Вы находитесь на странице: 1из 9

S No Control Control Name Control

Number Description

A.8.1.3 Terms and As part of their
conditions of contractual obligation,
employment employees,
contractors and
third party users shall
agree and sign the
terms and conditions
their employment
contract, which shall
state their and the
responsibilities for
information security.

A.8.3.1 Termination Responsibilities for

responsibilities performing
termination or change
of employment shall
be clearly defined and
A.8.1.1 Roles and Security roles and
responsibilities responsibilities of
contractors and
third party users shall
be defined and
documented in
with the
information security

A.8.1.2 Screening Background

verification checks on
all candidates for
contractors, and third
party users shall be
carried out in
with relevant laws,
regulations and
ethics, and
proportional to the
requirements, the
classification of the
information to be
accessed, and the
perceived risks.
A.8.2.3 Disciplinary There shall be a
process formal disciplinary
process for
employees who have
committed a security
Handbook Policy Procedur Audit
e Artifact

1.It is important that employees,contractors and Informati HR-Hanbook Employee
third-party users are aware of their security and on offer
legal responsiblities regarding the handling of Security letter,
information and classifcations and use of Policy Signed
information processing facilities and the NDA by
consequences of not complying with security or employee
legal requirement.

2.It is important that employees,contractors and

third party users sign a confidentiality

1.There should be processes in place ensuring Informati HR- 1)Physical

that all rights for logical and physical access are on Handbook Access
removed as and when the job fuction Security report
terminates. Policy
2.The reponsibilties for termination or change of Access
employment should also include ongoing report
security or legal requirement that might
continue after the contractual arrangement was 3)Deletion
finalized. of email ID

4)No Dues
& Exit
1.The organisation will be vulnerable insecurity Informati 1)HR- Roles and
if employees,contractors and third party users on Handbook responsibil
are not aware of the information security Security ities
policy,what they have to comply with and what Policy 2)Security document
is expected from them. Organisation (ISMS
roles like
2.For all employees ,contractors and third-party 3)Respectiv CISO,
users,roles and responsiblities should be e Security
defined and clearly communicated, in line with Procedures forum)
the organization's security policies. at functional
level will
3.One way of achieveing this could be to have a define their
reference to all information security related respective
roles and responsibilties. ISMS roles &

s and Third
t Guidelines

1.Screeing is the essentail control that can Informati HR-Hanbook Backgroun

prevent taking on the wrong person. on d Check
Security Reports
2.Whatever screening and data collection takes Policy
place,care should be taken that all applicable
legislations and regulations are complied with.

3.Identification checks,CV reviews and checks of

qualification and character references should be
1.Any non-compliance with security or controls Informati Incident Incident
by employees needs to be properly dealt with or on handeling Manageme
there will be decline in standards and an Security procedure nt Register
increase in insecurity. Policy

2.The disciplinay process will be influenced by

the organisation's and personnel mangement
practices but it should be documented and staff
should be aware of the details.
Implementation Audit
Responsibility Responsibilit

HR Quality

HR Quality
HR & Admin & IT OPs Quality

HR & Admin & IT OPs Quality

HR & All Quality