Content library
Katakri 2020
T-09: TYÖSUHTEEN AIKAISET MUUTOKSET TURVALLISUUSLUOKITELTUJEN TIETOJEN KÄSITTELYSSÄ

How to fill the requirement

Katakri 2020

T-09: TYÖSUHTEEN AIKAISET MUUTOKSET TURVALLISUUSLUOKITELTUJEN TIETOJEN KÄSITTELYSSÄ

Task name
Priority
Status
Theme
Policy
Other requirements
Process for granting access rights at the start of employment relationships
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

9.2.1: User registration and de-registration
ISO27 Full
9.2.2: User access provisioning
ISO27 Full
UAC-01: User account creation
Cyber Essentials
PR.AC-1: Identity and credential management
NIST
5.16: Identity management
ISO27k1 Full
1. Task description

When a person starts an employment relationship, he or she is granted access to all data systems related to his or her role at once.

Process for removing hardware and access rights at termination of employment relationship
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

8.1.4: Return of assets
ISO27 Full
9.2.1: User registration and de-registration
ISO27 Full
9.2.6: Removal or adjustment of access rights
ISO27 Full
UAC-03: Disabling unnecessary user accounts
Cyber Essentials
PR.AC-1: Identity and credential management
NIST
1. Task description

Our organization has defined procedures for coordinating, at the time of termination of employment, e.g..:

  • Hardware recovery
  • Removal of access rights
  • Restoration of other information assets
Ohjeistukset työsuhteen elinkaaren huomioimiseksi
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

T08: Työsuhteen elinkaaren huomioiminen
Katakri
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan
Julkri
T-09: TYÖSUHTEEN AIKAISET MUUTOKSET TURVALLISUUSLUOKITELTUJEN TIETOJEN KÄSITTELYSSÄ
Katakri 2020
1. Task description

Organisaatio on muodostanut ohjeistukset, joilla varmistetaan turvallisuutta eri työsuhteen elinkaaren vaiheissa. Ohjeistuksia koulutetaan ja valvotaan tarvittavien henkilöstöryhmien parissa (esim. esimiehet).

Menettelyohjeet voidaan kohdistaa työsuhteen eri elinkaaren vaiheisiin. Eri ohjeistuksia voivat olla esimerkiksi:

  • rekrytointiohjeet
  • perehdyttämisohjeet
  • työsuhteen aikaisten muutosten ohjeet
  • työsuhteen päättymisen ohjeet
  • ja ohjeet yksityiskohtaisempiin toimiin kuten esimerkiksi ohjeet käyttö- ja pääsyoikeuksien muutoksiin
Screenings and background checks before recruitment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

T09: Henkilöstön luotettavuuden arviointi
Katakri
7.1.1: Screening
ISO27 Full
PR.AC-6: Proof of identity
NIST
PR.IP-11: Cybersecurity in human resources
NIST
HAL-15: Työskentelyn tietoturvallisuus koko palvelussuhteen ajan
Julkri
1. Task description

Applicants applying for cyber security should have their background checked, taking into account relevant laws and regulations.

The check may include:

  • review of recommendations
  • verification of CV accuracy
  • verification of educational qualifications
  • verification of identity from an independent source
  • other more detailed checks (e.g. credit information, review of previous claims or criminal record)

The background check may also be extended to, for example, teleworkers, contractors or other third parties. The depth of the background check can be related to the category of the accessed data.

Informing about cyber security responsibilities that continue after employment relationship has ended
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

7.3: Termination and change of employment
ISO27 Full
7.3.1: Termination or change of employment responsibilities
ISO27 Full
PR.DS-5: Data leak protection
NIST
6.5: Responsibilities after termination or change of employment
ISO27k1 Full
CC2.2: Internal communication of information
SOC 2
1. Task description

The employment contract should distinguish between cyber security responsibilities and obligations that remain in force after the termination of the employment relationship. The employee should also be reminded of these at the end of the employment relationship to ensure compliance.

Restriction of access rights at high risk times of employment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Personnel security
Changes in employment relationships
requirements

Task is fulfilling also these other security requirements

9.2.6: Removal or adjustment of access rights
ISO27 Full
5.18: Access rights
ISO27k1 Full
CC6.2: Registering and authorizing new users before granting access
SOC 2
T-09: TYÖSUHTEEN AIKAISET MUUTOKSET TURVALLISUUSLUOKITELTUJEN TIETOJEN KÄSITTELYSSÄ
Katakri 2020
4.5: Käyttöoikeuksien hallinta
TiHL: Tietoturva
1. Task description

If a person's employment is terminating or significantly changing, the reduction of access rights to assets should be considered, depending on the following:

  • a person’s reluctance towards the upcoming change
  • the extent of the person’s current access rights and responsibilities
  • the value of the assets to which the employee has access
No items found.