The SAGE code of ethics

The System Administrator’s Guild has developed its own professional guidelines for system administrators. We cite them here for reference. The original draft of this document was written by Hal Miller, and the revised draft by Lee Damon.

Original draft

Background: Computers, and particularly networked systems, have become as necessary a part of life as the telephone. The functionality they bring to home and office environments is now taken for granted as a part of daily life. As the world moves toward becoming a paperless society, the information stored and handled in the computing environment becomes more critical to that lifestyle.

Proper operation, support and integrity of computing assets is regarded as being as important as that of the telephone system in most countries today.

System administrators, under any title and whether or not they are members of a professional organization, are relied upon to ensure proper operation, support and protection of those computing assets. Unlike most previous technological advances, any problem with a computer system may negatively impact millions of people world-wide, thus such protection is more crucial than equivalent roles within other technologies. The ever-increasing reliance upon computers in all parts of society has led to system administrators having access to more information, particularly information of critical importance to the users, thus increasing the impact that any mis-step may have.

The scope of the system administrator’s responsibilities is wide. Users rely upon the advice, planning, maintenance and repair tasks performed, whether pro-actively or reactively performed. System administrators are expected to have a good understanding of what is available in the vendor world, and what the user community may require in the foreseeable future.

With such responsibilities upon the shoulders of these individuals, it is impor-tant that all computer users and system administrators understand the norms and principles to be applied to the task. A code of ethics supplies these norms and principles as canons of general concepts. Such a code must be applied by individuals, guided by their professional judgment, within the confines of the environment and situation in which they may be.

The code sets forth commitments, responsibilities and requirements of mem-bers of the system administration profession within the computing community.

As used within this document, the word ‘users’ applies not only to those computer-utilizing members of that computing community who call upon sys-tem administrators for support, but also to those syssys-tem administrators, and even to management personnel who may not actually be using a computer.

This Code of Ethics has as its purposes the following:

• to provide a set of codified guidelines for ethical directions that system administrators must pursue;

• to act as a reference for construction of local site acceptable use policies;

• to enhance the professionalism and image of the Guild and of its individual members by promoting ethical behavior;

• to act as an ‘industry standard’ reference of behavior in difficult situations, as well as in common ones;

• to establish a baseline for addressing more complex issues.

This Code is not:

• a set of enforceable laws;

• an enumeration of procedures;

• proposed responses to situations;

• all-encompassing;

• an enumeration of sanctions and punishments.

1. Canon 1

The integrity of a system administrator must be beyond reproach.

A system administrator may come into contact with privileged information on a regular basis and thus has a duty to the owners of such information to both keep confidential and to protect the confidentiality of all such information.

Protecting the integrity of information includes ensuring that neither sys-tem administrators nor unauthorized users unnecessarily access, make any changes to, or divulge data not belonging to them. It includes all appropriate effort, in accordance with industry-accepted practices, by the system admin-istrator to enforce security measures to protect the computers and the data contained on them.

System administrators must uphold the law and policies as established for the systems and networks they manage, and make all efforts to require the same adherence from their users. Where the law is not clear, or appears to be in conflict with their ethical standards, system administrators must exercise sound judgment, and are also obliged to take steps to have the law upgraded or corrected as is possible within their jurisdiction.

2. Canon 2

A system administrator shall not unnecessarily infringe upon the rights of users.

System administrators shall not act with, nor tolerate from others, discrimi-nation between authorized users based on any commonly recognized grounds (e.g., age, gender, religion etc.), except where such discrimination (e.g. with respect to unauthorized users as a class) is a necessary part of their job, and then only to the extent that such treatment is required in dealing with the issue at hand.

System administrators will not exercise their special powers to access any pri-vate information other than when necessary to their role as system managers, and then only to the degree necessary to perform that role, while remaining within established site policies. Regardless of how it was obtained, system administrators will maintain the confidentiality of all private information.

3. Canon 3

Communications of system administrators with all whom they may come in contact shall be kept to the highest standards of professional behavior.

System administrators must keep users informed about computing matters that might affect them, such as conditions of acceptable use, sharing and availability of common resources, maintenance of security, occurrence of system monitoring, and any applicable legal obligations. It is incumbent upon the system administrator to ensure that such information is presented in a manner calculated to ensure user awareness and understanding.

Honesty and timeliness are keys to ensuring accurate communication to users. A system administrator shall, when advice is sought, give it impartially, accompanied by any necessary statement of the limitations of personal knowledge or bias. Any potential conflicts of interest must be fully and immediately declared.

4. Canon 4

The continuance of professional education is critical to maintaining currency as a system administrator.

Since technology in computing continues to make significant strides, a sys-tem administrator must take an appropriate level of action to update and enhance personal technical knowledge. Reading, study, acquiring training, and sharing knowledge and experience are requirements to maintaining cur-rency and ensuring the customer base of the advantages and security of advances in the field.

5. Canon 5

A system administrator must maintain an exemplary work ethic.

System administrators must be tireless in their effort to maintain high levels of quality in their work. Day to day operation in the field of system adminis-tration requires significant energy and resiliency. The system administrator is placed in a position of such significant impact upon the business of the organization that the required level of trust can only be maintained by exemplary behavior.

6. Canon 6

At all times, system administrators must display professionalism in the performance of their duties.

All manner of behavior must reflect highly upon the profession as a whole.

Dealing with recalcitrant users, upper management, vendors or other system administrators calls for the utmost patience and care to ensure that mutual respect is never at risk.

Actions that enhance the image of the profession are encouraged. Actions that enlarge the understanding of the social and legal issues in computing are part of the role. System administrators are obliged to assist the community at large in areas that are fundamental to the advancement and integrity of local, national and international computing resources.

New draft

As a member of the international community of systems administrators, I will be guided by the following principles:

1. Fair treatment

I will treat everyone fairly. I will not discriminate against anyone on grounds such as age, disability, gender, sexual orientation, religion, race, national origin, or any other non-business related issue.

2. Privacy

I will only access private information on computer systems when it is neces-sary in the course of my duties. I will maintain and protect the confidentiality of any information to which I may have access, regardless of the method by which I came into knowledge of it. I acknowledge and will follow all relevant laws governing information privacy.

3. Communication

I will keep users informed about computing matters that may affect them – such as conditions of acceptable use, sharing of common resources, main-tenance of security, occurrence of system monitoring, and any relevant legal obligations.

4. System integrity

I will strive to ensure the integrity of the systems for which I have responsi-bility, using all appropriate means – such as regularly maintaining software and hardware; analyzing levels of system performance and activity; and, as far as possible, preventing unauthorized use or access.

5. Cooperation

I will cooperate with and support my fellow computing professionals.

I acknowledge the community responsibility that is fundamental to the integrity of local, national, and international network and computing resources.

6. Honesty

I will be honest about my competence and will seek help when necessary.

When my professional advice is sought, I will be impartial. I will avoid conflicts of interest; if they do arise I will declare them and recuse (sic) myself if necessary.

7. Education

I will continue to update and enhance my technical knowledge and other work-related skills through training, study, and the sharing of information and experiences with my fellow professionals. I will help others improve their skills and understanding where my skills and experience allow me to do so.

8. Social responsibility

I will continue to enlarge my understanding of the social and legal issues relating to computing environments. When appropriate, I will communicate that understanding to others and encourage the writing and adoption of policies and laws about computer systems consistent with these ethical principles.

9. Quality

I will be honest about the occurrence and impact of mistakes, and where possible and appropriate I will attempt to correct them.

I will strive to achieve and maintain a safe, healthy, and productive workplace.

10. Ethical responsibility

I will lead by example, maintaining a consistently high ethical standard and degree of professionalism in the performance of all my duties.