Reply to: Security Clearance

I'm with Cojak on this. What we do (or did, in my case) is largely apply learned knowledge to a new client situation. The underlying framework may be consistent but it's how you apply it and how you sell it to the client's staff that is the hard part. Reusing your accumulated collateral is the only sensible way to do it., but obviously that collateral has to be anonymised.

Just for example, costing a service design for a proposal is the really tricky bit. I'm not about to re-invent my proven algorithms every time.

forethought and application is lacking in contractors these days.
But you're quite right. I also use my own templates where I can (A. They're usually better than the clients, and B. all old client references are removed already)

As a BA that’s my core, but I’m very careful to remove any metadata, logo’s and named references to ANY process work I reuse (my previous client is always ACME LTD…). I even bring in my own laptop in and use it tethered to my phone if necessary.

I have a whole folder library of this cleansed stuff. I create the updated first draft on my laptop and send it via myco’s work email to the client - that way they can’t say that I’d sent anything ‘out’. I just send stuff in and badge for the client.

I’ve seen experienced contractors get into very hot water with this while I walked away from projects squeaky clean.

It’s not hard to do - it just takes a little forethought and application.

The best case scenario is that it was incredibly poor judgement.

it's not their work you're emailing in though. In this scenario it's a solution from another client. Other client might not be so happy, and maybe that's why current client got upset as they realized that OP will steal their work as well.

Really?

Virtually every single organisation regardless of sector I've done contracts for state that you can't use personal email addresses for their work.

With the few organisations that have allowed me to use one of my limited company email addresses I've been warned that they if requested they have the right to audit it.

They don't block attachments as there are some situations where you have to deal with an outside source who sends attachments.

However you should be aware that every single email is monitored.

Don't understand why people use their mobile phone. (It clearly breaches the rules but you are less likely to get caught.)

never been told that.... If I was I would ask why they don't simply block attachments
Most of the value I bring is in the architecture and patterns I've used previously

They don't go into specifics but mailing documents to/from a work email address is a big no-no.

really?

I've done loads of training for finance companies, and not once have I been told I cannot bring other companies solutions to help them. All data protection training is focused on GDPR and protecting their own IP, not someone else's IP.
Maybe protection and lenders work differently to high street banks.

What is bizarre here... Despite any 'rules' that may or may not be in place....
No matter where I've worked, if I have a solution for a problem, the client doesn't give a flying fig if it's something I've used with another client.

As long as no actual IP of the old client is in the document this should be a non-issue. Even if there was any IP I wouldn't expect to do more than delete it. There's more to this than is being said. Not that it matters for SC

One of the very first things you do when joining a bank is to undergo hours of training that make it very clear you do not do things like this.

Out of interest has this prevented you from working in financial services?

When I worked on the desk at an American bank one of the sales people was about to quit and decided he wanted to take his contacts with him.

This genius who was probably on the best part of £500k with bonus thought that if he mailed the list as white text on a white background to his personal email address then he wouldn't get caught...

If it's an old one and it doesn't say that on the new one then I'd guess no.