[Foundation-l] Background checks at Wikimedia

Ray Saintonge saintonge at telus.net
Mon Dec 17 08:14:54 UTC 2007

Andrew Whitworth wrote:
> On Dec 16, 2007 11:39 AM, Anthony <wikimail at inbox.org> wrote:
>> What about bonding? Has that been looked into and/or implemented?
>> I'd imagine the bonding company would run its own background check.
> For bonding or background checks, we would have to pay a third party
> some kind of money to handle them. We're a non-profit, and we
> shouldn't be spending our hard-earned money (or paying our employees
> to spend their time on it) running background checks and setting up
> surety bonds on the handful of employees we have.
That comes down to a matter of cost/benefit analysis.  If the overall 
cost of security significantly exceeds the probable costs of facing the 
risk then the extra security isn't worth it.  There's a huge industry 
out there that makes a hefty profit pandering to people's fears and 
insecurities.  Electronic retailers make  a bundle from service 
contracts on otherwise reliable equipment.  If it's a question of office 
personnel, what is the worst case scenario of the damage that the person 
could cause?  Then take the fees that one would pay for bonding or other 
insurance scams, and put them into a segregated contingency fund until 
that fund.  When the capital in that fund builds to the point that it 
can cover off the worse case scenario for every employee, use any 
further fee-equivalent amounts to have a big party.

When you consider the WMF's operations the biggest risks are probably 
not from a person in Carolyn's job running away with the piggy bank.  A 
rogue employee with server access could do a lot more damage.  Admins on 
a project can do a lot less damage, but we have had rogue admins in the 
past.  Consider then the number of rogue admins as a proportion of total 
admins.  That could give a good rough first probability of finding a 
rogue in any job class.  One just needs to do the math.

Insuring for catastrophic events is another issue, but that kind of 
insurance is relatively cheap. 


More information about the foundation-l mailing list