Policy
IT staff accessing or disclosing private or sensitive information within MIT enterprise systems that is outside the specific job responsibilities is prohibited without the approval of the Business/Data owner. Violations or inappropriate use of administrative access will be met with disciplinary measures up to and including termination.
Rationale
IS&T staff provide systems and application administration for servers under their management. In order to perform these activities and provide support for these systems, IS&T staff may have administrative access to the operating system, databases, or applications being supported as part of their job responsibilities. This access may only be used in support of Institute business and consistent with the roles and responsibilities of the staff member as prescribed by MIT management. IS&T periodically reviews administrator access to the systems it is responsible for managing, and administrative access is also reviewed and updated upon a change in the staff member's role or responsibilities.