MOVEit Transfer Vulnerability: Lack of Supply Chain Visibility Exacerbates Breach View Post

C. HR Security

This domain covers the security controls you have implemented to mitigate security risk from your employees.

01) Does your organisation perform background checks on staff and contractors?

Answer yes if background checks are conducted against staff before they join your organisation. In the notes section, please outline the types of checks (e.g. employer reference, criminal records, BPSS, CTC, SC, DV) conducted for which roles or provide a supporting document (as a PDF file) as evidence.

HR Security
Background Checks
Read more

02) Do employment contracts include consenting to all information security responsibilities in line with organisational policies and procedures?

Answer yes if your organisation's employment contracts include a clause in which the employee must consent to abiding by all of your organisation's security policies. Please provide a template contract (as a PDF file) as evidence or copy the clause into the notes section.

HR Security
Policies
Consent
Read more

03) Do employees receive an information security and data protection training programme?

Answer yes if your organisation runs an information security and data protection training programme for all of your employees. Please outline the nature and frequency of the training programme in the notes section, including any additional training provided to staff with greater responsibility or more privileged system access.

HR Security
Training
Awareness
Read more

04) Is there a formal disciplinary process for employees who have breached company policy (including any breaches of company security policy)?

Answer yes if your organisation has a formal disciplinary process that is followed if an employee is found to have intentionally breached company policy. Please provide a document outlining the process (as a PDF file) as evidence (this may be covered by your organisation's Disciplinary Policy).

HR Security
Disciplinary Process
Read more

05) Does your organisation have arrangements in place to provide an alternate resource when a member of staff is not available for an extended period of time?

Answer yes if your organisation has a process in place to source additional staff if one of your organisation's employees is not available for an extended period of time. Please outline the process in the notes section.

HR Security
Alternative Resources
Read more