• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Multiple Contractors one Remote Access Account

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Multiple Contractors one Remote Access Account

    Hi,

    We are a group of 12-13 contractors that work under the name of a company.

    We do IT Consulting in multiple Local Authorities - at each of these we have VPN access with between 2-3 contractors being a 'named' user with logon access.

    We have been thinking that it would be simpler to have one logon under the name of the company, this would mean that an approved list of contractors could access the systems instead of having to get each person set up every time.

    Without ringing round all our clients and asking (in the immediate) does anyone know or know of any resources that can explain the potential governance issues around this?

    Thanks.

    #2
    I wouldn't be happy with a generic login, not auditable...

    Comment


      #3
      +1. Anyone with any semblance of security knowledge will tell you to do one....
      And the lord said unto John; "come forth and receive eternal life." But John came fifth and won a toaster.

      Comment


        #4
        Originally posted by Nicklt View Post
        Hi,

        We are a group of 12-13 contractors that work under the name of a company.

        We do IT Consulting in multiple Local Authorities - at each of these we have VPN access with between 2-3 contractors being a 'named' user with logon access.

        We have been thinking that it would be simpler to have one logon under the name of the company, this would mean that an approved list of contractors could access the systems instead of having to get each person set up every time.

        Without ringing round all our clients and asking (in the immediate) does anyone know or know of any resources that can explain the potential governance issues around this?

        Thanks.
        Originally posted by stek View Post
        I wouldn't be happy with a generic login, not auditable...
        WSS +1

        Generic ID's for use in production environments are a Bad Idea.

        If the clients Info Sec bods are at all on the ball they'll veto this on the basis that it becomes impossible to know who has had access to what at an individual level (I certainly would). LA's are twitchy about this stuff as they are getting more and more sensitive personal data to hold and process, especially now the Health and Social Care act has pushed NHS services out into LA offices.

        It also protects you as a company as it means that the individual contractors are accountable for their activities and if someone screws up you will know who it was.

        Finally, if you ring a client and they are any good, they WILL laugh at you and think you are a bunch of cowboys.
        "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

        Comment


          #5
          And what chance have you got of controlling it your end if you don't even know if you are 12 or 13?

          Comment


            #6
            Good grief - I wouldn't be happy sharing a login, that's a recipe for a ruined reputation.
            "I can put any old tat in my sig, put quotes around it and attribute to someone of whom I've heard, to make it sound true."
            - Voltaire/Benjamin Franklin/Anne Frank...

            Comment


              #7
              Originally posted by DaveB View Post
              Finally, if you ring a client and they are any good, they WILL laugh at you and think you are a bunch of cowboys.
              This +1.
              The Chunt of Chunts.

              Comment


                #8
                You aren't serious are you?

                If one of your employees decides to release information into the public domain or steal it to sell, how are you going to know which individual did it?

                Legally while you as a business are responsible for the data breach, the individual person is responsible for a criminal act.
                "You’re just a bad memory who doesn’t know when to go away" JR

                Comment


                  #9
                  The LA I worked at would insist that you use named accounts. It may seem like an overhead but it is a valid one.

                  Comment


                    #10
                    Originally posted by cojak View Post
                    Good grief - I wouldn't be happy sharing a login, that's a recipe for a ruined reputation.
                    Yes I wouldn't be happy too, the login it's personal and can't be shared for security reasons.

                    Comment

                    Working...
                    X