Human resource security – defining roles and responsibilities

A7. Human resource security

 

The   crucial   task   for HR department when it comes to information security is to be proactive rather than reactive. It is indecorous just to rely on your IT departments  to make sure staff are educated about data loss and how to prevent it.

HR professionals has to ensure that  employees  comply  with  security policies.

The purpose of this standard is to set rules that apply before, during and after the termination of employment

The controls in this section ensures that those people who are under the organization’s control and can affect information security are fit or appropriate for working and know their responsibilities, and that any changes in employment conditions will not hamper  information security.

The following terms is used to identifies who within the organization is Accountable, Responsible,Informed or Consulted with regards to the policy.

  1. Accountable :- The person who has accountability and authority for the policy.
  2. Responsible :- The person(s) responsible for developing and implementing the policy.
  3. Consulted :- The person who is consulted prior finalizing the policy implementation.
  4. Informed :- The person to be informed after  policy implementation.

 

There are 3 areas of human resource security –

Image result for A.7.human resource security

Ø  Prior to employment –   In this roles and responsibilities for the job are defined. Also the access control over sensitive data must be defined. During this phase, contract terms should also be  entrenched.

Ø  During Employment – Employees who have access to sensitive information should receive periodic reminders regarding their roles and responsibilities.

Ø  Termination and change of employment –   This phase includes  the return of any assets of the organization that was held by the employee. To prevent unauthorized access to sensitive information, access must be revoked immediate upon termination of an employee who has  access to such information.

The objective of human resource security is to ensure that employees, contractors and third party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities.

Image result for human resource security

 

Leave a Reply

Your email address will not be published. Required fields are marked *