Contract for remote workers

sshz2011-04-10 11:37:40

Freelance

sshz, 2011-04-10 11:37:40

I often work with freelancers. My task is to somehow protect myself from the malicious actions of the performer.

Those with whom I work are freelancers with good experience and reviews, but giving a freelancer, for example, root access to a server hosting several projects, you still involuntarily wonder what will happen if a person takes and deletes everything from the server.

My idea is to conclude the simplest online contract with the contractor, which will describe that confidential information is transferred to him and he is responsible for its disclosure or use to the detriment of the customer.

Such an agreement signed, for example, with a personal Webmoney certificate of the performer, plus correspondence and logs may well be an argument in court. But the main goal of such an agreement is not to win in court, but to protect itself from bad performers; in the presence of such an agreement, the performer is unlikely to want to harm the customer, and then check who will win in court.

The questions, I think, are clear even without voicing them:
Are there any systems that allow concluding such contracts? Do you use such systems?

Answer the question

In order to leave comments, you need to log in

7 answer(s)

xanep, 2011-04-10
@xanep

Read this habrahabr.ru/blogs/my_business/81082/

mambet, 2011-04-10
@mambet

… in the presence of such an agreement, the contractor is unlikely to want to harm the customer

Harm can be done unknowingly.
In no case should you give a root password (even to a sane, it would seem, freelancer) because the following scenario is very possible:
1. A person hammers this password into WinSCP and saves it there.
2. The virus/keylogger collects all passwords from this negligent person, including the password to WinSCP and sends them to the "hacker".
3. ????? (you can think of it yourself :)
And it's not necessarily root, even just a password for access to “all projects” is already bad.
Not without reason, in some paranoid hostings, access to the console (non-rooted!) Is given for 24 hours, and then only after presenting a passport. Once I was indignant, but now I understand.
So:
1. Separation of access rights.
2. Backups.
And in general, if, say, a developer on the server needs to build and deploy the project, let him do it with some kind of hudson-type system, and not with his hands, and upload the source codes to the version control system. All this needs to be messed around and set up, but it's safer.

dmomen, 2011-04-10
@dmomen

Make backups that no one else has access to. Check people with time, appreciate kind and responsible performers who don’t need malicious access to the server. That's the best security. And all this evidence for the courts is fictitious reassurance, which 99% will not resort to, otherwise they simply would not work with freelancing.

Lev Lybin, 2011-04-10
@lybin

Recently, a law on electronic signatures was adopted, please look for the details yourself, but theoretically it is possible to conclude any remote contracts now, I think after reading this law it will become clear to you what to sign the contract.

bdmalex, 2011-04-10
@bdmalex

but giving a freelancer, for example, root access to a server where several projects are hosted ...
So I would actually, on one server, if I kept several projects, I would keep each one in its own separate environment. A lot of virtualization technologies have been invented from jail, chroot to ... OpenVZ ...
Set it up once - and do not touch it again, and give access only to individual projects ...

eDissideNT, 2011-04-10
@eDissideNT

I work as a freelancer with foreign clients, and they usually send a document, I print it, sign it, photograph it and send it to the client. I don’t know how much this is protected by law in Russia, but after that, customers apparently feel protected.

Homakov, 2011-04-10
@Homakov

rightsignature :)