Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Consultants accessing the Data Center

Is it safe to allow consultants to have unfettered access to the data center regardless of company policy from an auditing stand point?
You must sign in to rate content.
(1 ratings)

Comments

RE: Consultants accessing the Data Center

"Safe" is the optimum word here. I have experiences with many consultants, most of which are very reliable. The key is to:
1) Legally bind the consultant with a Non disclosure Agreement and
2) Ensure a trustworthy reputable source.

Allow complete access
When there is a need for a consultant, I would not want to fetter their efficiency by placing restrictions and limitations on their access. This frequently can cause problems and solutions from more quickly being overlooked and costing more in the long run. For example Database issues may be caused by the content not being verified correctly and an inspection of the data would be revealed more quickly by direct inspection or diagnostics tools a consultant might have access to.

Safety in Numbers
One of my experiences is to always and constantly escort the consultant with qualified staff or team members. The learning transfer and extra security are frequently worth the resource time investment. This was a policy we added to our best practices guidelines and has proven very successful.

Learning Experience

Another security aspect is to document all activity of the consultant. Especially when a consultant is brought in for trouble or problem solving issues. Document steps performed to investigate, tools used and resolutions found. Additionally consultants are often a wealth of information for related or other similar topics that can come up in casual conversations and discussions. Document, Document, Document.
 
Michael348Observer at 6/29/2010 6:29:54 PM Quote
You must sign in to rate content.
(4 ratings)

RE: Consultants accessing the Data Center

I believe with proper approvals and non-disclosure agreements consultants can be given access. But the key is that the level of access should be commensurate to his job responsibility and the need for unrestricted access should be demonstrated if required.
varunkprasadLively at 7/24/2010 4:16:31 AM Quote
You must sign in to rate content.
(3 ratings)

RE: Consultants accessing the Data Center

I agree with varun, giving a consultant too much access is a slippery slope.  if i was performing an audit on a company that gave unrestricted access to an external consultant without a specific reason, that would be a red flag for me. 
Justin TomasLively at 9/3/2010 7:14:07 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Consultants accessing the Data Center

I believe if the Consultant has the correct approval(s) for access (of any kind) there is a specific reason.  It's unfortunate to have to think about the worse-case scenario; but a Consultant might be brought in for a forensic objective to evidence a Data Center anomaly.  It's possible that the reason the Consultant is present should be kept confidential.  I believe it's difficult to jump to any conclusions or pursue any actions beyond validating correct approval(s).
AAJullienSocial at 5/20/2011 7:33:01 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Consultants accessing the Data Center

I wish I had unfettered access. :-) Finding the right-fit for every universe is key.  It is possible that need-to-know may be broad.  Make sure you can clearly justify to an independent observer (i.e., regulators) that you follow a thought out process to determine access.
GcookzSocial at 7/1/2011 4:52:13 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Consultants accessing the Data Center

I wish I had unfettered access. :-) Finding the right-fit for every universe is key.  It is possible that need-to-know may be broad.  Make sure you can clearly justify to an independent observer (i.e., regulators) that you follow a thought out process to determine access.
GcookzSocial at 7/1/2011 4:52:13 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Consultants accessing the Data Center

I believe if the Consultant has the correct approval(s) for access (of any kind) there is a specific reason.  It's unfortunate to have to think about the worse-case scenario; but a Consultant might be brought in for a forensic objective to evidence a Data Center anomaly.  It's possible that the reason the Consultant is present should be kept confidential.  I believe it's difficult to jump to any conclusions or pursue any actions beyond validating correct approval(s).
AAJullienSocial at 5/20/2011 7:33:01 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Consultants accessing the Data Center

I agree with varun, giving a consultant too much access is a slippery slope.  if i was performing an audit on a company that gave unrestricted access to an external consultant without a specific reason, that would be a red flag for me. 
Justin TomasLively at 9/3/2010 7:14:07 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Consultants accessing the Data Center

I believe with proper approvals and non-disclosure agreements consultants can be given access. But the key is that the level of access should be commensurate to his job responsibility and the need for unrestricted access should be demonstrated if required.
varunkprasadLively at 7/24/2010 4:16:31 AM Quote
You must sign in to rate content.
(3 ratings)

RE: Consultants accessing the Data Center

"Safe" is the optimum word here. I have experiences with many consultants, most of which are very reliable. The key is to:
1) Legally bind the consultant with a Non disclosure Agreement and
2) Ensure a trustworthy reputable source.

Allow complete access
When there is a need for a consultant, I would not want to fetter their efficiency by placing restrictions and limitations on their access. This frequently can cause problems and solutions from more quickly being overlooked and costing more in the long run. For example Database issues may be caused by the content not being verified correctly and an inspection of the data would be revealed more quickly by direct inspection or diagnostics tools a consultant might have access to.

Safety in Numbers
One of my experiences is to always and constantly escort the consultant with qualified staff or team members. The learning transfer and extra security are frequently worth the resource time investment. This was a policy we added to our best practices guidelines and has proven very successful.

Learning Experience

Another security aspect is to document all activity of the consultant. Especially when a consultant is brought in for trouble or problem solving issues. Document steps performed to investigate, tools used and resolutions found. Additionally consultants are often a wealth of information for related or other similar topics that can come up in casual conversations and discussions. Document, Document, Document.
 
Michael348Observer at 6/29/2010 6:29:54 PM Quote
You must sign in to rate content.
(4 ratings)

RE: Consultants accessing the Data Center

"Safe" is the optimum word here. I have experiences with many consultants, most of which are very reliable. The key is to:
1) Legally bind the consultant with a Non disclosure Agreement and
2) Ensure a trustworthy reputable source.

Allow complete access
When there is a need for a consultant, I would not want to fetter their efficiency by placing restrictions and limitations on their access. This frequently can cause problems and solutions from more quickly being overlooked and costing more in the long run. For example Database issues may be caused by the content not being verified correctly and an inspection of the data would be revealed more quickly by direct inspection or diagnostics tools a consultant might have access to.

Safety in Numbers
One of my experiences is to always and constantly escort the consultant with qualified staff or team members. The learning transfer and extra security are frequently worth the resource time investment. This was a policy we added to our best practices guidelines and has proven very successful.

Learning Experience

Another security aspect is to document all activity of the consultant. Especially when a consultant is brought in for trouble or problem solving issues. Document steps performed to investigate, tools used and resolutions found. Additionally consultants are often a wealth of information for related or other similar topics that can come up in casual conversations and discussions. Document, Document, Document.
 
Michael348Observer at 6/29/2010 6:29:54 PM Quote
You must sign in to rate content.
(4 ratings)

RE: Consultants accessing the Data Center

I believe with proper approvals and non-disclosure agreements consultants can be given access. But the key is that the level of access should be commensurate to his job responsibility and the need for unrestricted access should be demonstrated if required.
varunkprasadLively at 7/24/2010 4:16:31 AM Quote
You must sign in to rate content.
(3 ratings)

RE: Consultants accessing the Data Center

I wish I had unfettered access. :-) Finding the right-fit for every universe is key.  It is possible that need-to-know may be broad.  Make sure you can clearly justify to an independent observer (i.e., regulators) that you follow a thought out process to determine access.
GcookzSocial at 7/1/2011 4:52:13 PM Quote
You must sign in to rate content.
(1 ratings)

RE: Consultants accessing the Data Center

I believe if the Consultant has the correct approval(s) for access (of any kind) there is a specific reason.  It's unfortunate to have to think about the worse-case scenario; but a Consultant might be brought in for a forensic objective to evidence a Data Center anomaly.  It's possible that the reason the Consultant is present should be kept confidential.  I believe it's difficult to jump to any conclusions or pursue any actions beyond validating correct approval(s).
AAJullienSocial at 5/20/2011 7:33:01 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Consultants accessing the Data Center

I agree with varun, giving a consultant too much access is a slippery slope.  if i was performing an audit on a company that gave unrestricted access to an external consultant without a specific reason, that would be a red flag for me. 
Justin TomasLively at 9/3/2010 7:14:07 AM Quote
You must sign in to rate content.
(1 ratings)

Leave a Comment

* required

You must login to leave a comment.