Personnel security policies concern people associated with the organization, such as employees, contractors, and consultants. These policies encompass the following:
Background verification checks are primarily used in employment candidate screening processes. They may include the following:
Besides general job roles, based on the business requirements, information security responsibilities that include information handling requirements should form part of the employment agreement and policies.
Employees should also be aware of organization's information security policies, and when they are given access to sensitive or confidential information, they need to additionally sign confidentiality and nondisclosure agreements.
Employee termination processes have to be in accordance with the established security policies and practices. The primary objective of the process is to ensure that employees, contractors, and third-party users exit or change employment as per established procedures without compromising security. The procedures may include termination of responsibilities, return of assets, removal of access rights, and so on.
Third-party users, such as vendors, consultants, and contractors, need access to the information and associated systems based on the job function. Information protection starts from screening process, confidentiality, and nondisclosure agreements.
52.14.134.130