topic Re: Does compliance policy in SAS communities usage at work vary between organisation by a long shot in All Things Community

Does compliance policy in SAS communities usage at work vary between organisation by a long shot?

novinosrin — Thu, 13 Jun 2019 00:38:45 GMT

SAS communities platform is by far the best or rather the only legitimate platform owned, run and endorsed by none other than SAS inc and the usage is widely accepted and encouraged by many organisations(SAS enterprise customers) for their users to ask, find and share even while people are at work. I'm in a situation I can't basically do either of the three, although one caveat that is perhaps could do general search and anything beyond could construe as an act of violation and very serious violation when the specifics deals with attachments.

Folks, for those of you who work in BFIG(Banking, Finance, Insurance and Government) or any other orgs where data is deemed the highest invaluable asset and are still able to login to our home aka SAS communites, how does the compliance policy work in your organisation?Is it lenient?

@Sas inc employees, To whom it may concern,

Do you offer recommendations to your customers that their employees(SAS users) are safe to use SAS communities of course with a disclaimer(where necessary) especially when it deals with specfics such as attachments/screen shots.

Any opinions, thoughts or notices of the past will help the general public with some awareness I'd think, although some of you can sense my tone where it is coming from?

Thank you for your time!

Re: Does compliance policy in SAS communities usage at work vary between organisation by a long shot

VDD — Thu, 13 Jun 2019 00:51:13 GMT

@novinosrin thanks for bringing up the question related those employers business practices. I am very interested in understanding how those business can benefit and assist their employee's with using the SAS communities forum.

Re: Does compliance policy in SAS communities usage at work vary between organisation by a long shot

Reeza — Thu, 13 Jun 2019 03:16:34 GMT

This is where generating fake data is very important. Some sample datasets from banking and health care would be an asset. I've worked in secure orgs where those computers can't even connect to the internet at all. In those cases, you learn to break your problem down to the simplest steps, solve each one independently and put it all back together. It's actually a great way to learn because it forces you to test and document thoroughly. You can't just plop your data and question and hope someone gives you an answer. But in general, fake data and general questions shouldn't get you in trouble. You can find good fake data on Kaggle. You can always clear that with your boss as well.

For questions that are a rush, sending data to SAS Support is allowed, as long as no PII usually, but you'll have to check with your org.

Lastly, some users will also use a pseudonym on here that doesn't link back to their real identity, so it's much harder to determine what data is out there even if there is a breach. And harder to trace it back to you.

And orgs that are that secure usually have an internal user group (or you can start one) or you can have locked off area's on here for companies.

Re: Does compliance policy in SAS communities usage at work vary between organisation by a long shot

Kurt_Bremser — Thu, 13 Jun 2019 06:49:08 GMT

I work in Insurance. I am an employee of the (local) IT division of one of the world's largest insurance holdings. Anybody who wants to know which just needs to seek out my paper at #SASGF19.

Since I'm in Europe, I am subject to the GDPR, which means I have to take the utmost care in protecting our customer's (and employee's, of course!) privacy. Therefore I have never posted data from our system anywhere here; I even take care to use other column/dataset/etc names when creating fake data. The only parts of code I posted mostly unchanged are those that deal with pure SAS-related techniques, like my "trick" to delete datasets physically to protect against "locked" files.

Since I profited (and still profit) a lot in my daily work from the things learned here (see Maxim 13), my employer sees this as time well spent, if it does not interfere with my normal duties. As long as I keep the system running and solve my tickets, everything's alright.

I also have to note that we have a certain affinity with open source and the philosophy behind it. We are even in a process of open-sourcing the core of our insurance business software. So "sharing" is viewed in a positive light here.

Re: Does compliance policy in SAS communities usage at work vary between organisation by a long shot

SASKiwi — Thu, 13 Jun 2019 07:48:26 GMT

I work for a bank and my employer behaves similarly to @Kurt_Bremser 's. They encourage participation in work-related forums like the SAS Community as they realise it improves employee's skills and knowledge which then feeds into greater work productivity for the company. I have the SAS Community and SAS Support open in my browser at work all the time - this is not a problem as I'm using them all the time to support the work I do.

Re: Does compliance policy in SAS communities usage at work vary between organisation by a long shot

ChrisHemedinger — Thu, 13 Jun 2019 18:11:48 GMT

@novinosrin We have lots of banks/financial institutions with SAS users who visit and post here. But you're correct that many companies are skittish about employees sharing on external communities, so the business need must be clear and the policies must be followed.

On our communities, we have a policy that warns against sharing sensitive information. More than once, my team has had to remove topics that contain information that should not have been shared. We respond quickly when we're made aware of such cases. They are rare...but it can happen. We partner with our customer organizations as needed.

Companies like yours also need clear policies that allow you to be productive and grow professionally, without risking corporate data. As @Kurt_Bremser said, many of these companies are using more from open source, which is completely community supported. You can't shut off that spigot, can you?

In my experience, ensuring "permission" to use SAS communities is a matter of asking the right person in your org, in the right way. It's easy to make the business case, and I've presented our program to many customers who want to learn more.

You also have a SAS account team that can help. I've reached out on your behalf -- hope we can get you connected.

Chris

Re: Does compliance policy in SAS communities usage at work vary between organisation by a long shot

novinosrin — Thu, 13 Jun 2019 23:38:02 GMT

Thank you @everyone for your time. Sorry it took one evening to post and acknowledge and appreciate your responses the next evening. My apologies for the delay.. Well, C'est la vie.