To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39128580,00.htm

Leader: Corporate ethics – don't pass the buck to IT
IT departments feeling the pressure from HR and business managers...

By silicon.com

Published: Thursday 10 March 2005

IT heads said in this week's CIO Jury they are coming under increasing pressure from HR and other parts of the business to be the "corporate police force" when it comes to enforcing internal ethics and codes of conduct policies for staff.

The fact that IT bosses sit at the heart of a company's 'nerve centre' overseeing email, phone and internet use by all employees - from the CEO to the receptionist - seems to be putting them in something of an uncomfortable position as the gatekeeper to employee behaviour policies.

Just this week airline manufacturer Boeing fired its CEO after what appears to be the leak of one of his emails to the board. The email revealed his relationship with a female co-worker, which was in breach of the company's ethics code. There's no suggestion the email was spotted or leaked by Boeing's IT department but it raises an important question of where the dividing line lies between HR and IT.

While the IT department undoubtedly has all the technological tools to ensure internal communications are adequately monitored, recorded and stored, CIOs are less than comfortable having to dig into their already squeezed resources to be the proactive corporate ethics police - and deal with the HR and data protection minefield that comes with it.

As one CIO in our jury pointed out, IT should be there to respond to genuine concerns raised by HR or line managers about a particular employee's behaviour - not to proactively police and alert the business of potential problem areas.

Corporate IT departments are already overworked by the heavy burden that regulatory compliance legislation such as Sarbanes Oxley and Basel II has placed on them and don't need the pressure of spying on staff to add to that.

As another CIO put it: "Just because technology is increasingly important in flagging and ensuring compliance, don't pass the buck to IT."

We agree.