Content library
Julkri: TL IV-I
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan

How to fill the requirement

Julkri: TL IV-I

HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan

Task name
Priority
Status
Theme
Policy
Other requirements
Defining cyber security responsibilities and tasks in employment contracts
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Cyber security in contracts
requirements

Task is fulfilling also these other security requirements

7.1.2: Terms and conditions of employment
ISO27 Full
7.3: Termination and change of employment
ISO27 Full
7.3.1: Termination or change of employment responsibilities
ISO27 Full
PR.DS-5: Data leak protection
NIST
PR.IP-11: Cybersecurity in human resources
NIST
1. Task description

The employment contracts specify the responsibilities of the employee and the organization for cyber security.

Contracts should include e.g.:

  • the employee's legal responsibilities and rights, such as those related to copyright or data protection law
  • the employee's responsibility for following the instructions, e.g. related to the use of hardware and data and the classification of information
  • the employee's or temporary employee's responsibility for processing information received from other companies or other parties
  • measures if the employee or temporary worker violates the safety requirements of the organization
  • continuing obligations after termination of employment
Ohjeistukset työsuhteen elinkaaren huomioimiseksi
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

T08: Työsuhteen elinkaaren huomioiminen
Katakri
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan
Julkri
T-09: TYÖSUHTEEN AIKAISET MUUTOKSET TURVALLISUUSLUOKITELTUJEN TIETOJEN KÄSITTELYSSÄ
Katakri 2020
1. Task description

Organisaatio on muodostanut ohjeistukset, joilla varmistetaan turvallisuutta eri työsuhteen elinkaaren vaiheissa. Ohjeistuksia koulutetaan ja valvotaan tarvittavien henkilöstöryhmien parissa (esim. esimiehet).

Menettelyohjeet voidaan kohdistaa työsuhteen eri elinkaaren vaiheisiin. Eri ohjeistuksia voivat olla esimerkiksi:

  • rekrytointiohjeet
  • perehdyttämisohjeet
  • työsuhteen aikaisten muutosten ohjeet
  • työsuhteen päättymisen ohjeet
  • ja ohjeet yksityiskohtaisempiin toimiin kuten esimerkiksi ohjeet käyttö- ja pääsyoikeuksien muutoksiin
Screenings and background checks before recruitment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

T09: Henkilöstön luotettavuuden arviointi
Katakri
7.1.1: Screening
ISO27 Full
PR.AC-6: Proof of identity
NIST
PR.IP-11: Cybersecurity in human resources
NIST
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan
Julkri
1. Task description

Applicants applying for cyber security should have their background checked, taking into account relevant laws and regulations.

The check may include:

  • review of recommendations
  • verification of CV accuracy
  • verification of educational qualifications
  • verification of identity from an independent source
  • other more detailed checks (e.g. credit information, review of previous claims or criminal record)

The background check may also be extended to, for example, teleworkers, contractors or other third parties. The depth of the background check can be related to the category of the accessed data.

Review of access right for changed employee roles
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

9.2.5: Review of user access rights
ISO27 Full
UAC-06: Managing user privileges
Cyber Essentials
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan
Julkri
TEK-07.3: Pääsyoikeuksien hallinnointi - pääsyoikeuksien ajantasaisuus
Julkri
5.18: Access rights
ISO27k1 Full
1. Task description

In all changes on employment relationship, access rights should be reviewed in cooperation with the owners of the protected property and re-granted to the person completely when there is a significant change in the person's employment. A change can be a promotion or a change of role (e.g., moving from one unit to another).

No items found.