An Introduction To
Prior to employment
Objective: To ensure that employees, contractors and third party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities.
Information security should be addressed at the recruitment stage, included in the job descriptions and contracts, and monitored during the individual's employment. It should also form part of the exit process to ensure that organisational assets are returned prior to cessation of employment or contract.
Note: This clause is relevant to staff, contractors and third parties employed by the organisation. Typically - HR departments are not responsible for non-staff. Ensure that non-staff are appropriately handles in the organisation.
Roles and responsibilities
Job descriptions should define security roles and responsibilities and applied prior to the applicant starting work. Responsibilities should be based on the organisational security policy.
All applications for employment should have their details verified at the time of application. The degree of verification required will depend on the specific roles and responsibilities of the individual.
Terms and conditions of employment
Terms and conditions of employment should state the employee's responsibilities for information security both during and after employment as well as whilst not on the organisation's premises.
The Security Practitioner
An Introduction to Information Security