Information Security Human Resource management

Human Resource security

iso27001:2013

Pre-Appointment

To ensure that employees, third-party personnel understand their responsibilities, and consider the role they assume is appropriate

In Appointment

Ensure that all employees and third party personnel are aware of and fulfill their informatics security responsibilities

Termination or change of appointment

Incorporating the interests of the protection organization into the process of human change or termination

1. Review

1.1 Background survey on candidates for all

Includes: identity information, education information, previous position, job performance, work integrity, etc.

Focus on key positions and focus reviews (care to protect personal privacy)

Terms and conditions for 1.2 persons

Signing Information security responsibility

form of expression: Labor contract, confidentiality agreement

Content Focus: The responsibility of informatics security, Xu Protection of information assets, confidentiality period

Note: All contracts and agreements need to be audited by legal department or lawyer

Appointments-Information security ceremonies, education and training

1.1 Information security ceremonies, education and training

Novelty and variety, content lively

Can only be associated with the post, regularly updated and carried out

Broad coverage, onboarding, on-site or online training, induction exams

1.2 Management responsibility and disciplinary process

Management responsibility managers are advised to require all employees and external users to secretly organize established policies and procedures for security

Try

The disciplinary process has a formal and communicated disciplinary process to deal with employees who violate security breaches.

Managers at all levels assume responsibilities

Incorporating new messaging security into departmental and employee performance metrics (2%-5%)

Moderately rewarding, effective implementation

termination or change of human use

The information security responsibilities and obligations that are still valid after termination or change shall be defined and transmitted to employees and external personnel

Reach and implementation

Information security control points infiltrate transfer and rational process

Information asset recovery, access rights cleanup

Positive and effective communication

This article from "No Twin Cities" blog, reproduced please contact the author!

Information Security Human Resource management