This domain covers the security controls you have implemented to mitigate security risk from your employees.
Answer yes if background checks are conducted against staff before they join your organisation. In the notes section, please outline the types of checks (e.g. employer reference, criminal records, BPSS, CTC, SC, DV) conducted for which roles or provide a supporting document (as a PDF file) as evidence.
Answer yes if your organisation's employment contracts include a clause in which the employee must consent to abiding by all of your organisation's security policies. Please provide a template contract (as a PDF file) as evidence or copy the clause into the notes section.
Answer yes if your organisation runs an information security and data protection training programme for all of your employees. Please outline the nature and frequency of the training programme in the notes section, including any additional training provided to staff with greater responsibility or more privileged system access.
Answer yes if your organisation has a formal disciplinary process that is followed if an employee is found to have intentionally breached company policy. Please provide a document outlining the process (as a PDF file) as evidence (this may be covered by your organisation's Disciplinary Policy).
Answer yes if your organisation has a process in place to source additional staff if one of your organisation's employees is not available for an extended period of time. Please outline the process in the notes section.