|
|
|
|
|
|
by 35fbe7d3d5b9
1761 days ago
|
|
|
As JulianMorrison notes, this is common in finance. The FDIC strongly recommends that banks enforce this[1] – you can't cook the books when you have no access to the systems. But sometimes it's not just about cooking the books: the last "SSL cert expiration" fire I lived through happened because the person who had credentials to Digicert had to take sick leave. It was never a documented/defined process because "just flip Tim an email" was always sufficient, Tim didn't mind doing the work, and Tim didn't like going on vacation. Two week lockouts mean there's no chance of shadow IT/back channel work happening, and forces you to document your processes. [1]: https://www.fdic.gov/news/financial-institution-letters/1995... |
|
|