow an employee to do this. Particularly since it's a hard regulatory requirement not to. a ________________________________ From: John Aldrich [mailto:[email protected]] Sent: 27 August 2010 14:40 To: NT System Admin Issues Subject: RE: Password sharing policy Necessary evil among customer service here... We have people out one day/week on a rotating basis, and the person that is covering their area for them has to be able to log in as that user. I strongly discourage anyone outside that area from sharing their passwords, but we have no active policy regarding it. From: Bob Fronk [mailto:[email protected]] Sent: Friday, August 27, 2010 8:43 AM To: NT System Admin Issues Subject: OT: Password sharing policy Good morning list.... I am interested in seeing any written "password sharing" policies you have in place. It seems ours is written in Latin, since no one seems to understand it. I am going to draft a new policy, but would like to see how others handle this and get opinions from the list on how "big of a deal" sharing passwords is in other businesses. (Personally, I think it is a BIG deal) Thanks, BF ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
<<image001.jpg>>
<<image002.jpg>>
