Prior to employment

Objective: To ensure that employees, contractors and third party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities.

Information security should be addressed at the recruitment stage, included in the job descriptions and contracts, and monitored during the individual's employment. It should also form part of the exit process to ensure that organisational assets are returned prior to cessation of employment or contract.

Note: This clause is relevant to staff, contractors and third parties employed by the organisation. Typically - HR departments are not responsible for non-staff. Ensure that non-staff are appropriately handles in the organisation.

Roles and responsibilities

Job descriptions should define security roles and responsibilities and applied prior to the applicant starting work. Responsibilities should be based on the organisational security policy.

Screening

All applications for employment should have their details verified at the time of application. The degree of verification required will depend on the specific roles and responsibilities of the individual.

Terms and conditions of employment

Terms and conditions of employment should state the employee's responsibilities for information security both during and after employment as well as whilst not on the organisation's premises.

An Introduction To Information, Network and Internet Security
Prior to employment Objective: To ensure that employees, contractors and third party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities. Information security should be addressed at the recruitment stage, included in the job descriptions and contracts, and monitored during the individual's employment. It should also form part of the exit process to ensure that organisational assets are returned prior to cessation of employment or contract. Note: This clause is relevant to staff, contractors and third parties employed by the organisation. Typically - HR departments are not responsible for non-staff. Ensure that non-staff are appropriately handles in the organisation. Roles and responsibilities Job descriptions should define security roles and responsibilities and applied prior to the applicant starting work. Responsibilities should be based on the organisational security policy. Screening All applications for employment should have their details verified at the time of application. The degree of verification required will depend on the specific roles and responsibilities of the individual. Terms and conditions of employment Terms and conditions of employment should state the employee's responsibilities for information security both during and after employment as well as whilst not on the organisation's premises.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security