|
All organizations shall
develop, document, and implement policies and procedures for the
selection/recruitment, orientation, training and supervision of
employees who have access to the organization’s IT resources. This
is to ensure that a high level of integrity and satisfactory staff
conduct is achieved and maintained, and to promote an awareness of
security matters in the organization.
While recruiting an employee, you must have screened the
resume and the qualifications. However reference checks and
background investigations may have to be done as a routine exercise
through a third party agency that specializes in background checks.
Security awareness
training shall be a part of training when an employee joins the
organization. It is always advisable to conduct an annual training
security awareness program for the current employees to make them
aware of the changes in the security environment and the care that
has to be take care of.
Sanctions for security violations must be made very clear to
the employees.
The
organization shall clearly document the processes for employees when
separating from service.
|