Charter for System Administrators

System and network administrators, as part of their daily work, need to perform actions which may result in the disclosure of information held by other users in their files, or sent by users over communications networks. This charter sets out the actions of this kind which authorised administrators may expect to perform on a routine basis, and the responsibilities which they bear to protect information belonging to others. Administrators also perform other activities, such as disabling machines or their network connections, that have no privacy implications; these are outside the scope of this charter.

On occasion, administrators may need to take actions beyond those described in this charter. Some of these situations are noted in the charter itself. In all cases they must seek individual authorisation from the appropriate person in the Company for the specific action they need to take. Such activities may well have legal implications for both the individual and the Company, for example under the Data Protection and Human Rights Legislation. System administrators should therefore ensure that they have information and procedures in place, including delegation of authority for routine requests, to ensure that such authorisation can be obtained promptly in all circumstances and is given in accordance with the law. Keeping good records, preferably against a pre-prepared checklist, will help to protect the Company and individuals from any charge of improper actions.

System and network administrators must always be aware that the privileges they are granted place them in a position of considerable trust. Any breach of that trust, by misusing privileges or failing to maintain a high professional standard, not only makes their suitability for the system administration role doubtful, but is likely to be considered as gross misconduct. Administrators must always work within the Company’s information security and data protection policies, and should seek at all time to follow professional codes of behaviour such as the following:

• BCS Code of Conduct and Code of Good Practice

• Usenix System Administrator's Code of Ethics

All appropriate staff have signed up to the charter which is recorded. 

Operational Activities

The first duty of an administrator is to ensure that networks, systems and services are available to users and that information is processed and transferred correctly, preserving its integrity. Here the administrator is acting to protect the operation of the systems for which they are responsible. For example investigating a denial of service attack or a defaced web server is an operational activity as is the investigation of crime.

Where necessary to ensure the proper operation of networks or computer systems for which they are responsible, authorised administrators may:

• monitor and record traffic on those networks or display it in an appropriate form;

• examine any relevant files on those computers;

• rename any relevant files on those computers or change their access permissions (see Modification of Data below);

• create relevant new files on those computers.

Where the content of a file or communication appears to have been deliberately protected by the owner, for example by encrypting it, the administrator must not attempt to make the content readable without specific authorisation from the Information Security officer or the owner of the file.

The administrator must ensure that these activities do not result in the loss or destruction of information. If a change is made to a user filestore then the affected user(s) must be informed of the change and the reason for it as soon as possible after the event.

Policy Activities

Administrators may also play a part in monitoring compliance with policies which apply to the systems. For example this Acceptable Use Policy prohibits certain uses of the internet such as gambling. In all of these cases the administrator is acting in support of policies, rather than protecting the operation of the system.

Administrators must not act to monitor or enforce policy unless they are sure that all reasonable efforts have been made to inform users both that such monitoring will be carried out and the policies to which it will apply. If this has not been done through a general notice to all users then before a file is examined, or a network communication monitored, individual permission must be obtained from all the owners of files or all the parties involved in a network communication.

Provided administrators are satisfied that either a general notice has been given or specific permission granted, they may act as follows to support or enforce policy on computers and networks for which they are responsible:

• monitor and record traffic on those networks or display it in an appropriate form;

• examine any relevant files on those computers;

• rename any relevant files on those computers or change their access permissions or ownership (see Modification of Data below);

• create relevant new files on those computers.

Where the content of a file or communication appears to have been deliberately protected by the owner, for example by encrypting it or by marking it as personal, the administrator must not examine or attempt to make the content readable without specific authorisation from the Information Security Officer or the owner of the file.

The administrator must ensure that these activities do not result in the loss or destruction of information. If a change is made to a user filestore then the affected user(s) must be informed of the change and the reason for it as soon as possible after the event.

Disclosure of Information

System and network administrators are required to respect the secrecy of files and correspondence.

During the course of their activities, administrators are likely to become aware of information which is held by, or concerns, other users. Any information obtained must be treated as confidential - it must neither be acted upon, nor disclosed to any other person unless this is required as part of a specific investigation:

• Information relating to an ongoing investigation may be passed to managers or others involved in the investigation;

• Information that does not relate to an ongoing investigation must only be disclosed if it is thought to indicate an operational problem, or a breach of Company policy or the law, and then only to the Information Security Officer (or, if this is not appropriate, to the General Manager or Executive) for them to decide whether further investigation is necessary.

Administrators must be aware of the need to protect the privacy of personal data and sensitive personal data that is stored on their systems. Such data may become known to authorised administrators during the course of their investigations. Particularly where this affects sensitive personal data, any unexpected disclosure should be reported to the Data Protection Officer.

Intentional Modification of Data

For both operational and policy reasons, it may be necessary for administrators to make changes to user files on computers for which they are responsible. Wherever possible this should be done in such a way that the information in the files is preserved:

• rename or move files, if necessary to a secure archive, rather than deleting them;

• instead of editing a file, move it to a different location and create a new file in its place;

• remove information from public view by changing permissions (and if necessary ownership).

Where possible the permission of the owner of the file should be obtained before any change is made, but there may be urgent situations where this is not possible. In every case the user must be informed as soon as possible what change has been made and the reason for it.

The administrator may not, without specific individual authorisation from the appropriate authority, modify the contents of any file in such a way as to damage or destroy information.

Unintentional Modification of Data

Administrators must be aware of the unintended changes that their activities will make to systems and files. For example, listing the contents of a directory may well change the last accessed time of the directory and all the files it contains; other activities may well generate records in log files. This may destroy or at best confuse evidence that may be needed later in an investigation.

Where an investigation may result in disciplinary charges or legal action, great care must be taken to limit such unintended modifications as far as possible and to account for them. In such cases a detailed record should be kept of every command typed and action taken.  If a case is likely to result in legal or disciplinary action, the evidence should first be preserved using accepted forensic techniques and any investigation performed on a second copy of this evidence.

Personal Liability

Administrators have extensive powers to make changes which could expose sensitive data and incur financial or legal penalties on the company if not exercised with appropriate due diligence.

The primary form of due diligence is the Change Request process.

If an administrator implements changes without an approved Change Request they may be subjected to legal or disciplinary action, and/or financial liability for the costs resulting from their actions.