Limiting Access to information.

markleedsuk

Free Member
Aug 2, 2017
1
1
Hi,
I am new to the forum and have had a look to find my question already but can't seem to find the answer. My question relates to IT and the need for someone to look after our IT needs.

The company I have just joined which is a family business employ a company to maintain their computers and IT needs, they pay for the service and anything required is taken care of by them, they order all equipment through them. My question relates to access really, and the way everything is currently set up and levels of access. It seems that the IT company they use have access to everything, PC's, NAS drives, all employees and director email passwords etc, so that person/company has access to all the company information and everyones email, is this normal practice as I don't like the idea of someone having complete access to go in and out of emails as and when they choose.

Thanks in advance for any help

Mark
 
  • Like
Reactions: affiligate

Alan

Free Member
  • Aug 16, 2011
    7,089
    1,974
    It is normal.

    But is also important to make sure that you are comfortable the IT firm has appropriate processes and policies in place to protect your data and information and that staff just don't browse your emails for the sake of it ( which would be a breach by their staff of data protection rules ).

    And also important that you have appropriate controls, audits and automated notifications in place.
     
    • Like
    Reactions: affiligate
    Upvote 0

    Schnell Solutions

    Free Member
    Apr 22, 2015
    110
    22
    UK
    Agree with all of the above comments. IT companies who are responsible to maintain infrastructure need access so that they can help you accordingly.

    For what it is worth, you can get them to sign an NDA.

    I can understand them having access to storage, servers, etc. but I am not sure they need passwords to access to everybody's Email accounts....even if for some reason they need it for trouble shooting, etc. (which I still think is odd)....they can re-set the Email passwords and ask the users to change them once the issue is resolved.
     
    • Like
    Reactions: affiligate
    Upvote 0

    KM-Tiger

    Free Member
    Aug 10, 2003
    10,344
    1
    2,893
    Bexley, Kent
    all employees and director email passwords etc
    No that would not be normal, though depending on the set up access might be available at root/Administrator level.

    Users are often surprised that I cannot see what their passwords are. I can reset passwords if requested, but as said, would do so with the recommendation that they change again having got access.

    And to reinforce @Alan, if you are concerned, ask the company what policies they have in place to protect your data.
     
    Upvote 0

    Gecko001

    Free Member
    Apr 21, 2011
    3,255
    581
    The IT firm will be expected to keep be professional and that means maintaining confidentiality.

    The firm that the Op works for probably employs several professionals who know many confidential details of the firm's business and their employees. They probably have payroll companies or accountants who know exactly how much you earn and any bonuses or expenses you claim. The accountants will know who the firm's suppliers are and various financial details which competitors would love to know about. The firm has solicitors with whom they will discuss various confidential matters. Also, if HR consultants are employed they will give confidential information them as well about employees if necessary. Even if they employ an architect or surveyor to look at a possible extension to the premises, those professionals will be expected to keep any information given to them confidential.
     
    Upvote 0

    Latest Articles