C. HR Security
This domain covers the security controls you have implemented to mitigate security risk from your employees.
01) Does your organisation perform background checks on staff and contractors?
Answer yes if background checks are conducted against staff before they join your organisation. In the notes section, please outline the types of checks (e.g. employer reference, criminal records, BPSS, CTC, SC, DV) conducted for which roles or provide a supporting document (as a PDF file) as evidence.
02) Do employment contracts include consenting to all information security responsibilities in line with organisational policies and procedures?
Answer yes if your organisation's employment contracts include a clause in which the employee must consent to abiding by all of your organisation's security policies. Please provide a template contract (as a PDF file) as evidence or copy the clause into the notes section.
03) Do employees receive an information security and data protection training programme?
Answer yes if your organisation runs an information security and data protection training programme for all of your employees. Please outline the nature and frequency of the training programme in the notes section, including any additional training provided to staff with greater responsibility or more privileged system access.
04) Is there a formal disciplinary process for employees who have breached company policy (including any breaches of company security policy)?
Answer yes if your organisation has a formal disciplinary process that is followed if an employee is found to have intentionally breached company policy. Please provide a document outlining the process (as a PDF file) as evidence (this may be covered by your organisation's Disciplinary Policy).
05) Does your organisation have arrangements in place to provide an alternate resource when a member of staff is not available for an extended period of time?
Answer yes if your organisation has a process in place to source additional staff if one of your organisation's employees is not available for an extended period of time. Please outline the process in the notes section.