3.3.1 Human Resources
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 |
Effective from May 24 2017 - May 23 2017
To view other versions open the versions tab on the right
Principle
The Member Organization should incorporate cyber security requirements into human resources processes.
Objective
To ensure that Member Organization staff’s cyber security responsibilities are embedded in staff agreements and staff are being screened before and during their employment lifecycle.
Control considerations
| 1. | The human resources process should define, approve and implement cyber security requirements. | |||
| 2. | The effectiveness of the human resources process should be monitored, measured and periodically evaluated. | |||
| 3. | The human resource process should include: | |||
| a. | cyber security responsibilities and non-disclosure clauses within staff agreements (during and after the employment); | |||
| b. | staff should receive cyber security awareness at the start and during their employment; | |||
| c. | when disciplinary actions will be applicable; | |||
| d. | screening and background check; | |||
| e. | post-employment cyber security activities, such as: | |||
| 1. | revoking access rights; | |||
| 2. | returning information assets assigned (e.g., access badge, tokens, mobile devices, all electronic and physical information). | |||