The employment contracts specify the responsibilities of the employee and the organization for cyber security.
Contracts should include e.g.:
Applicants applying for cyber security should have their background checked, taking into account relevant laws and regulations.
The check may include:
The background check may also be extended to, for example, teleworkers, contractors or other third parties. The depth of the background check can be related to the category of the accessed data.
Our organization has defined the actions to be taken in the event of a breach of confidentiality. These may include e.g. the following steps:
Before granting access rights to data systems with confidential information employees have:
Training arranged before granting access rights applies not only to new employees but also to those who move to new tasks or roles, especially when the data systems used by the person and the security requirements related to the job role change significantly with the change of job role. The training is arranged before the new job role becomes active.