The employment contracts specify the responsibilities of the employee and the organization for cyber security.
Contracts should include e.g.:
Organisaatio on muodostanut ohjeistukset, joilla varmistetaan turvallisuutta eri työsuhteen elinkaaren vaiheissa. Ohjeistuksia koulutetaan ja valvotaan tarvittavien henkilöstöryhmien parissa (esim. esimiehet).
Menettelyohjeet voidaan kohdistaa työsuhteen eri elinkaaren vaiheisiin. Eri ohjeistuksia voivat olla esimerkiksi:
Applicants applying for cyber security should have their background checked, taking into account relevant laws and regulations.
The check may include:
The background check may also be extended to, for example, teleworkers, contractors or other third parties. The depth of the background check can be related to the category of the accessed data.
In all changes on employment relationship, access rights should be reviewed in cooperation with the owners of the protected property and re-granted to the person completely when there is a significant change in the person's employment. A change can be a promotion or a change of role (e.g., moving from one unit to another).