Content library
Changes in employment relationships
Restriction of access rights at high risk times of employment

Other tasks from the same security theme

Task name
Priority
Status
Theme
Policy
Other requirements
Process for granting access rights at the start of employment relationships
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
11
requirements

Examples of other requirements this task affects

9.2.1: User registration and de-registration
ISO27 Full
9.2.2: User access provisioning
ISO27 Full
PR.AC-1: Identity and credential management
NIST
UAC-01: User account creation
Cyber Essentials
5.16: Identity management
ISO27k1 Full
See all related requirements and other information from tasks own page.
Go to >
Process for granting access rights at the start of employment relationships
1. Task description

When a person starts an employment relationship, he or she is granted access to all data systems related to his or her role at once.

Process for removing hardware and access rights at termination of employment relationship
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
23
requirements

Examples of other requirements this task affects

8.1.4: Return of assets
ISO27 Full
9.2.1: User registration and de-registration
ISO27 Full
9.2.6: Removal or adjustment of access rights
ISO27 Full
PR.AC-1: Identity and credential management
NIST
UAC-03: Disabling unnecessary user accounts
Cyber Essentials
See all related requirements and other information from tasks own page.
Go to >
Process for removing hardware and access rights at termination of employment relationship
1. Task description

Our organization has defined procedures for coordinating, at the time of termination of employment, e.g..:

  • Hardware recovery
  • Removal of access rights
  • Restoration of other information assets
Turvallisuusselvitysten tarpeen arviointi ja toteuttaminen
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
1
requirements

Examples of other requirements this task affects

HAL-10.1: Henkilöstön luotettavuuden arviointi - turvallisuusselvitys
Julkri
See all related requirements and other information from tasks own page.
Go to >
Turvallisuusselvitysten tarpeen arviointi ja toteuttaminen
1. Task description

Organisaatio arvioi turvallisuusselvityksen tarpeen ja mikäli sellaista edellytetään, toteuttaa turvallisuusselvityksen myöntää henkilöille pääsyn suojattaviin kohteisiin vasta turvallisuusselvityksen jälkeen.

Turvallisuusselvityksen laajuus riippuu ihmisen työtehtävästä ja tarvittavista oikeuksista esimerkiksi salassa pidettävän tiedon käsittelyyn. Selvityksen laajuus ratkaisee, mitä tietolähteitä selvityksen tekemisessä käytetään. Henkilöä itseään voidaan tarvittaessa haastatella.

Ohjeistukset työsuhteen elinkaaren huomioimiseksi
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
3
requirements

Examples of other requirements this task affects

T08: Työsuhteen elinkaaren huomioiminen
Katakri
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan
Julkri
T-09: TYÖSUHTEEN AIKAISET MUUTOKSET TURVALLISUUSLUOKITELTUJEN TIETOJEN KÄSITTELYSSÄ
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Ohjeistukset työsuhteen elinkaaren huomioimiseksi
1. Task description

Organisaatio on muodostanut ohjeistukset, joilla varmistetaan turvallisuutta eri työsuhteen elinkaaren vaiheissa. Ohjeistuksia koulutetaan ja valvotaan tarvittavien henkilöstöryhmien parissa (esim. esimiehet).

Menettelyohjeet voidaan kohdistaa työsuhteen eri elinkaaren vaiheisiin. Eri ohjeistuksia voivat olla esimerkiksi:

  • rekrytointiohjeet
  • perehdyttämisohjeet
  • työsuhteen aikaisten muutosten ohjeet
  • työsuhteen päättymisen ohjeet
  • ja ohjeet yksityiskohtaisempiin toimiin kuten esimerkiksi ohjeet käyttö- ja pääsyoikeuksien muutoksiin
Screenings and background checks before recruitment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
21
requirements

Examples of other requirements this task affects

7.1.1: Screening
ISO27 Full
T09: Henkilöstön luotettavuuden arviointi
Katakri
PR.AC-6: Proof of identity
NIST
PR.IP-11: Cybersecurity in human resources
NIST
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan
Julkri
See all related requirements and other information from tasks own page.
Go to >
Screenings and background checks before recruitment
1. Task description

Applicants applying for cyber security should have their background checked, taking into account relevant laws and regulations.

The check may include:

  • review of recommendations
  • verification of CV accuracy
  • verification of educational qualifications
  • verification of identity from an independent source
  • other more detailed checks (e.g. credit information, review of previous claims or criminal record)

The background check may also be extended to, for example, teleworkers, contractors or other third parties. The depth of the background check can be related to the category of the accessed data.

Review of access right for changed employee roles
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
13
requirements

Examples of other requirements this task affects

9.2.5: Review of user access rights
ISO27 Full
UAC-06: Managing user privileges
Cyber Essentials
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan
Julkri
TEK-07.3: Pääsyoikeuksien hallinnointi - pääsyoikeuksien ajantasaisuus
Julkri
5.18: Access rights
ISO27k1 Full
See all related requirements and other information from tasks own page.
Go to >
Review of access right for changed employee roles
1. Task description

In all changes on employment relationship, access rights should be reviewed in cooperation with the owners of the protected property and re-granted to the person completely when there is a significant change in the person's employment. A change can be a promotion or a change of role (e.g., moving from one unit to another).

Informing about cyber security responsibilities that continue after employment relationship has ended
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
12
requirements

Examples of other requirements this task affects

7.3: Termination and change of employment
ISO27 Full
7.3.1: Termination or change of employment responsibilities
ISO27 Full
PR.DS-5: Data leak protection
NIST
6.5: Responsibilities after termination or change of employment
ISO27k1 Full
CC2.2: Internal communication of information
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Informing about cyber security responsibilities that continue after employment relationship has ended
1. Task description

The employment contract should distinguish between cyber security responsibilities and obligations that remain in force after the termination of the employment relationship. The employee should also be reminded of these at the end of the employment relationship to ensure compliance.

Turvallisuusluokiteltuja tietoja käsittelevän henkilön luotettavuuden arviointi
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
1
requirements

Examples of other requirements this task affects

T-10: HENKILÖSTÖN LUOTETTAVUUDEN ARVIOINTI
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Turvallisuusluokiteltuja tietoja käsittelevän henkilön luotettavuuden arviointi
1. Task description

Viranomaisen on tunnistettava ne tehtävät, joiden suorittaminen edellyttää sen palveluksessa olevilta tai sen lukuun toimivilta henkilöiltä erityistä luotettavuutta. Henkilöturvallisuusselvitystä hakee turvallisuusluokitellun tiedon omistava viranomainen.

Selvitystä haetaan Suojelupoliisilta, joka päättää sen tekemisestä. Selvitystä haetaan Pääesikunnalta, joka päättää sen tekemisestä, jos selvityksen kohteen (henkilö) on tarkoitus hoitaa puolustusvoimien antamaa tehtävää taikka jos selvitys liittyy puolustusvoimien toimintaan tai hankintoihin. Selvitys laaditaan suppeana, perusmuotoisena tai laajana riippuen käsiteltävästä turvallisuusluokitellusta tiedosta.

Kansainvälisten tietoturvallisuusvelvoitteiden toteuttamiseksi tarpeellista henkilöturvallisuusselvitystodistusta (PSC, Personnel Security Clearance) haetaan Ulkoministeriössä toimivalta Kansalliselta turvallisuusviranomaiselta (NSA, National Security Authority). Esimerkiksi EU:n ja Naton turvallisuusluokiteltujen tietojen käsittely edellyttää turvallisuusluokasta III (CONFIDENTIAL) lähtien PSC:tä.

Restriction of access rights at high risk times of employment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
5
requirements

Examples of other requirements this task affects

9.2.6: Removal or adjustment of access rights
ISO27 Full
5.18: Access rights
ISO27k1 Full
CC6.2: Registering and authorizing new users before granting access
SOC 2
T-09: TYÖSUHTEEN AIKAISET MUUTOKSET TURVALLISUUSLUOKITELTUJEN TIETOJEN KÄSITTELYSSÄ
Katakri 2020
4.5: Käyttöoikeuksien hallinta
TiHL: Tietoturva
See all related requirements and other information from tasks own page.
Go to >
Restriction of access rights at high risk times of employment
1. Task description

If a person's employment is terminating or significantly changing, the reduction of access rights to assets should be considered, depending on the following:

  • a person’s reluctance towards the upcoming change
  • the extent of the person’s current access rights and responsibilities
  • the value of the assets to which the employee has access
Special supervision of dismissed workers
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
4
requirements

Examples of other requirements this task affects

8.1.4: Return of assets
ISO27 Full
9.2.6: Removal or adjustment of access rights
ISO27 Full
5.11: Return of assets
ISO27k1 Full
See all related requirements and other information from tasks own page.
Go to >
Special supervision of dismissed workers
1. Task description

During the period of termination of employment, the organization should ensure that the dismissed employee does not, for example, copy important information (e.g. intangible assets) without authorization.

Universal cyber compliance language model: Comply with confidence and least effort

In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.

Security frameworks tend to share the common core. All frameworks cover basic topics like risk management, backup, malware, personnel awareness or access management in their respective sections.
Cyberday’s universal cyber security language technology creates you a single security plan and ensures you implement the common parts of frameworks just once. You focus on implementing your plan, we automate the compliance part - for current and upcoming frameworks.
Start your free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.