During employment

Objective: To ensure that employees, contractors and third party users are aware of information security threats and concerns, their responsibilities and liabilities, and are equipped to support organisational security policy in the course of their normal work and to reduce the risk of human error.

Management responsibilities

Management should ensure that all users of organisational systems and data are aware of and apply organisational security polices, procedures and working practices. This may require regular updating.

Information security awareness, in the education and training

All users of organisational information processing systems should be given adequate security education and technical training, this should be regularly updated as required.

Disciplinary process

A disciplinary process is essential for dealing with security breaches. This must define what actions will be regarded as misconduct.