Where do you draw the line ......

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

NetworkNinja replied

7 August 2008, 10:03
Originally posted by Dante View Post

Everytime a Line Mangler decides to circumvent one of my security solutions in the name of 'ease of use', i spend 15 minutes arguing my case, get it in writing to cover my hoop, then send an invoice to cheer myself up. It's the three tiered approach to change management.

The email trail is in place so I'm covered in that sense. I'm outta here next week but I just want to make sure this doesn't come back to bite me. We all blame the last person out of the door for everything that goes wrong.

Oh yeah, and the invoice has just been posted, ahhhhhhhh that feels better.

Last edited by NetworkNinja; 7 August 2008, 10:29.
Leave a comment:
Dante replied

7 August 2008, 09:50
Everytime a Line Mangler decides to circumvent one of my security solutions in the name of 'ease of use', i spend 15 minutes arguing my case, get it in writing to cover my hoop, then send an invoice to cheer myself up. It's the three tiered approach to change management.
Leave a comment:
Advocate replied

7 August 2008, 09:39
Repeat after me, all together now "Security is a business decision" as much as we hate to hear it. As long as you've made the risks very clear to the client and they still accept then that's fine. I've found that if you require the manager to formally accept the risk (i.e. assign it to his name and get a signature) they suddenly take them a little more seriously when they realise they're the ones in tulip when it all goes wrong!
Leave a comment:
oracleslave replied

7 August 2008, 09:33
Originally posted by DimPrawn View Post

stand on your cubicle chair and repeatedly shout "are you ******* mad!?!" at the top of your voice, until a very senior manager comes over, then hand over a printout of the daft request whilst openly weeping at his feet.
Leave a comment:
zathras replied

7 August 2008, 09:28
Originally posted by NetworkNinja View Post

Ok, here's the situation. Contracting to a large outsourcing company supporting one of their customers. For one of the projects I designed a multi tiered dmz infrastructure for a new fancy web channel. All nice and as secure as it could be on the given budget. The end client co has now made requests to accesss said server infrastructure in non-secure (and very stupid) ways that will turn my nice secure setup into a colander. Accessible from everywhere inside client co and from remote VPN connections without restrictions.

This is something I know is stupid, the people here know its stupid, even some of the managers at the client co know its stupid but still they are persisting. The manager in question doesn't want the bother of hoping from another controlled (jump off) server (apparently that takes too long !!!!!!)

Hence my question in the title .... Where do you draw the line?

Do you refuse to do the work and argue till your blue in the face (aren't we supposed to be the experts??) or just simple go ahead and do something you know will no doubt come back to bite you in a matter of weeks.

Do the work, but outline your issues in an email sent to the requester and BCC it to your own email account. In this way you can turn around and say I told you so when they inevitable go into rear-end posterior covering mode.

It is also worth working out a rollback plan so you can remove the changes when the other managers turn on tw*t when they find that their jobs are on the line because of tw*t.
Leave a comment:
LittlestHobbo replied

7 August 2008, 09:26
You could also say that you've spoken to the providers of your proffessional indemnity insurance, who have stipulated that you must have some documentation of the client request and your advise againt it.

Should sharpen their minds a little...

if the sh*t hit the fan I think you'd need evidence that you'd advised them against it as a consultant.
They could otherwise argue that you just did what they asked and didn't advise against, again making you liable for loss possibly

Last edited by LittlestHobbo; 7 August 2008, 09:29.
Leave a comment:
Old Greg replied

7 August 2008, 09:24
What they all said. Or you could walk if you don't want to be a part of it (but do it with grace if you do).
Leave a comment:
DimPrawn replied

7 August 2008, 09:23
stand on your cubicle chair and repeatedly shout "are you ******* mad!?!" at the top of your voice, until a very senior manager comes over, then hand over a printout of the daft request whilst openly weeping at his feet.
Leave a comment:
HairyArsedBloke replied

7 August 2008, 09:18
The beauty of e-mail is that it provides an audit trail.

Compose an e-mail where you state, in clear terms, the options and their implications and request formal instruction before you can proceed. Send this to the client co manager, but, more importantly, copy this to the manager at the level above.

Once you have done this, do whatever you are told and count the money.
Leave a comment:
LittlestHobbo replied

7 August 2008, 09:17
Get them to sign away any liability from you. If someone hacks in you could be liable for their losses..

When I get into those sought of waters thats what I usually suggest, the manager then sees that signing something makes him culpable and backs off...
Leave a comment:
TykeMerc replied

7 August 2008, 09:15
Write an email to the requesting manager with the following sections.

1. Replay his request and request clear clarification that it's exactly what he wants
2. Outline what the infrastructure was developed and built for in clear and simple terms
3. Outline the implications of the change request, be factual and not emotional.
4. Request confirmation that the change request is in fact what is required given section 3.

It's the clients infrastructure and if he puts in writing exactly what he wants then you will have your arse covered from any bites when things go all silly.
Leave a comment:
NetworkNinja started a topic Where do you draw the line ......

7 August 2008, 09:04
Where do you draw the line ......

Ok, here's the situation. Contracting to a large outsourcing company supporting one of their customers. For one of the projects I designed a multi tiered dmz infrastructure for a new fancy web channel. All nice and as secure as it could be on the given budget. The end client co has now made requests to accesss said server infrastructure in non-secure (and very stupid) ways that will turn my nice secure setup into a colander. Accessible from everywhere inside client co and from remote VPN connections without restrictions.

This is something I know is stupid, the people here know its stupid, even some of the managers at the client co know its stupid but still they are persisting. The manager in question doesn't want the bother of hoping from another controlled (jump off) server (apparently that takes too long !!!!!!)

Hence my question in the title .... Where do you draw the line?

Do you refuse to do the work and argue till your blue in the face (aren't we supposed to be the experts??) or just simple go ahead and do something you know will no doubt come back to bite you in a matter of weeks.
Tags: None