Mixing
![how to deny additional responsibilities professionally [duplicate]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjbpfN9tAutmK93bJRC3ZoROZzi2TJDms5n8_qJuhgE0a9b52OOHayv3NGT8igAdFL7byXNst-_1DZK5SjrIJ28_6RQPUpBROqMs5s6jo-ZsjX8kjDwfxJufIitH3TaQRXWaGSQKRQib-f/s72-c/1.jpg)
At the end of contracting work (IT/Programming), what steps need to be taken to protect myself from any technical issues company might have
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
9
down vote
favorite
In particular, I'm interested to know what to do in terms on handing over things like passwords to systems. Should I demand passwords to be changed immediately so that I don't have access?
The situation is that people taking over my work aren't well qualified, it could be easy to blame an ex-contractor for any problems, while trying to save their own job. I'm trying to protect myself from potential blame being assigned to me, if things go wrong with systems/networking/websites etc.
I have documented as much as I thought was necessary/requested. I have also got in writing confirmation that my contract is ending on certain date.
Just to add also, the fact that, like contractors, I am waiting for my invoice to be paid for quite a while after completing work. So getting blamed at this stage, while waiting, could result in at worst needing to clean the mess for free, at best being paid to clean the mess.
freelancing contracting software websites software-development
asked Feb 27 '16 at 23:18
joshuaty
515
 |Â
show 2 more comments
up vote
9
down vote
favorite
In particular, I'm interested to know what to do in terms on handing over things like passwords to systems. Should I demand passwords to be changed immediately so that I don't have access?
The situation is that people taking over my work aren't well qualified, it could be easy to blame an ex-contractor for any problems, while trying to save their own job. I'm trying to protect myself from potential blame being assigned to me, if things go wrong with systems/networking/websites etc.
I have documented as much as I thought was necessary/requested. I have also got in writing confirmation that my contract is ending on certain date.
Just to add also, the fact that, like contractors, I am waiting for my invoice to be paid for quite a while after completing work. So getting blamed at this stage, while waiting, could result in at worst needing to clean the mess for free, at best being paid to clean the mess.
freelancing contracting software websites software-development
asked Feb 27 '16 at 23:18
joshuaty
515
How do you know passwords haven't already been changed? Also, you have absolutely no business checking, and you should destroy all record of the old oassword so it can't be stolen from you - or at the vety least put it behind extremely strong encryption -- or you haven't done your part in maintaining security. If you do your job right, whether they do theirs right is not your problem.
– keshlam
Feb 28 '16 at 16:10
1
If you've memorised your password already and want to forget it, you could change your password to a randomly generated one, and then don't record that password anywhere else. Use copy/paste to avoid unintentionally memorising the new password.
– Brandin
Feb 29 '16 at 14:59
I think as well as actually changing the critical passwords, my thinking was to inform everyone that we are changing them, this is purely to deter blame.
– joshuaty
Feb 29 '16 at 19:30
@joshuaty companies typically disable user accounts at the end of the contract, so changing your password may not be necessary. Your only obligation is to notify/confirm the end date with your employer, and not attempt to access your account after that date.
– mcknz
Feb 29 '16 at 19:50
Fact of life: you're no longer working with them. Of course you are going to be blamed for everything from a light bulb going out to the new guy being late to work. Doesn't matter if you're a contractor or an ex employee; it's still going to be your fault.
– NotMe
Feb 29 '16 at 23:01
 |Â
show 2 more comments
up vote
9
down vote
favorite
up vote
9
down vote
favorite
In particular, I'm interested to know what to do in terms on handing over things like passwords to systems. Should I demand passwords to be changed immediately so that I don't have access?
The situation is that people taking over my work aren't well qualified, it could be easy to blame an ex-contractor for any problems, while trying to save their own job. I'm trying to protect myself from potential blame being assigned to me, if things go wrong with systems/networking/websites etc.
I have documented as much as I thought was necessary/requested. I have also got in writing confirmation that my contract is ending on certain date.
Just to add also, the fact that, like contractors, I am waiting for my invoice to be paid for quite a while after completing work. So getting blamed at this stage, while waiting, could result in at worst needing to clean the mess for free, at best being paid to clean the mess.
freelancing contracting software websites software-development
asked Feb 27 '16 at 23:18
joshuaty
515
In particular, I'm interested to know what to do in terms on handing over things like passwords to systems. Should I demand passwords to be changed immediately so that I don't have access?
The situation is that people taking over my work aren't well qualified, it could be easy to blame an ex-contractor for any problems, while trying to save their own job. I'm trying to protect myself from potential blame being assigned to me, if things go wrong with systems/networking/websites etc.
I have documented as much as I thought was necessary/requested. I have also got in writing confirmation that my contract is ending on certain date.
Just to add also, the fact that, like contractors, I am waiting for my invoice to be paid for quite a while after completing work. So getting blamed at this stage, while waiting, could result in at worst needing to clean the mess for free, at best being paid to clean the mess.
freelancing contracting software websites software-development
asked Feb 27 '16 at 23:18
joshuaty
515
edited Feb 29 '16 at 19:36
asked Feb 27 '16 at 23:18
joshuaty
515
asked Feb 27 '16 at 23:18
joshuaty
515
asked Feb 27 '16 at 23:18
joshuaty
515
515
How do you know passwords haven't already been changed? Also, you have absolutely no business checking, and you should destroy all record of the old oassword so it can't be stolen from you - or at the vety least put it behind extremely strong encryption -- or you haven't done your part in maintaining security. If you do your job right, whether they do theirs right is not your problem.
– keshlam
Feb 28 '16 at 16:10
1
If you've memorised your password already and want to forget it, you could change your password to a randomly generated one, and then don't record that password anywhere else. Use copy/paste to avoid unintentionally memorising the new password.
– Brandin
Feb 29 '16 at 14:59
I think as well as actually changing the critical passwords, my thinking was to inform everyone that we are changing them, this is purely to deter blame.
– joshuaty
Feb 29 '16 at 19:30
@joshuaty companies typically disable user accounts at the end of the contract, so changing your password may not be necessary. Your only obligation is to notify/confirm the end date with your employer, and not attempt to access your account after that date.
– mcknz
Feb 29 '16 at 19:50
Fact of life: you're no longer working with them. Of course you are going to be blamed for everything from a light bulb going out to the new guy being late to work. Doesn't matter if you're a contractor or an ex employee; it's still going to be your fault.
– NotMe
Feb 29 '16 at 23:01
 |Â
show 2 more comments
How do you know passwords haven't already been changed? Also, you have absolutely no business checking, and you should destroy all record of the old oassword so it can't be stolen from you - or at the vety least put it behind extremely strong encryption -- or you haven't done your part in maintaining security. If you do your job right, whether they do theirs right is not your problem.
– keshlam
Feb 28 '16 at 16:10
1
If you've memorised your password already and want to forget it, you could change your password to a randomly generated one, and then don't record that password anywhere else. Use copy/paste to avoid unintentionally memorising the new password.
– Brandin
Feb 29 '16 at 14:59
I think as well as actually changing the critical passwords, my thinking was to inform everyone that we are changing them, this is purely to deter blame.
– joshuaty
Feb 29 '16 at 19:30
@joshuaty companies typically disable user accounts at the end of the contract, so changing your password may not be necessary. Your only obligation is to notify/confirm the end date with your employer, and not attempt to access your account after that date.
– mcknz
Feb 29 '16 at 19:50
Fact of life: you're no longer working with them. Of course you are going to be blamed for everything from a light bulb going out to the new guy being late to work. Doesn't matter if you're a contractor or an ex employee; it's still going to be your fault.
– NotMe
Feb 29 '16 at 23:01
How do you know passwords haven't already been changed? Also, you have absolutely no business checking, and you should destroy all record of the old oassword so it can't be stolen from you - or at the vety least put it behind extremely strong encryption -- or you haven't done your part in maintaining security. If you do your job right, whether they do theirs right is not your problem.
– keshlam
Feb 28 '16 at 16:10
How do you know passwords haven't already been changed? Also, you have absolutely no business checking, and you should destroy all record of the old oassword so it can't be stolen from you - or at the vety least put it behind extremely strong encryption -- or you haven't done your part in maintaining security. If you do your job right, whether they do theirs right is not your problem.
– keshlam
Feb 28 '16 at 16:10
1
1
If you've memorised your password already and want to forget it, you could change your password to a randomly generated one, and then don't record that password anywhere else. Use copy/paste to avoid unintentionally memorising the new password.
– Brandin
Feb 29 '16 at 14:59
If you've memorised your password already and want to forget it, you could change your password to a randomly generated one, and then don't record that password anywhere else. Use copy/paste to avoid unintentionally memorising the new password.
– Brandin
Feb 29 '16 at 14:59
I think as well as actually changing the critical passwords, my thinking was to inform everyone that we are changing them, this is purely to deter blame.
– joshuaty
Feb 29 '16 at 19:30
I think as well as actually changing the critical passwords, my thinking was to inform everyone that we are changing them, this is purely to deter blame.
– joshuaty
Feb 29 '16 at 19:30
@joshuaty companies typically disable user accounts at the end of the contract, so changing your password may not be necessary. Your only obligation is to notify/confirm the end date with your employer, and not attempt to access your account after that date.
– mcknz
Feb 29 '16 at 19:50
@joshuaty companies typically disable user accounts at the end of the contract, so changing your password may not be necessary. Your only obligation is to notify/confirm the end date with your employer, and not attempt to access your account after that date.
– mcknz
Feb 29 '16 at 19:50
Fact of life: you're no longer working with them. Of course you are going to be blamed for everything from a light bulb going out to the new guy being late to work. Doesn't matter if you're a contractor or an ex employee; it's still going to be your fault.
– NotMe
Feb 29 '16 at 23:01
Fact of life: you're no longer working with them. Of course you are going to be blamed for everything from a light bulb going out to the new guy being late to work. Doesn't matter if you're a contractor or an ex employee; it's still going to be your fault.
– NotMe
Feb 29 '16 at 23:01
 |Â
show 2 more comments
6 Answers
6
active
oldest
votes
up vote
6
down vote
accepted
If you did everything properly you are covered already. You should have solid documentation of all progress and resolutions. You should have documentation on all testing. And you should have the actual clients endorsement that the project is completed satisfactorily.
Documentation on the work done, should be a priority, I start doing this before I even start the work. Then I keep the client informed periodically with reports until everything is finished. Once the job is completed and signed off on, you charge for any support. Personally if an issue comes up that I deem is my fault (not their staffs opinion) I fix it for free, but that's all.
With passwords, repositories etc,. you don't demand anything. You give them all to the client, with the suggestion that they are changed, outlining that it is a security issue.
answered Feb 27 '16 at 23:32
Kilisi
94.6k50216376
Seems a very good advice, thanks. My hope is that they don't screw up, as I am still waiting for my invoices to be paid for quite a while. The blame assigned incorrectly for a screw up could result in me being not paid worst case; Or me being paid to fix the issue, not as bad but still not ideal.
– joshuaty
Feb 29 '16 at 19:27
5
Never let invoices remain unpaid, follow them up. You should arrange payment at completion or as soon as possible afterwards.
– Kilisi
Feb 29 '16 at 19:41
suggest improvements |Â
up vote
6
down vote
I think bring it up would cause more problems than it would solve. That is clearly their responsibility. I would highly recommend you not log in to fix anything even the most minor if you are not under contract. I know it sounds harsh but if you help them at all they will just continue to ask for help until you have to cut them off and they will be more mad than if you just cut them off at the first question.
answered Feb 27 '16 at 23:26
paparazzo
33.3k657106
Especially because I don't want to have any trace in the logs that I have touched the servers. It is a good point.
– joshuaty
Feb 29 '16 at 19:32
suggest improvements |Â
up vote
1
down vote
One tactic not already mentioned is to define expectations for the post-project work up front, either in the contract itself, or in a separate document.
Terms I've used in the past include a post-contract warranty period, where for X number of days or weeks I will fix for free anything that I consider my own defect.
After the post-contract warranty period, all changes require my standard rate, even if it's a defect.
This provides incentive to your employer to look for defects during the warranty period. Obviously you can still provide fixes for free if you want, but this provides protection against an employer coming back 6 months later and insisting on free work.
The important point here is to come to agreement on these expectations prior to the start of work, so there are no surprises on either side.
answered Feb 29 '16 at 22:45
mcknz
15.6k55468
suggest improvements |Â
up vote
1
down vote
Password changes: You had months of time to cause all kinds of damage with your password and you didn't. You are leaving because your contract ended just in the normal manner, so nobody would expect that you would start causing damage now. You should (during the time they pay you) probably create a list of all your company passwords and hand it over to them; they can then decide whether to delete all accounts immediately, take their time to delete them, at least until they verified that they can access everything, or maybe even leave them for a short time in case they pay you for another week to fix some small problems.
What would be absolutely awful: If you delete your passwords, and it turns out that you were the only one with access to something.
It is usually logged who connects to some server, and where from. If someone messed up, that wouldn't be done from your account. If someone says "I'm stupid and probably mess up, so I use joshuaty's account and blame him if it goes wrong", well, that's an attitude that may put the person into jail in the worst case, and at least open them up to a libel case.
PS. People have passwords related to the company they are working for that are not controlled by the company but by a third party. For example if a company product uses a third party service, then someone must have registered an account with a password for that third party service. That kind of password cannot just be changed by the company.
answered Feb 29 '16 at 15:41
gnasher729
70.8k31131222
If the company has the ability to delete accounts, they have the ability to disable access or change the passwords. There's no need to print a list.
– Blrfl
Feb 29 '16 at 18:51
Thanks for the answer. Yes exactly, I'm not mysteriously disappeared. I had 3-4 documenting sessions, where a person who is taking over asked me questions and we compiled a big multi-page document with all the info, in addition to me providing an encrypted password vault. But the issue is, when you have people taking over who barely know how to type a command into a terminal, anything could happen. The attitude was "we just going to chug along without hiring anyone" so a potential wrong command can wipe the business.
– joshuaty
Feb 29 '16 at 19:22
suggest improvements |Â
up vote
1
down vote
Should I demand passwords to be changed immediately so that I don't have access?
It should not be necessary for you to do so, if your company is mindful of security and operating under best practices. Your company should realize a terminated employee with active access is a security risk to the organization. While you may not have malicious intent, there still exists the possibility of you doing harm, such as stealing confidential data, or sabotage through logic bombs / backdoors.
In all of the places I worked, as an information technology auditor / Sec. professional, there is a well defined termination process whereby departing employees have their access credentials revoked, whether automatically (the ideal method) or manually through a ticketing system.
The company is also taking on unnecessary risk, as a disgruntled former employee can hack into the system if access is still active past their employment, through remote means if he has equipment such a company phone / tablet / laptop.
answered Aug 23 '16 at 1:21
Anthony
5,1431255
suggest improvements |Â
up vote
0
down vote
The smart way to handle this is to create a book of the project and code you worked on. Print out flowcharts, code, a change log, and any user guides and documentation and present it to your bosses before leaving. Code can be changed, print cannot.
Beyond that, it is almost a cliché that the contractor gets blamed for the troubles the current employee is working on. CYA, but expect blame anyway
answered Feb 29 '16 at 14:22
Richard U
77.4k56201308
Code can be changed, but I doubt there are many shops left which don't use a version control system, where you can always tell who changed what from what and when they did it.
– Juha Untinen
Aug 25 '16 at 5:38
suggest improvements |Â
StackExchange.ready(function ()
$("#show-editor-button input, #show-editor-button button").click(function ()
var showEditor = function()
$("#show-editor-button").hide();
$("#post-form").removeClass("dno");
StackExchange.editor.finallyInit();
;
var useFancy = $(this).data('confirm-use-fancy');
if(useFancy == 'True')
var popupTitle = $(this).data('confirm-fancy-title');
var popupBody = $(this).data('confirm-fancy-body');
var popupAccept = $(this).data('confirm-fancy-accept-button');
$(this).loadPopup(
url: '/post/self-answer-popup',
loaded: function(popup)
var pTitle = $(popup).find('h2');
var pBody = $(popup).find('.popup-body');
var pSubmit = $(popup).find('.popup-submit');
pTitle.text(popupTitle);
pBody.html(popupBody);
pSubmit.val(popupAccept).click(showEditor);
)
else
var confirmText = $(this).data('confirm-text');
if (confirmText ? confirm(confirmText) : true)
showEditor();
);
);
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
6
down vote
accepted
If you did everything properly you are covered already. You should have solid documentation of all progress and resolutions. You should have documentation on all testing. And you should have the actual clients endorsement that the project is completed satisfactorily.
Documentation on the work done, should be a priority, I start doing this before I even start the work. Then I keep the client informed periodically with reports until everything is finished. Once the job is completed and signed off on, you charge for any support. Personally if an issue comes up that I deem is my fault (not their staffs opinion) I fix it for free, but that's all.
With passwords, repositories etc,. you don't demand anything. You give them all to the client, with the suggestion that they are changed, outlining that it is a security issue.
answered Feb 27 '16 at 23:32
Kilisi
94.6k50216376
Seems a very good advice, thanks. My hope is that they don't screw up, as I am still waiting for my invoices to be paid for quite a while. The blame assigned incorrectly for a screw up could result in me being not paid worst case; Or me being paid to fix the issue, not as bad but still not ideal.
– joshuaty
Feb 29 '16 at 19:27
5
Never let invoices remain unpaid, follow them up. You should arrange payment at completion or as soon as possible afterwards.
– Kilisi
Feb 29 '16 at 19:41
suggest improvements |Â
up vote
6
down vote
accepted
If you did everything properly you are covered already. You should have solid documentation of all progress and resolutions. You should have documentation on all testing. And you should have the actual clients endorsement that the project is completed satisfactorily.
Documentation on the work done, should be a priority, I start doing this before I even start the work. Then I keep the client informed periodically with reports until everything is finished. Once the job is completed and signed off on, you charge for any support. Personally if an issue comes up that I deem is my fault (not their staffs opinion) I fix it for free, but that's all.
With passwords, repositories etc,. you don't demand anything. You give them all to the client, with the suggestion that they are changed, outlining that it is a security issue.
answered Feb 27 '16 at 23:32
Kilisi
94.6k50216376
Seems a very good advice, thanks. My hope is that they don't screw up, as I am still waiting for my invoices to be paid for quite a while. The blame assigned incorrectly for a screw up could result in me being not paid worst case; Or me being paid to fix the issue, not as bad but still not ideal.
– joshuaty
Feb 29 '16 at 19:27
5
Never let invoices remain unpaid, follow them up. You should arrange payment at completion or as soon as possible afterwards.
– Kilisi
Feb 29 '16 at 19:41
suggest improvements |Â
up vote
6
down vote
accepted
up vote
6
down vote
accepted
If you did everything properly you are covered already. You should have solid documentation of all progress and resolutions. You should have documentation on all testing. And you should have the actual clients endorsement that the project is completed satisfactorily.
Documentation on the work done, should be a priority, I start doing this before I even start the work. Then I keep the client informed periodically with reports until everything is finished. Once the job is completed and signed off on, you charge for any support. Personally if an issue comes up that I deem is my fault (not their staffs opinion) I fix it for free, but that's all.
With passwords, repositories etc,. you don't demand anything. You give them all to the client, with the suggestion that they are changed, outlining that it is a security issue.
answered Feb 27 '16 at 23:32
Kilisi
94.6k50216376
If you did everything properly you are covered already. You should have solid documentation of all progress and resolutions. You should have documentation on all testing. And you should have the actual clients endorsement that the project is completed satisfactorily.
Documentation on the work done, should be a priority, I start doing this before I even start the work. Then I keep the client informed periodically with reports until everything is finished. Once the job is completed and signed off on, you charge for any support. Personally if an issue comes up that I deem is my fault (not their staffs opinion) I fix it for free, but that's all.
With passwords, repositories etc,. you don't demand anything. You give them all to the client, with the suggestion that they are changed, outlining that it is a security issue.
answered Feb 27 '16 at 23:32
Kilisi
94.6k50216376
answered Feb 27 '16 at 23:32
Kilisi
94.6k50216376
answered Feb 27 '16 at 23:32
Kilisi
94.6k50216376
answered Feb 27 '16 at 23:32
Kilisi
94.6k50216376
94.6k50216376
Seems a very good advice, thanks. My hope is that they don't screw up, as I am still waiting for my invoices to be paid for quite a while. The blame assigned incorrectly for a screw up could result in me being not paid worst case; Or me being paid to fix the issue, not as bad but still not ideal.
– joshuaty
Feb 29 '16 at 19:27
5
Never let invoices remain unpaid, follow them up. You should arrange payment at completion or as soon as possible afterwards.
– Kilisi
Feb 29 '16 at 19:41
suggest improvements |Â
Seems a very good advice, thanks. My hope is that they don't screw up, as I am still waiting for my invoices to be paid for quite a while. The blame assigned incorrectly for a screw up could result in me being not paid worst case; Or me being paid to fix the issue, not as bad but still not ideal.
– joshuaty
Feb 29 '16 at 19:27
5
Never let invoices remain unpaid, follow them up. You should arrange payment at completion or as soon as possible afterwards.
– Kilisi
Feb 29 '16 at 19:41
Seems a very good advice, thanks. My hope is that they don't screw up, as I am still waiting for my invoices to be paid for quite a while. The blame assigned incorrectly for a screw up could result in me being not paid worst case; Or me being paid to fix the issue, not as bad but still not ideal.
– joshuaty
Feb 29 '16 at 19:27
Seems a very good advice, thanks. My hope is that they don't screw up, as I am still waiting for my invoices to be paid for quite a while. The blame assigned incorrectly for a screw up could result in me being not paid worst case; Or me being paid to fix the issue, not as bad but still not ideal.
– joshuaty
Feb 29 '16 at 19:27
5
5
Never let invoices remain unpaid, follow them up. You should arrange payment at completion or as soon as possible afterwards.
– Kilisi
Feb 29 '16 at 19:41
Never let invoices remain unpaid, follow them up. You should arrange payment at completion or as soon as possible afterwards.
– Kilisi
Feb 29 '16 at 19:41
suggest improvements |Â
up vote
6
down vote
I think bring it up would cause more problems than it would solve. That is clearly their responsibility. I would highly recommend you not log in to fix anything even the most minor if you are not under contract. I know it sounds harsh but if you help them at all they will just continue to ask for help until you have to cut them off and they will be more mad than if you just cut them off at the first question.
answered Feb 27 '16 at 23:26
paparazzo
33.3k657106
Especially because I don't want to have any trace in the logs that I have touched the servers. It is a good point.
– joshuaty
Feb 29 '16 at 19:32
suggest improvements |Â
up vote
6
down vote
I think bring it up would cause more problems than it would solve. That is clearly their responsibility. I would highly recommend you not log in to fix anything even the most minor if you are not under contract. I know it sounds harsh but if you help them at all they will just continue to ask for help until you have to cut them off and they will be more mad than if you just cut them off at the first question.
answered Feb 27 '16 at 23:26
paparazzo
33.3k657106
Especially because I don't want to have any trace in the logs that I have touched the servers. It is a good point.
– joshuaty
Feb 29 '16 at 19:32
suggest improvements |Â
up vote
6
down vote
up vote
6
down vote
I think bring it up would cause more problems than it would solve. That is clearly their responsibility. I would highly recommend you not log in to fix anything even the most minor if you are not under contract. I know it sounds harsh but if you help them at all they will just continue to ask for help until you have to cut them off and they will be more mad than if you just cut them off at the first question.
answered Feb 27 '16 at 23:26
paparazzo
33.3k657106
I think bring it up would cause more problems than it would solve. That is clearly their responsibility. I would highly recommend you not log in to fix anything even the most minor if you are not under contract. I know it sounds harsh but if you help them at all they will just continue to ask for help until you have to cut them off and they will be more mad than if you just cut them off at the first question.
answered Feb 27 '16 at 23:26
paparazzo
33.3k657106
answered Feb 27 '16 at 23:26
paparazzo
33.3k657106
answered Feb 27 '16 at 23:26
paparazzo
33.3k657106
answered Feb 27 '16 at 23:26
paparazzo
33.3k657106
33.3k657106
Especially because I don't want to have any trace in the logs that I have touched the servers. It is a good point.
– joshuaty
Feb 29 '16 at 19:32
suggest improvements |Â
Especially because I don't want to have any trace in the logs that I have touched the servers. It is a good point.
– joshuaty
Feb 29 '16 at 19:32
Especially because I don't want to have any trace in the logs that I have touched the servers. It is a good point.
– joshuaty
Feb 29 '16 at 19:32
Especially because I don't want to have any trace in the logs that I have touched the servers. It is a good point.
– joshuaty
Feb 29 '16 at 19:32
suggest improvements |Â
up vote
1
down vote
One tactic not already mentioned is to define expectations for the post-project work up front, either in the contract itself, or in a separate document.
Terms I've used in the past include a post-contract warranty period, where for X number of days or weeks I will fix for free anything that I consider my own defect.
After the post-contract warranty period, all changes require my standard rate, even if it's a defect.
This provides incentive to your employer to look for defects during the warranty period. Obviously you can still provide fixes for free if you want, but this provides protection against an employer coming back 6 months later and insisting on free work.
The important point here is to come to agreement on these expectations prior to the start of work, so there are no surprises on either side.
answered Feb 29 '16 at 22:45
mcknz
15.6k55468
suggest improvements |Â
up vote
1
down vote
One tactic not already mentioned is to define expectations for the post-project work up front, either in the contract itself, or in a separate document.
Terms I've used in the past include a post-contract warranty period, where for X number of days or weeks I will fix for free anything that I consider my own defect.
After the post-contract warranty period, all changes require my standard rate, even if it's a defect.
This provides incentive to your employer to look for defects during the warranty period. Obviously you can still provide fixes for free if you want, but this provides protection against an employer coming back 6 months later and insisting on free work.
The important point here is to come to agreement on these expectations prior to the start of work, so there are no surprises on either side.
answered Feb 29 '16 at 22:45
mcknz
15.6k55468
suggest improvements |Â
up vote
1
down vote
up vote
1
down vote
One tactic not already mentioned is to define expectations for the post-project work up front, either in the contract itself, or in a separate document.
Terms I've used in the past include a post-contract warranty period, where for X number of days or weeks I will fix for free anything that I consider my own defect.
After the post-contract warranty period, all changes require my standard rate, even if it's a defect.
This provides incentive to your employer to look for defects during the warranty period. Obviously you can still provide fixes for free if you want, but this provides protection against an employer coming back 6 months later and insisting on free work.
The important point here is to come to agreement on these expectations prior to the start of work, so there are no surprises on either side.
answered Feb 29 '16 at 22:45
mcknz
15.6k55468
One tactic not already mentioned is to define expectations for the post-project work up front, either in the contract itself, or in a separate document.
Terms I've used in the past include a post-contract warranty period, where for X number of days or weeks I will fix for free anything that I consider my own defect.
After the post-contract warranty period, all changes require my standard rate, even if it's a defect.
This provides incentive to your employer to look for defects during the warranty period. Obviously you can still provide fixes for free if you want, but this provides protection against an employer coming back 6 months later and insisting on free work.
The important point here is to come to agreement on these expectations prior to the start of work, so there are no surprises on either side.
answered Feb 29 '16 at 22:45
mcknz
15.6k55468
answered Feb 29 '16 at 22:45
mcknz
15.6k55468
answered Feb 29 '16 at 22:45
mcknz
15.6k55468
answered Feb 29 '16 at 22:45
mcknz
15.6k55468
15.6k55468
suggest improvements |Â
suggest improvements |Â
up vote
1
down vote
Password changes: You had months of time to cause all kinds of damage with your password and you didn't. You are leaving because your contract ended just in the normal manner, so nobody would expect that you would start causing damage now. You should (during the time they pay you) probably create a list of all your company passwords and hand it over to them; they can then decide whether to delete all accounts immediately, take their time to delete them, at least until they verified that they can access everything, or maybe even leave them for a short time in case they pay you for another week to fix some small problems.
What would be absolutely awful: If you delete your passwords, and it turns out that you were the only one with access to something.
It is usually logged who connects to some server, and where from. If someone messed up, that wouldn't be done from your account. If someone says "I'm stupid and probably mess up, so I use joshuaty's account and blame him if it goes wrong", well, that's an attitude that may put the person into jail in the worst case, and at least open them up to a libel case.
PS. People have passwords related to the company they are working for that are not controlled by the company but by a third party. For example if a company product uses a third party service, then someone must have registered an account with a password for that third party service. That kind of password cannot just be changed by the company.
answered Feb 29 '16 at 15:41
gnasher729
70.8k31131222
If the company has the ability to delete accounts, they have the ability to disable access or change the passwords. There's no need to print a list.
– Blrfl
Feb 29 '16 at 18:51
Thanks for the answer. Yes exactly, I'm not mysteriously disappeared. I had 3-4 documenting sessions, where a person who is taking over asked me questions and we compiled a big multi-page document with all the info, in addition to me providing an encrypted password vault. But the issue is, when you have people taking over who barely know how to type a command into a terminal, anything could happen. The attitude was "we just going to chug along without hiring anyone" so a potential wrong command can wipe the business.
– joshuaty
Feb 29 '16 at 19:22
suggest improvements |Â
up vote
1
down vote
Password changes: You had months of time to cause all kinds of damage with your password and you didn't. You are leaving because your contract ended just in the normal manner, so nobody would expect that you would start causing damage now. You should (during the time they pay you) probably create a list of all your company passwords and hand it over to them; they can then decide whether to delete all accounts immediately, take their time to delete them, at least until they verified that they can access everything, or maybe even leave them for a short time in case they pay you for another week to fix some small problems.
What would be absolutely awful: If you delete your passwords, and it turns out that you were the only one with access to something.
It is usually logged who connects to some server, and where from. If someone messed up, that wouldn't be done from your account. If someone says "I'm stupid and probably mess up, so I use joshuaty's account and blame him if it goes wrong", well, that's an attitude that may put the person into jail in the worst case, and at least open them up to a libel case.
PS. People have passwords related to the company they are working for that are not controlled by the company but by a third party. For example if a company product uses a third party service, then someone must have registered an account with a password for that third party service. That kind of password cannot just be changed by the company.
answered Feb 29 '16 at 15:41
gnasher729
70.8k31131222
If the company has the ability to delete accounts, they have the ability to disable access or change the passwords. There's no need to print a list.
– Blrfl
Feb 29 '16 at 18:51
Thanks for the answer. Yes exactly, I'm not mysteriously disappeared. I had 3-4 documenting sessions, where a person who is taking over asked me questions and we compiled a big multi-page document with all the info, in addition to me providing an encrypted password vault. But the issue is, when you have people taking over who barely know how to type a command into a terminal, anything could happen. The attitude was "we just going to chug along without hiring anyone" so a potential wrong command can wipe the business.
– joshuaty
Feb 29 '16 at 19:22
suggest improvements |Â
up vote
1
down vote
up vote
1
down vote
Password changes: You had months of time to cause all kinds of damage with your password and you didn't. You are leaving because your contract ended just in the normal manner, so nobody would expect that you would start causing damage now. You should (during the time they pay you) probably create a list of all your company passwords and hand it over to them; they can then decide whether to delete all accounts immediately, take their time to delete them, at least until they verified that they can access everything, or maybe even leave them for a short time in case they pay you for another week to fix some small problems.
What would be absolutely awful: If you delete your passwords, and it turns out that you were the only one with access to something.
It is usually logged who connects to some server, and where from. If someone messed up, that wouldn't be done from your account. If someone says "I'm stupid and probably mess up, so I use joshuaty's account and blame him if it goes wrong", well, that's an attitude that may put the person into jail in the worst case, and at least open them up to a libel case.
PS. People have passwords related to the company they are working for that are not controlled by the company but by a third party. For example if a company product uses a third party service, then someone must have registered an account with a password for that third party service. That kind of password cannot just be changed by the company.
answered Feb 29 '16 at 15:41
gnasher729
70.8k31131222
Password changes: You had months of time to cause all kinds of damage with your password and you didn't. You are leaving because your contract ended just in the normal manner, so nobody would expect that you would start causing damage now. You should (during the time they pay you) probably create a list of all your company passwords and hand it over to them; they can then decide whether to delete all accounts immediately, take their time to delete them, at least until they verified that they can access everything, or maybe even leave them for a short time in case they pay you for another week to fix some small problems.
What would be absolutely awful: If you delete your passwords, and it turns out that you were the only one with access to something.
It is usually logged who connects to some server, and where from. If someone messed up, that wouldn't be done from your account. If someone says "I'm stupid and probably mess up, so I use joshuaty's account and blame him if it goes wrong", well, that's an attitude that may put the person into jail in the worst case, and at least open them up to a libel case.
PS. People have passwords related to the company they are working for that are not controlled by the company but by a third party. For example if a company product uses a third party service, then someone must have registered an account with a password for that third party service. That kind of password cannot just be changed by the company.
answered Feb 29 '16 at 15:41
gnasher729
70.8k31131222
edited Aug 24 '16 at 8:16
answered Feb 29 '16 at 15:41
gnasher729
70.8k31131222
answered Feb 29 '16 at 15:41
gnasher729
70.8k31131222
answered Feb 29 '16 at 15:41
gnasher729
70.8k31131222
70.8k31131222
If the company has the ability to delete accounts, they have the ability to disable access or change the passwords. There's no need to print a list.
– Blrfl
Feb 29 '16 at 18:51
Thanks for the answer. Yes exactly, I'm not mysteriously disappeared. I had 3-4 documenting sessions, where a person who is taking over asked me questions and we compiled a big multi-page document with all the info, in addition to me providing an encrypted password vault. But the issue is, when you have people taking over who barely know how to type a command into a terminal, anything could happen. The attitude was "we just going to chug along without hiring anyone" so a potential wrong command can wipe the business.
– joshuaty
Feb 29 '16 at 19:22
suggest improvements |Â
If the company has the ability to delete accounts, they have the ability to disable access or change the passwords. There's no need to print a list.
– Blrfl
Feb 29 '16 at 18:51
Thanks for the answer. Yes exactly, I'm not mysteriously disappeared. I had 3-4 documenting sessions, where a person who is taking over asked me questions and we compiled a big multi-page document with all the info, in addition to me providing an encrypted password vault. But the issue is, when you have people taking over who barely know how to type a command into a terminal, anything could happen. The attitude was "we just going to chug along without hiring anyone" so a potential wrong command can wipe the business.
– joshuaty
Feb 29 '16 at 19:22
If the company has the ability to delete accounts, they have the ability to disable access or change the passwords. There's no need to print a list.
– Blrfl
Feb 29 '16 at 18:51
If the company has the ability to delete accounts, they have the ability to disable access or change the passwords. There's no need to print a list.
– Blrfl
Feb 29 '16 at 18:51
Thanks for the answer. Yes exactly, I'm not mysteriously disappeared. I had 3-4 documenting sessions, where a person who is taking over asked me questions and we compiled a big multi-page document with all the info, in addition to me providing an encrypted password vault. But the issue is, when you have people taking over who barely know how to type a command into a terminal, anything could happen. The attitude was "we just going to chug along without hiring anyone" so a potential wrong command can wipe the business.
– joshuaty
Feb 29 '16 at 19:22
Thanks for the answer. Yes exactly, I'm not mysteriously disappeared. I had 3-4 documenting sessions, where a person who is taking over asked me questions and we compiled a big multi-page document with all the info, in addition to me providing an encrypted password vault. But the issue is, when you have people taking over who barely know how to type a command into a terminal, anything could happen. The attitude was "we just going to chug along without hiring anyone" so a potential wrong command can wipe the business.
– joshuaty
Feb 29 '16 at 19:22
suggest improvements |Â
up vote
1
down vote
Should I demand passwords to be changed immediately so that I don't have access?
It should not be necessary for you to do so, if your company is mindful of security and operating under best practices. Your company should realize a terminated employee with active access is a security risk to the organization. While you may not have malicious intent, there still exists the possibility of you doing harm, such as stealing confidential data, or sabotage through logic bombs / backdoors.
In all of the places I worked, as an information technology auditor / Sec. professional, there is a well defined termination process whereby departing employees have their access credentials revoked, whether automatically (the ideal method) or manually through a ticketing system.
The company is also taking on unnecessary risk, as a disgruntled former employee can hack into the system if access is still active past their employment, through remote means if he has equipment such a company phone / tablet / laptop.
answered Aug 23 '16 at 1:21
Anthony
5,1431255
suggest improvements |Â
up vote
1
down vote
Should I demand passwords to be changed immediately so that I don't have access?
It should not be necessary for you to do so, if your company is mindful of security and operating under best practices. Your company should realize a terminated employee with active access is a security risk to the organization. While you may not have malicious intent, there still exists the possibility of you doing harm, such as stealing confidential data, or sabotage through logic bombs / backdoors.
In all of the places I worked, as an information technology auditor / Sec. professional, there is a well defined termination process whereby departing employees have their access credentials revoked, whether automatically (the ideal method) or manually through a ticketing system.
The company is also taking on unnecessary risk, as a disgruntled former employee can hack into the system if access is still active past their employment, through remote means if he has equipment such a company phone / tablet / laptop.
answered Aug 23 '16 at 1:21
Anthony
5,1431255
suggest improvements |Â
up vote
1
down vote
up vote
1
down vote
Should I demand passwords to be changed immediately so that I don't have access?
It should not be necessary for you to do so, if your company is mindful of security and operating under best practices. Your company should realize a terminated employee with active access is a security risk to the organization. While you may not have malicious intent, there still exists the possibility of you doing harm, such as stealing confidential data, or sabotage through logic bombs / backdoors.
In all of the places I worked, as an information technology auditor / Sec. professional, there is a well defined termination process whereby departing employees have their access credentials revoked, whether automatically (the ideal method) or manually through a ticketing system.
The company is also taking on unnecessary risk, as a disgruntled former employee can hack into the system if access is still active past their employment, through remote means if he has equipment such a company phone / tablet / laptop.
answered Aug 23 '16 at 1:21
Anthony
5,1431255
Should I demand passwords to be changed immediately so that I don't have access?
It should not be necessary for you to do so, if your company is mindful of security and operating under best practices. Your company should realize a terminated employee with active access is a security risk to the organization. While you may not have malicious intent, there still exists the possibility of you doing harm, such as stealing confidential data, or sabotage through logic bombs / backdoors.
In all of the places I worked, as an information technology auditor / Sec. professional, there is a well defined termination process whereby departing employees have their access credentials revoked, whether automatically (the ideal method) or manually through a ticketing system.
The company is also taking on unnecessary risk, as a disgruntled former employee can hack into the system if access is still active past their employment, through remote means if he has equipment such a company phone / tablet / laptop.
answered Aug 23 '16 at 1:21
Anthony
5,1431255
edited Dec 12 '16 at 3:37
answered Aug 23 '16 at 1:21
Anthony
5,1431255
answered Aug 23 '16 at 1:21
Anthony
5,1431255
answered Aug 23 '16 at 1:21
Anthony
5,1431255
5,1431255
suggest improvements |Â
suggest improvements |Â
up vote
0
down vote
The smart way to handle this is to create a book of the project and code you worked on. Print out flowcharts, code, a change log, and any user guides and documentation and present it to your bosses before leaving. Code can be changed, print cannot.
Beyond that, it is almost a cliché that the contractor gets blamed for the troubles the current employee is working on. CYA, but expect blame anyway
answered Feb 29 '16 at 14:22
Richard U
77.4k56201308
Code can be changed, but I doubt there are many shops left which don't use a version control system, where you can always tell who changed what from what and when they did it.
– Juha Untinen
Aug 25 '16 at 5:38
suggest improvements |Â
up vote
0
down vote
The smart way to handle this is to create a book of the project and code you worked on. Print out flowcharts, code, a change log, and any user guides and documentation and present it to your bosses before leaving. Code can be changed, print cannot.
Beyond that, it is almost a cliché that the contractor gets blamed for the troubles the current employee is working on. CYA, but expect blame anyway
answered Feb 29 '16 at 14:22
Richard U
77.4k56201308
Code can be changed, but I doubt there are many shops left which don't use a version control system, where you can always tell who changed what from what and when they did it.
– Juha Untinen
Aug 25 '16 at 5:38
suggest improvements |Â
up vote
0
down vote
up vote
0
down vote
The smart way to handle this is to create a book of the project and code you worked on. Print out flowcharts, code, a change log, and any user guides and documentation and present it to your bosses before leaving. Code can be changed, print cannot.
Beyond that, it is almost a cliché that the contractor gets blamed for the troubles the current employee is working on. CYA, but expect blame anyway
answered Feb 29 '16 at 14:22
Richard U
77.4k56201308
The smart way to handle this is to create a book of the project and code you worked on. Print out flowcharts, code, a change log, and any user guides and documentation and present it to your bosses before leaving. Code can be changed, print cannot.
Beyond that, it is almost a cliché that the contractor gets blamed for the troubles the current employee is working on. CYA, but expect blame anyway
answered Feb 29 '16 at 14:22
Richard U
77.4k56201308
answered Feb 29 '16 at 14:22
Richard U
77.4k56201308
answered Feb 29 '16 at 14:22
Richard U
77.4k56201308
answered Feb 29 '16 at 14:22
Richard U
77.4k56201308
77.4k56201308
Code can be changed, but I doubt there are many shops left which don't use a version control system, where you can always tell who changed what from what and when they did it.
– Juha Untinen
Aug 25 '16 at 5:38
suggest improvements |Â
Code can be changed, but I doubt there are many shops left which don't use a version control system, where you can always tell who changed what from what and when they did it.
– Juha Untinen
Aug 25 '16 at 5:38
Code can be changed, but I doubt there are many shops left which don't use a version control system, where you can always tell who changed what from what and when they did it.
– Juha Untinen
Aug 25 '16 at 5:38
Code can be changed, but I doubt there are many shops left which don't use a version control system, where you can always tell who changed what from what and when they did it.
– Juha Untinen
Aug 25 '16 at 5:38
suggest improvements |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f62754%2fat-the-end-of-contracting-work-it-programming-what-steps-need-to-be-taken-to%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
How do you know passwords haven't already been changed? Also, you have absolutely no business checking, and you should destroy all record of the old oassword so it can't be stolen from you - or at the vety least put it behind extremely strong encryption -- or you haven't done your part in maintaining security. If you do your job right, whether they do theirs right is not your problem.
– keshlam
Feb 28 '16 at 16:10
1
If you've memorised your password already and want to forget it, you could change your password to a randomly generated one, and then don't record that password anywhere else. Use copy/paste to avoid unintentionally memorising the new password.
– Brandin
Feb 29 '16 at 14:59
I think as well as actually changing the critical passwords, my thinking was to inform everyone that we are changing them, this is purely to deter blame.
– joshuaty
Feb 29 '16 at 19:30
@joshuaty companies typically disable user accounts at the end of the contract, so changing your password may not be necessary. Your only obligation is to notify/confirm the end date with your employer, and not attempt to access your account after that date.
– mcknz
Feb 29 '16 at 19:50
Fact of life: you're no longer working with them. Of course you are going to be blamed for everything from a light bulb going out to the new guy being late to work. Doesn't matter if you're a contractor or an ex employee; it's still going to be your fault.
– NotMe
Feb 29 '16 at 23:01