|
|
|
|
|
|
by db48x
1135 days ago
|
|
|
Maybe you’re working for the wrong clients. When I worked freelance it was expected that I would provide all necessary equipment myself. Access to servers and version control is usually by SSH, so it didn’t matter what OS I ran. Also, using your own equipment is often a differentiator between contractors and employees, as is setting your own work schedule. |
|
|
I work with a B2B product, and the client requirements when it comes to security are absolutely a labyrinth to navigate for my teams and our product, and I cannot imagine the nightmare they must deal with on a day to day basis.
The reality of the regulatory scope for IT is that it's chaotic. I've come to the understanding that regardless of the enterprise, likely any given business is failing to meet the requirements of _some_ regulatory framework because of some system in use that was never designed to be framework compliant, it was just made to solve a problem.
Typically there are means for exceptions to the frameworks, but IT teams are reticent to submit such requests as it's not well defined in the regulation "what happens if you submit too many requests?"
Very likely there is an audit script or something the businesses can run to quickly approve/deny a new machine. I get the GP's frustration and your statement over such restrictions/requirements, but I also understand it from the other side; it's much easier to just play it safe than risk an auditor in a bad mood deciding that you're non-compliant and the non-sense that goes with the path back to compliance.