Company wants employee's passwords

B

BigCat

#21
In the really small company I work in, we have no internal IT, and a average outside IT vendor.

When I started the gal who was in charge of everything and supposed to be doing all the training got injured and was out of the office about 80% of the time for a three month period.

Her computer was the one that received the electronic faxes, the companies "[email protected]" emails etc and she outright refused to give her password when asked. (Found out it was a really embarrasing password, not the information she was protecting).

Problem was, work went to a standstill until she got around to coming in and logging on.

We now keep secured hard copy master list of all passwords.
 
Elsmar Forum Sponsor
A

andygr

#22
Guess what?
Just received an email from my IT folks today that my computer lease was up and in order to mirror my current stuff they need me to give them my windows log in password.
So I guess here our IT folks do not have passwords.
I told them I would sell it to them for 50 dollars. Will see how bad they want it:lol:
But
If you think about it they can resset passwords so if they realy wanted to access your system after your death or termination why they would not just reset your password and log in with that for the company systems?
 

Jim Wynne

Staff member
Admin
#23
Guess what?
Just received an email from my IT folks today that my computer lease was up and in order to mirror my current stuff they need me to give them my windows log in password.
So I guess here our IT folks do not have passwords.
I told them I would sell it to them for 50 dollars. Will see how bad they want it:lol:
But
If you think about it they can resset passwords so if they realy wanted to access your system after your death or termination why they would not just reset your password and log in with that for the company systems?
I think that in a lot of cases like this, including the OP's, there have been applications installed locally (to avoid paying for extra licenses that aren't necessary) and the user has invoked a password option in the program, thus the IT people (if there are any) wouldn't have them.
 

Wes Bucey

Quite Involved in Discussions
#24
I think that in a lot of cases like this, including the OP's, there have been applications installed locally (to avoid paying for extra licenses that aren't necessary) and the user has invoked a password option in the program, thus the IT people (if there are any) wouldn't have them.
There are some folks who have made a lucrative sideline (works especially well for underpaid contract workers who move from organization to organization) by reporting corporate software piracy.
The Software & Information Industry Association (http://www.siia.net/index.php?option=com_content&view=article&id=77&Itemid=7)
has this handy little excerpt on its site [emphasis is mine]
Corporate Anti-Piracy Program
SIIA pursues cases of software and content piracy taking place within an organization. This occurs when software has been installed or content is being copied and/or distributed by an organization without the proper license from the publisher. Those who report piracy taking place within an organization to SIIA may be eligible for a reward of up to $1 million.
My legal beagle training compels me to add the piracy must be instigated by corporate or organization leaders to qualify for "finder's fee," not just casual theft and add-on by an individual worker, of which many organizations have been known to miss in periodic reviews of networks and individual computers.

Candor also requires me to add the periodic organization-wide network and individual computer review makes sense to detect any spyware which may have been introduced by miscreants within or without the organization..
 

Jim Wynne

Staff member
Admin
#25
My legal beagle training compels me to add the piracy must be instigated by corporate or organization leaders to qualify for "finder's fee," not just casual theft and add-on by an individual worker, of which many organizations have been known to miss in periodic reviews of networks and individual computers.
I don't see anything on the SIIA site that says that piracy must be "...instigated by corporate or organizations leaders..." Did I miss something? Nor do I think that it's a matter of law, your "legal beagle training" notwithstanding.

Business managers can be held liable (in many instances) for things done by their employees, and when copyright violation is alleged in a civil action, it's generally up to the court to decide.

The Business Software Alliance is also active in anti-piracy efforts and has this to say in one of the PDF files on the linked page:
Many businesses, both large and small, face serious legal risks because of software piracy Under the law, a company can be held liable
for its employees’ actions. If an employee is installing unauthorized software copies on company computers or acquiring illegal software through the Internet, the company can be sued for copyright infringement. This true even if the company’s management
was unaware of the employee’s actions
.
(Emphasis added)
 

Wes Bucey

Quite Involved in Discussions
#26
I don't see anything on the SIIA site that says that piracy must be "...instigated by corporate or organizations leaders..." Did I miss something? Nor do I think that it's a matter of law, your "legal beagle training" notwithstanding.

Business managers can be held liable (in many instances) for things done by their employees, and when copyright violation is alleged in a civil action, it's generally up to the court to decide.

The Business Software Alliance is also active in anti-piracy efforts and has this to say in one of the PDF files on the linked page:
(Emphasis added)
I thought I was narrow enough in my post - the "finder's fee" is dependent on corporate involvement - i.e. corporation can not turn a blind eye to pirated software used on behalf of the organization. Of course, any entity (human or corporate) can be sued, but winning the suit is another matter entirely - there are many possible defenses. My legal beagle part comes from involvement with some client organizations which have been impacted (victimized?) by lax or non-existent policies about software usage. I did not act as an attorney, only a corporate strategist. Research on the topic has shown the whistleblowers only get finder's fees when the software association collects money from the organization. "Innocent" corporations who have been victimized by rogue employees using software which is not benefiting the business in some way (tacitly or actively approved by the organization leaders) almost always get off the hook by purging the software from their systems and agreeing to a period of oversight from the pirate seekers.

For the record, when a client organization has actively sought to circumvent software licenses, I usually counsel settlement and arbitration, not fighting, normally affirmed by the organization's corporate attorneys. When the organization is an innocent victim of rogue employees, the pirate seekers are very quick to recognize a no-win situation after the initial intimidation is rejected by a savvy organization backed by consultants and attorneys. The intimidators usually open with a demand for the sun and moon with a fence around them, but often settle for a brief ray of moonlight (not moonshine:biglaugh:)
 
A

amanbhai

#27
We have like 400 employees in our company and everyone has access to computer.
In our case, we change password every month as per the company policy. Somehow, company from its IT services knows every programme password. Therefore, there is no need for asking. :notme::notme::agree:
 
J

JaneB

#28
Management is asking employees to submit a list of all passwords they use to get into their programs. The information is to be held confidential in HR. (But if others have access to this, is it really "confidential"?) This all came about because someone here was absent/sick for several days. Important contractual information was emailed to them and no one else here had access to that information.
Bottom line: the information, the applications, the data and everything else belong to the company, not the employee.

There are some very good reasons for any company to want to have some kind of system in place to be able to gain access to its data, including having reasonable and robust arrangements in place to cover absences, illnesses etc. (You cite one example, some posters have shared others, I've seen a number of other cases, etc).

But it is quite reasonable if you are accountable for any use of your password to want good system in place that governs any access of passwords or a blanket 'no liability' assurance (in writing). One place I recall, for example, had each person submit their passwords in a sealed envelope that were then held under lock & key by the personal assistant of the head person - only for use in emergency, and very carefully controlled. I was happy to comply.
 

RCW

Quite Involved in Discussions
#29
Bottom line: the information, the applications, the data and everything else belong to the company, not the employee.
True and agreed with.

Now with that being said, have you ever dealt with the FDA and the aspect of 21 CFR Part 11?? How did that turn out?
 
Thread starter Similar threads Forum Replies Date
Ed Panek Other company wants to use our FDA 510K bundled with their product 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
A Defect Rate for asking for an RMA - Company wants an RMA for every defect found Supplier Quality Assurance and other Supplier Issues 10
M My company wants me to implement ISO 17025 in our laboratory ISO 17025 related Discussions 7
L QMS for Service Company - Top Management wants to take the role of QMR Quality Manager and Management Related Issues 5
P Pharma Company wants to become Medical Device Manufacturer EU Medical Device Regulations 10
S Software Company wants CMMI Software Quality Assurance 4
V ISO-13485 and ISO-9001 - Medical Device Company - Distributor wants ISO9001 ISO 13485:2016 - Medical Device Quality Management Systems 6
C My manager wants me to be the company "TS16949 Expert" IATF 16949 - Automotive Quality Systems Standard 7
A My Company wants to Implement ISO 9001-2000 and become Certified - The Big Start ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
W Small Company wants AS9110 Certification AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
C New Service Company wants ISO 9001 Certification - 20 People in company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 50
K Company will not register to ISO 9001 but wants TS 16949 for one product! IATF 16949 - Automotive Quality Systems Standard 8
M President of company wants ISO 17025 for testing - Warehouse distributor ISO 17025 related Discussions 3
H Company Wants To Pick and Choose what Customers to apply the QMS to ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
M Transferring ISO 17025 from one company to another ISO 17025 related Discussions 1
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
lanley liao Does all of the suppliers need to integrated into the supplier list qualified of the company? Oil and Gas Industry Standards and Regulations 2
F IVD registration in EU - Northern Ireland based company EU Medical Device Regulations 0
W Where does a coatings and paint company fall in IATF? IATF 16949 - Automotive Quality Systems Standard 5
A AS9100D - Clause 8.1 Operation - Coating service company AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
O Informational Ford Motor Company Customer Specific Requirements for IATF 16949:2016 - 08 Jan 2021 Customer and Company Specific Requirements 0
L Have been purchased by a corporate company ISO 13485:2016 - Medical Device Quality Management Systems 7
R Advice needed: Shall I report my not complying company to NB / competent Authority (Europe) EU Medical Device Regulations 6
lanley liao What shoud i do if our company top management has been changed. Oil and Gas Industry Standards and Regulations 8
S Malcolm Baldrige Company Dashboard Quality Tools, Improvement and Analysis 3
T IATF Rules for sharing production space with another company IATF 16949 - Automotive Quality Systems Standard 10
J Leveraging another company's ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 5
R MDEL and company affiliate Canada Medical Device Regulations 0
E Our company is planning to file MDD not MDR next month. Do we require to show chemical characterization report ? CE Marking (Conformité Européene) / CB Scheme 2
S Is QMS like a set of rules and regulations that a company follows? ISO 13485:2016 - Medical Device Quality Management Systems 10
E Contract manufacturer FDA requirements foreign company US Food and Drug Administration (FDA) 6
J How much to charge for helping a startup company with initial ISO 13485 certification? Consultants and Consulting 3
J Sister-company providing parts is only ISO 9001 registered IATF 16949 - Automotive Quality Systems Standard 7
D IATF 16949 Requirement for CMMI in a Global Company Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 0
T Help to Suggest name for a new certification and inspection company Coffee Break and Water Cooler Discussions 7
M Address change for a company with CE/ISO13485 EU Medical Device Regulations 2
M IT validation for a paper based MD repair company QMS ISO 13485:2016 - Medical Device Quality Management Systems 6
M QMS for a repair/servicing company ISO 13485:2016 - Medical Device Quality Management Systems 2
C Internal Audits in a tiny Dx Company Internal Auditing 33
T ISO 13485 - 5.5.1 Responsibility and authority - Small Company Independence ISO 13485:2016 - Medical Device Quality Management Systems 13
F Quality manual for trading company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
L Implementing the PRRC role in a company EU Medical Device Regulations 7
BeaBea ISO 9001 Customer Feedback Methods - What has worked for your company? Service Industry Specific Topics 17
M Customers Request AS9100 certification - Small Company (less than 20 employees) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
U Document Approval - Software company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
T EQMS for small medical device company ISO 13485:2016 - Medical Device Quality Management Systems 18
qualprod Corona virus Contingency plan - What have you done in your company? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 25
Q Must product name be listed the same name in FURLS, UDI, GUDID and Company Website? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
E Sharepoint for ISO 13485 QMS for small IVD company ISO 13485:2016 - Medical Device Quality Management Systems 11
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16

Similar threads

Top Bottom