Human Resources
HRS domain controls.
Background Screening Policy and Procedures
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for background verification of all new employees.
Acceptable Use of Technology Policy and Procedures
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for defining allowances and conditions for the acceptable use of organizationally-owned or managed assets.
Clean Desk Policy and Procedures
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures that require unattended workspaces to not have openly visible confidential data.
Remote and Home Working Policy and Procedures
Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect information accessed, processed or stored at remote sites and locations.
Asset returns
Establish and document procedures for the return of organization-owned assets by terminated employees.
Employment Termination
Establish, document, and communicate to all personnel the procedures outlining the roles and responsibilities concerning changes in employment.
Employment Agreement Process
Employees sign the employee agreement prior to being granted access to organizational information systems, resources and assets.
Employment Agreement Content
The organization includes within the employment agreements provisions and/or terms for adherence to established information governance and security policies.
Personnel Roles and Responsibilities
Document and communicate roles and responsibilities of employees, as they relate to information assets and security.
Non-Disclosure Agreements
Identify, document, and review, at planned intervals, requirements for non-disclosure/confidentiality agreements reflecting the organization's needs for the protection of data and operational details.
Security Awareness Training
Establish, document, approve, communicate, apply, evaluate and maintain a security awareness training program for all employees of the organization and provide regular training updates.
Personal and Sensitive Data Awareness and Training
Provide all employees with access to sensitive organizational and personal data with appropriate security awareness training and regular updates in organizational procedures, processes, and policies.
Compliance User Responsibility
Make employees aware of their roles and responsibilities for maintaining awareness and compliance with established policies and procedures and applicable legal, statutory, or regulatory compliance obligations.