Slashdot Mirror
Avoiding Liability While Fixing Employee PCs?
ellem asks: "The upper management team of my company has made a decision that the IT department will work with employee's home computers and laptops. Despite every possible explanation of liability and the loss of proprietary information, the decision was made in order to satisfy a 'need' that the employees have expressed. Many of our employees are, in fact, independent contractors and could go elsewhere with little impact to themselves. Upper management feels offering this service to our employees will separate us from our competitors, and is so committed to this that they have allocated a special budget for tools, software and new hires to handle this particular segment of IT. However, I am still rather worried about general liabilities. While I can keep the network relatively safe and guard against certain types of file transfers, the fear I have is a tech wrecking an employee's home machine/laptop - whether they actually do or the employee perceives that they did. Are any of your shops offering this type of extra service? Do you have any policies in place to protect your company from liabilities that could spring up?"
That said, you may want to have the aforementioned lawyer draft up a legal-looking piece of paper that says "In the event my computer or data is hozared by incompetent employees, I agree not to sue The Company..." bla bla bla.
I think you probably should look at the technical aspects, too. Establish rules for the fixit shop, such as "Never plug an employee's home machine directly into the company network." Your service shop should have a firewalled safe zone that can get to the internet, but not to your internal network.
Bring in an experienced repair shop manager. Get someone who knows how to set up and run a safe workbench, and who knows how schedules, policies, etc. work. Have them run as an independent agency inside your company. He doesn't have to turn a profit (duh) but should be responsible for maintaining service levels, providing estimates and setting prices (you're not GIVING away brand new replacement 512MB nVidia cards, are you?) and have purchase authority.
John
Could you possibly have employees sign waivers before having tachs work on their machines? I'm no Lawyer, but it seems like having them sign something to the effect of "We will do our best to fix it, but if we make a mistake you can't hold us liable. if you have any complaints we will look into them blah blah blah" should protect you.
echo YOUR_OPINION >
That was the most boring first post ever.
"What kind of music do pirates listen to?" -Paul Maud'dib
"Yeeeaaarrrrr n' Bee!!" -Stilgar, Leader of Sietch Tabr
It sounds like your trying to cover your ass legally, but isn't this really an issue of trust? Do you not trust your own employees to not screw the company?
When I did IT for a company, we fixed all our empolyee computer issues. We didn't do any ass covering. (Not to say you shouldn't, just saying we didn't)
So what if these are employee's home computers and laptops.
What liability is there that is greater than an retail Computer fixit shop?
1. Maintain a fast server with plenty of storage space.
2. Get a good disk imaging program to make a full backup before any work is done.
3. ???
4. Have updated resume listed on all major job search websites.
...just to provide a cheap laptop for the contractors with a standard build of corporate software and a VPN client. leave it up to the individual to connect to the VPN (DSL, Dial-up, whatever)
it is secure and the corp can control the software.
what will happen when your tech 'fixes' an old PC and it electrocutes the cat?
...Just say no. If it's not yours, or you aren't specifically employed to fix it (by, say, a company), you're better off not doing it. Just about every geek goes through the same early phase: offering to take a look at any sick computer you hear about. But bitter experience teaches you to run screaming from any machine you're not actually contracted to service.
Special Liabilities? Yes, go to your local computer repair shop. Pick up one of their service forms with all the legalese and take it in to your corporate counsel and have them copy it. Hand it to the contractor/employee to sign at some point prior to the first time you go to work on their computer.
You do realize that there are lots of people who actually do what you are describing for a living, right? One upon a time about 10 years ago I managed such a shop. Your resistance to the feasibility of the idea seems to argue against you considering that all you are doing is basic PC work, just like lots of other people in your town do every day. There's nothing special legally in this case about the fact that you have an additional contractual relationship with the people you are doing the PC work for.
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
1. Always make an image of the data on the drives before starting.
2. Search for the porn AFTER you have finished with the computer.
It's a computer. Use a standard click-through disclaimer.
Seriously, just get with HR or whomever is in charge of personnel and have a simple disclaimer written up that states that anyone who takes advantage of this waives all rights to sue for damages. Make sure that it covers both the company and the individual contractor performing the task. Include this in the employee handbook or in the information packet that is given out to people when they are hired.
Follow the same rules and procedures the big stores do when they service pc's (think Staples, Compusa, and Geek Squad)... get mangement to have the contractors sign a agreement saying "we give up right to sue for lost data and malpractice, we give up right to sue for everything and anything including neglegence blah blah blah"
And rememind the contractors BEFORE they bring in their pc's that illegal adult materials must be reported to the FBI for persecution.(so if they have a kiddie porn collection dont bring the pc in to get fixed) You wouldnt belive how many customers who would bring in their pc's to me back when i worked at the sweatshop called compusa would hear that warning, pick up their pc, walk out, and come back the next day without the offending files.
The real liability is dataloss, because it is impossible to defend against if they claim you wipe out 10 months of files (which were never there to begin with) and the going rate for REAL datarecovery (ISO Clean rooms) is like $900 per GB (multiply that by a 160 or 200gb hard drive and you got a major problem)
And this doesn't answer your question, but, seriously: WTF?
How sadly misguided is this? If they want to give employees and contractors perks, how about something with a little more common sense. Like healthbenefits (for contractors) or gas/travel vouchers. Both are something people would be glad to have and have tax benefits to the company. Or how about spa gift certs or something where there's little liability.
Alternately, they should subcontract the work out (Clearly they have no problem doing that). Get GeekSquad or something out there to do it for you. Sure, the liability is a headache for you, but I can't believe that any marginally responsible company would take on the infrastructure to do something like this. Maid service for all employees would be cheaper and have less overhead. And I'm sure would be a nice perk.
If one of your techs does wreck an employee's computer, I hope that your response is something better than pointing to a sheet of paper that the employee signed. Even the best technician will do something stupid on occasion, that's how people learn. It's much cheaper to just fix the problem and eat the cost. To do otherwise risks generating a lot of ill will and you may end up paying for it anyway, plus legal and court costs.
Mea navis aericumbens anguillis abundat
Then they'll wonder why they can't get connected to their cable modem. Guess who will be driving out to their house since you can't troubleshoot that at the office? Yes, this actually became the expectation where I work. IT makes house calls. I wondered if they asked Buildings and Grounds to mow their lawns for them.
Next, what kind of liability are you going to run when the employee blames you for deleting (really really super important file)? Yes, I know you had nothing to do with the hard disk crash, but tell the CEO's son that when he just lost the first draft of his novel.
In all seriousness, here are a few suggestions
Good luck. You'll need it.
"Seven Deadly Sins? I thought it was a to-do list!"
Your liability towards your "customers" will be the same as if you were running a repair department at a computer store. You should look into what those local PC mongers are doing. The SBA may have some resources you can use.
Most of these fixit shops are small mom+pop stores, and don't worry about the things large corps do. Things like data rentention, backup, and hostile workplace/sexual harrasement issues. I've done work on home PC's and it's much more difficult and time consuming to provide a level of service + professionalism than in the corporate setting. To do the job right, you've got to start with creating good backups, which takes time and space. If the current install has a dead NIC because of spyware/malware/etc, it's fastest to disk image by ripping the drive out, but still time consuming. Reinstalls are painful because of varying hardware/drivers and because users many times don't have valid licenses for all their software. Finally, there are problems with warez and pr0n in the corporate environment. ---- In summary, I think your problems are less legal, and more time consuming. I'd say easily 2x time per trouble ticket. If your boss really wants to go this route, I'd be forward thinking and begin allowing employees to purchase the same identical hardware/software packages you are using the enterprise. Then you're slamming out the same ghost images and drivers, and you're not scratching your head wondering if some obscure part is defective or not.
If you are doing it at your employer's behest, and on company time, then they are the ones liable. This is a gross generalization, but for the most part true. Think of it this way: If you are an employee of XYZ Inc. and you are working on a software project for a customer, and you hose it up. Would you be sued directly? No. The company would be sued. You were acting as an agent of the company. If someone brings their computer in, and you lose all of their Quicken (tm) data, then you did it while acting as an agent of the company. The company is liable, you aren't. (Again, gray area.) I wouldn't be worried about it, but IANAL. Hopefully some of the other posts will give better insight as to this.
I never really worried about liability. I just assumed that it was part of my job (after all, my boss's computer was one of the ones I'd occasionally fix, though he was good at it himself so I only got involved if it was tricky.)
In your (the person asking) case, I'd just suggest doing your job. You're the IT guy, and you were told to fix the computer, so fix the computer. It's the legal department's job to work out any legal issues (and it's management's job to know if legal needs to get involved and to involve them.) If you think legal should be involved, send your boss (and maybe the legal department) an email, keep a copy of it for your records, and leave it be -- you've done your job, brought up your concerns, and so if somebody doesn't listen to you and it blows up (which seems unlikely, I might add) -- you've got proof right there that you did mention it.
WTF?
Pardon me but it sounds like you're pulling excuses out of you ass because this is a job nobody in your department wants to do. Your execs see it that way too, most likely.
Seriously, what if (during a normal days work) your tech dropped a pc on somebody's foot... you'd be liable for that too, do you bring up the concerns about carrying pc's to managment also?
The company is liable, not the employee... they're obviously willing to accept the risk, so stfu and do your job. Not trying to be an ass, but still, there has to be something more important for you to worry about than this.
I know it sounds like this is a done deal to you, but despite the "it's just IT work" responses, my advice is to put up every obstacle you can... get legal in on it, make estimates (or wild guesses) about how much this is going to cost, and fight 'til your last breath.
Everything that goes wrong after you (or a tech) touches the machine is going to be your fault, whether it is or not. At some point, you are going to be asked to help someone with a lot of internal clout, this will come to pass, and you will be out of a job. It doesn't matter if there's no possible connection between installing a video driver and the malfunction of the LAN card, because these days logic is the last resort.
I well remember working my way through college as an electrician for a company serving Beverly Hills, and let me tell you, we got calls where someone would say "your guys installed a light and now my toilet won't flush" and they were serious. This is a lose-lose if ever there was one.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
It was bad enough keeping things going in a computer support call center where everyone thought bonzi buddy was cool and got very angry when it was not reinstalled after fixing their work PC to the point where it was functional for work.
Do it if you have to - but unless ordered otherwise try to make it absolutely clear that home computers are fixed at the owners risk, need to take lower proirity to work related business and the increased workload from spyware removal has to be taken into account. I forgot how bad things are out there until I connected a bare Win2k SP3 machine on dial up last night to download a program update. The first popup to try to fool me into buying "regcleanerpro" before my computer exploded was there within a minute - and that's after IE had only ever been to MSN since the fresh install and the windows install had never been on a network apart from dial up.
You clearly missed what is going on here, you archive the "customers" data to a central server (3)
.jpg|.jpeg|.gif|.png|.whatever_else_ext_you_want of size less than 25kb and none larger than 250kb (quite a large jpg) and then put them on a seperate server.
3.5 is harvest the individual porn pictures off the computer using a custom script you wrote which accepts no
5 is sell your buddies a "subscription" to this ever enlarging database of files
6 is PROFITs-ah
2^3 * 31 * 647
Your department isn't set up to service home computers with all the complexities, upgrades differing hardware & software environments, etc. Call some local Mom & Pop organizations, tell them what you want (try to recover, clean & reinstall, helpdesk, etc), and let them deal with the hassle. You might need to give them some internal software, etc to install, but that's what NDA's are for. This also prevents you from being the bad guy when you wipe out your bosses data.
There are also some national/international venders that provide helpdesk services for resellers -- you might want to talk to some of them as a front line even if you retain the actual hands on work.
When I started on the bottom rung of the ISP ladder in the 90s, I was doing dialup support. We only supported helping customers set up their DUN (or PPP or SLIP, etc.), DNS, install a web browser from FTP if they didn't have one and didn't want us to mail them a CD, and set up any one of a small palette of email clients to get mail from our servers. We later expanded it to tell people how to upload to their web space, when we added that. Oh, and the name of our NNTP server, if they asked. Officially, that was it.
:)
:)
Of course, ignoring the rules and accepting the calls from clueless clients on dialup who also had T3s with us, handed off by our veeps and prez, were how I climbed the ladder, started supporting broadband before getting trained, and eventually became a "customer engineer" (network engineer)
However, times have changed. You're an ISP, not their personal tech support. If it's not related directly to their connectivity through you, it's not your problem. Seriously. People aren't totally clueless about the boundaries of support any more (I'm not sure most of my "special issues" ever really were) and you've hit the nail on the head about the margins being such that it's not really worth it. If you don't have calls waiting, and the customer is really nice, sure, be the hero, and feel better for it afterwards. But don't let anyone demand or guilt you into anything your company hasn't promised. I've even encountered people who have done serious damage to their systems, and wanted me to help them outside official bounds, with their intent being that they would later claim that we wrecked their systems, and should pay their consultants for them. Just another thing to remember, when someone asks you to support their horrendously complicated issue
Personally i'd be more worried about data protection than hardware failure or human error. You'll have access to employees and colleagues PERSONAL data, which is different from business machines where what personal data anemployee puts on the machine is pretty much at their own risk.
I wouldn't be comfortable having access to that data. You might not be personally liable for damages but if a fellow employee makes the case to your employer that you have abused their trust you could soon lose your job.
and discover someones religion (wiccan) or sexual orientation (homo not hetro) or lifestyle (hightimes subscription) medical confition (hiv positive or just about anything
and next week the employee is let go
every day http://en.wikipedia.org/wiki/Special:Random
Whenever I can, I always make an image-copy of their harddisk, the way it was.
You say I wrecked it? OK. I'll put it back the way it was.
Roger.
Instead of running this home computer program in-house, why not just outsource the job to a local or national computer repair shop? That way, you can let someone else worry about the liability issues. As an added bonus, any standard computer shop will have far more experience in dealing with the kinds of problems that home computers typically encounter than you might have. That fact alone could easily make outsourcing a cheaper proposition then running the show on your own. It's definately food for thought.
In addition to these obvious advantages, outsourcing also allows you to accurately track the costs of the program and draw your budgets accordingly. You and your boss can sit down and allocate each employee a certain dollar amount of gratis tech support, which will avoid the problem of Sue in Accounting bringing her desktop computer in every day for a month so you can wipe out the latest spyware her son aquired while searching for Internet p0rn. Also, you can offer special services with an outsourced program, like in-home system repair for CEOs or, if you work with a national chain, remote repair services for the sales team.
Finally, you should consider the tax issues you could run into if you keep the program in-house. Technically, the type of program you describe could be seen by government tax collectors as employee compensation. That means someone is going to have to track who receives what services, because the government is surely going to want its cut too. With outsourcing, you sidestep all of these problems and are left to concentrate on your primary mission -- maintaining the corporate IT infrastructure.
Make sure you have a policy that very clearly establishes (in absolutely no uncertain terms) that you do not install unlicensed software on the machines, no matter who tells you to. Invariably, you will get some guy from accounting coming in demanding that you install Photoshop on his home computer "because he needs it for work." When you mention that you can't install unlicensed software, he'll go tell his boss, who will then tell you "to just do it." Nobody out there seems to give a damn about licensing issues except for the guy responsible for it. Everyone else takes the view of "well, we have a CD, so it's okay to put it anywhere." The one plus to all of this is that if you ever decide to take off, you can always put in a friendly call to the BSA... : p
This guy's the limit!
Need I say more?
Creative misinterpretation is your friend.
doesn't mean much unless you've locked down every network port, every USB & Firewire port, optical writing drive and any other means of transferrring files. Otherwise some yokel can walk in with a thumb drive and copy a good amount of data, now up to 4GB per drive, and walk out without anyone knowing who did it, when or who they sold the data to. Any information they can get to, they probably can copy.
I would rather that the IT department of wherever i'm working at the moment doesn't touch my personal machine thank you very much!
Also, it sounds suspiciously like the first steps from management to get employers to use their own machines for work - a big no-no.
Furthermore, if your management wants to retain those employers that are both highly qualified and highly mobile i suggest flexible working hours, little or no overwork (or maybe pay-per-hour), a location that's easy to access via both car and public transportation and a proper work environment (3-6 persons rooms, no cublicles, plenty of elbow room).
If you're hiring contractors and then sending them to work at the customer's site there is little you can do to retain them - it doesn't take long for a contractor to figure out that they're best served by removing the middleman.
Beyond that, i know for a fact that one of the most important ways of streamlining the systems administration/support group work is to standardize the work machines (both HW and SW) so that for example, fixing a HW problem is just a question of backup/change-machines/restore. Doing that is simply not possible when it comes to maintaining the employer's personal machines.
If they're really keen on wasting money in this half-baked idea, they should outsource repairs/support of personnal machines to a company that's speciallized in selling those services to the general public.
VPN connectivity over a broadband line to the office should be a requirement. Not some half-a** solution, something tokened and secured.
VMware Player and an Image built/controlled and managed by your IT department. By controlled I mean locked down where controll what's on it.
But their PC doesn't have enough RAM or doesn't have enough DISK or blah blah blah! If they want to use a home PC to connect to your network then these are the requirements.
But how do we support them? Forget their home PCs, you support the image.
Q: I am short, useless and provide no value. What am I? A: a sig
All you have to do is say "looks like we need to reformat and reinstall windows". That seems to be the preferred solution for most internal IT support people. It's quick, it "solves" the problem, and any problems aferward are obviously not their fault. Seems like it'd work just great externally as well.
I realize this echoes many of the opionions already expressed, but here's my take:
It sounds like you've already raised the issue of liability and have been ignored. There is not much more you can do there, except recommend (if you haven't already) that users sign a waiver indicating that the company is not responsible for damage to the customer's hardware, and (more importantly) data loss resulting from your work.
That said, I think the liability is the least of your concerns. I would be far more concerned about the time you will end up spending on this. I could easily see an IT staff spending more time fixing employee computers than on maintaining the corporate network. So keep a log of all the time spent fixing employee-owned computers. When management wants to know why projects are behind, etc., point to this information. At that point, the management team has three choices: except the backlog of company work, hire more people, or change their mind.
The other problem, I strongly suspect, is that you personally don't want to make a career out of fixing employees' personal computers. I wouldn't either. I don't know what to tell you, except that you can either explore alternative employment, hope that the situation doesn't get too bad, or hope that the company changes its mind or does hire additional people to deal with employee computers.
Keep careful track of time spent on working on "non-company" PCs; if your boss wonders why you aren't getting work done, show him the numbers. Hopefully this won't impact your job much, but if it does you should let the pointyheads now how much time this leeches from your day. They are pretty good at understanding "we spent 40% of ellem's salary fixing employee's home computers".
I Am My Own Worst Enemy
- They run MS Windows and these boxes just tend to "magically" degrade unless periodically re-installed. Except you can't do that because the user will lose something, because they don't have backups, original distribution media with which to reinstall applications (or even the OS itself), registration keys, etc.
- They run applications (MSIE, MS Outlook, MS Word, MS Excel) which in turn are vectors by which other malware comes into the system. You can't tell a user "Ok, I made it so that your machine is secure now," when the user has the habit of running MSIE to look at websites on the Internet(!) or is in the habit of loading untrusted data+macrocode into MS Word. (And of course they do these things while logged in as an administrator.) When things go wrong again, these people always complain later that you didn't really fix their problem. It's not like you can tell users to stop shooting themselves in the foot.
Legal department can care of the liabilities. The real thing to think about is: does anyone who does generic PC support, really want more customers? And these people you're talking about, aren't even paying customers. Holy crap, what a great way to lose money and make everyone hate you at the same time.As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
It's odd that you bring up the maid service actually, because the company subsidized housing that I live in actually does provide maid service for me.
And at $450 a month in the North Chicago suburbs, right near Deerfield, which also include utilities and internet/cable, it's a tough deal to beat.
type of stuff, mostly for the upper management, but not only computers, we are talking about anything that plugs into the wall. From cell phones to iPods, even as I sat down at my desk this morning I even had one voice mail left by an EX employee who worked as an executive admin wanting to know how to download songs to her iPod knock off. Note: she has been gone now for 9 months and this is the first time I have heard from her. She did make sure to say/ask how I was doing at the end of the voice mail geee how thoughtful!
We are a two person IT shop; My Boss the Director of IT, and myself Sr Sys Admin. I mostly deal with my network and servers and some luser (local user) stuff, while he gets the majority of face time with said lusers (my people skills are lacking, on purpose). The problem I have is the we are both on call 24x7, and well everyone at the company has been bugging us relentlessly for trivial stuff.
Here is an example; I was called by one of the executive admins last night at 11PM asking how to remove stationary from her outlook so she can send personal emails. If your company goes through this, it is what you can expect. Also note: These idiots computers are so bad off with spyware and virii it's just easier and takes less time to wipe the box clean and do a clean install of Ubuntu and tell them it's new version of winblows. Never in my life have I seen computers so hosed in the two years I been here.
I should also note that I saw an earlier post that said
"5. Make sure your resume is posted on every job board."
Well mine is and had 4 interviews this past month, and this time I'm the one doing the interviewing, taking my time to find a company that will not treat it's IT personnel as... Well... as IT whipping boys!
To Sum it up: You will get taken advantage of, and when it goes wrong or perceived something is wrong with these computers you will waste constant personal time to fix them and or hold the lusers hands and try to appease them. Let the "Geek Squad" charge them a couple hundred to take care of them and hose their computer even more.
Sig
...from the customer side. But if you're an ISP tech, read the second one first, you'll like it better.
Story number 1. My Verizon DSL modem one day refuses to sync up. No signal. No connectivity. Only light on is the power light. I call Verizon. They give me an trouble tag number. Three days later: still dead. I call them for an update. They insist that they have no record of the number. After many call transfers I am told that they simply cancelled every trouble report received during a two-day window, because some worm, I forget which one, hit. I'm, yes, a bit angry, because I insist the virus couldn't have been responsible and that the report shouldn't have been cancelled. Tech says, sure it could. I say, no, because my machine is a Mac and my wife's machine is running Windows 98 and this virus doesn't affect either and she just ran a Norton AV scan and came up clean. And anyway, I say, on my DSL modem the only light on is the power light. And a guy I know in town who also has Verizon DSL says his is out, too. And it's not likely to be a wiring problem on my side of the interface because the phones work. He says the virus could have infected my LinkSys home DSL router. He wants me to cycle power on everything and review through all the network email settings with him, etc. etc. I humor him--well, actually I have no choice--and after we work through his routine he issues a trouble tag number. About twelve hours later, the other lights on my DSL modem start flashing and it syncs up and everything works.
Story number 2. We suddenly lose all connectivity with the Internet. I call Verizon, he wants me to power-cycle and reboot everything, I explain all sorts of excellent reasons why it can't be that and has to be a problem at their end, he tells me he can't go any farther unless I do what he asks, I power-cycle the DSL modem, the LinkSys Router, and my Mac... and bingo, everything worked fine. (Yes, I apologized to the tech for being testy).
"How to Do Nothing," kids activities, back in print!
It sounds like your management is actually trying to skimp on "telecommuting" money... if they offer to help maintain you employees' home machines, then the employees won't feel slighted about doing telecommuting work from home every once in a while.
The better solution would be to just bite the bullet and issue company standard laptops / desktops to your telecommuters. You retain complete control over the software and configuration, and can just offer them a replacement if they screw something up rather than have them sit around not telecommuting while they're waiting for you to diagnose their home PC problem.
If your management is sincerely offering the service as a "fringe benefit", then go for it... but it doesn't seem like it would make sense unless your company was in the business of fixing computers as a core competence and you had a large pool of extra techs sitting around playing with themselves otherwise. Most IT departments I've seen are too busy investing time into company infrastructure projects to have extra time to let techs sit around and screw with random computers.
The high price of gas brought this on last year.
We started a program that offered pptp access for users.
With one caveat: People had to have permision to obtain a company laptop for travel or remote use.
No WAY are we touching home machines.
A few busers were really easy to identify and deal with because they don't work here anymore.
But for the most part, no problems with the machines after people found out what happens when they load porn and software on the machine by breaking the rules.
We are up to about 20 people now with these laptops, and I hardly here a peep out of them, except for the occasional phone call of "How do I connect to the internet at this Hotel?"
-Hackus
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
1, The company could supply a company-owned PC to the contractors. That way there's some semblance of standardization and you're not supporting every device on the shelf at Best Buy.
2, Virtualization is an option. Use a Xen, VMWare, or Virtual PC solution and you can just put out minimum requirements for a user's home machine, and you get your management to agree that the IT shop only supports the virtual box.
3, Get creative about ways to accomplish management's objectives without saying "No". Maybe you can limit your scope of support to company provided applications and get a statement signed by each user that they're responsible foreverything besides applications x, y, and z. Or maybe you can limit support to web-based apps that you guys host.
4, Find a different job. No, seriously. It sounds like there's someone in the company with a job title of CxO that isn't listening to the managers who work under him/her. If that person or people aren't listening to you on this one they likely won't listen anytime you give them advice. Not a good corporate culture, imo.
Yes, my only tool is a hammer. And you're starting to look like a nail.
I know I am going to be reiterating much of what the slashdot community has said in response to this post, but I feel these points merit emphasis.
First of all, the upper management of your company is a confederacy of morons. They face the potential of opening a Pandora's Box of both legal and economic chaos. This situation is typical of the "act now think later" mindset that seems to be the MBA's strong suit. I hope your ICs have good lawyers, they may well need them when the liability buck gets passed to them.
Having worked as an IC for an out-sourcer, I can say that the potential of liability is significant. Both myself and the company to which I contracted dodged a few bullets. In every instance data loss was involved. Some were due to poorly established procedures within the company, others were due to ignorance or negligence by the client. In either case, litigation could have resulted in disaster for the company if not for myself. It is for this reason that I tread with extreme caution when contracting.
Depending on the stipulations of liability, your ICs would be wise to flatly refuse work outside of the company's directly controlled resources. As the control and ownership of the hardware and data changes (in this case from the company to privately owned machines) the distinction of culpability becomes blurred, further exposing both the company and the independent contractors to liability, should the unthinkable occur.
I highly endorse the recommendation by many other readers of developing a liability waiver. While this won't deter a righteously pissed-off litigant, it may serve to assuage frivolous suits. It certainly won't protect anyone from complaints to management, or demands for someone's job.
Aside from convincing upper management of the potential horrors in store the implementation of downright draconian and imperialistic standards of practice are in order here. Create the most anal and hellish SOP you can devise; one which leaves a little room for error or deviation as absolutely possible. Force the strictest adherence to an established protocol which sanity can withstand and take nothing, even the smallest thing, for granted. While such policies are anathema to most of us, this is a case where it might be the only thing between your ass and the chopping-block.
Establish a clearly defined protocol for data retention and disaster recovery, including the provision for the appropriate hardware and its use (all designed with mobility in mind). Establish practices of fully backing up all data, no matter how trivial. And regardless of all else, never take the hardware owner's word for anything , ever !!
The best practice would be to do some research and present the upper management with a series of disaster stories. Be sure to emphasize the financial loss incurred directly or indirectly (via lost production over time, etc.) in each instance. The surest way to get their attention is to clearly illustrate the financial risks involved in such a decision. Consider, after showing the ultimate financial wisdom inherent, in making alternative recommendations, such as providing computers (owned by the company) to these employees, thus eliminating the control of ownership and thus limiting liability. While I do not believe that the company is likely to be willing to loan hardware to their employees this might lead to other creative solutions.
While my stance on this matter may sound alarmist, I have seen enough near-misses to make me gun-shy. You could operate for several years with no incident, but once that first incident occurs the floodgates will be open. And, in the end, it will be your IT people who serve as the scapegoats. The company will hang them out to dry, one and all.
"09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0"
I used to work at a higher ed tech shop which would support luser's home equipment. Anyone can see that is always a tremendously bad idea, but my workplace let people take things to even nuttier extremes.
It's no surprise that in higher ed, some tenured faculty act like they walk on water. It was not uncommon to see faculty taking home their brand new office computers, replacing them with a beater box from home, and then expecting support on both systems! We had people who would think nothing of taking home new $3K Macs and bringing in 1995-vintage beige gear - you'd be lucky if the thing had ethernet! To top it off, these creeps would even write us (and our management) nasty letters if we dared question these sorts of shenanigans.
Combine this with toothless management directives ("Help this guy out with his new personal laptop... but don't help him out _too_ much" is the kind of nonsense I'd hear from the boss) and you've got a nightmare.
Our users even had the gall to press for free house calls ("because I do State Work on my home machine") but thankfully this never happened.
Company should issue out laptops to the contractors, laptops which give the contractors standard user rights while logged on.
It's something that once you start supporting, you will not be able to stop. You fix Candy's machine and Sam's, then your company decides to pull the plug on this. But Sara starts whining because she was next in line because of some StarForce driver f'ed up her CD-ROM. "Well, just this once, then we'll stop this policy." says the suits. (You'll be hearing that a lot).
Tell them, "Look if I don't have control over the maintenance and upkeep then I shouldn't be responsible for the maintenance and upkeep.
Tell them, "Sometimes a fix for a major problem is uninstalling/removing/blacklisting something that these users might think they want. If I don't control the systems, they're just going to reverse the fix, and start yelling at me again."
DO NOT DO THIS! Even with some legalize papers, just don't get involved in changing your role at the company to deal with computers that you don't control.
"When I want your opinion, I'll give it to you." --leonstryker
This can't really apply to the OP since it is sanctioned and forced by the management, but my company has no policy on this. I will work on a machine in my spare time, at no cost to the employee (I usually ask them to buy me a lunch when I am done and it works), in a few certain circumstances.
I try to wait till they are desperate. Before this I will just give them suggestions that they can try on their own. By the time the problem is really big, I will just tell them I will do my best, but I can't guarentee anything. I'm wary of what kind of issues I will look at.
For example: my last colleague with an issue had a laptop that wouldn't boot. I think the hard drive is toasted, it makes some funny noises sometimes (probably the motor or the heads crashing on the disk). I advised him that I'm not sure of the issue, it could be the motherboard (specifically the IDE controller) or it could be the drive. I made a best-effort to try that drive on another machine, advised him it is the drive, and he will purchase the replacement parts and I will install them and run his Dell XP restore disk. He already knows at this point that there is no saving the data on the drive, he is OK with that.
Another example: spyware infested PC. Best effort to remove the spyware, some slipped through, but computer still ran orders of magnitude better than it did before I got ahold of it. Employee tried using the machine for a while, said it still wasn't quite right, scanned again with different tools, advised cust to add 256 megs ram to her 256mb ram windows XP machine, now it works better.
Just make sure you tell them up front that you make no guarentees, you are doing this as a friendly service. If successful, I usually get a lunch out of it, if not, I just lose a little break time.
-- Having a Creationist Museum is like having an Atheist place of worship
I dread every time the company's IT department touches my work machine... as often as not, they screw something up.
There's not a chance in Hell that I would trust them with my own computers! (The same goes for the clowns at Best Buy, et al).
This is going to be a taxable benefit. You are going to have to report the value of the service as taxable income to each employee and do appropriate witholding.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
The upper management team of my company has made a decision that the IT department will work with employee's home computers and laptops. Despite every possible explanation of liability and the loss of proprietary information, the decision was made in order to satisfy a 'need' that the employees have expressed.
Do you guys get to wear the slender black neckties, white short-sleeved button ups, and drive Volkswagen Beetles to work? Hmmm...
"If you think you have things under control, you're not going fast enough." --Mario Andretti
You say toe sucker like it's a bad thing.
This