Personal security policies concern people associated with the organization, such as employees, contractors, consultants, and users. Personal security is one of the aspects of CISSP training course.
Personnel security plays a vital role in protecting an organization’s valuable assets. Therefore, the organization must have policies regarding the security of its personnel. These policies are:
- Monitoring processes to validate security requirements
- Understanding their security responsibilities
- Understanding their suitability to security roles
- Reducing the misuse of facilities, the risk of theft, fraud , etc …
Candidate Screening and Hiring
An employer should ensure that the position to be filled is clearly documented and contains a complete description of the job requirements, the qualifications, and the scope of responsibilities and authority.
Background verification checks are primarily used in employment candidate screening processes.
The job (or position) description should be created between the hiring manager and the human resources manager.
Candidate screening and Hiring may include the following:
- Identity checks by verifying identification documents.
- Character references to evaluate the personal traits of the applicant.
- Checking criminal records as well as credit checks.
- Employment history
- Completeness and accuracy of the applicant’s curriculum vitae and the verification of claimed academic and professional qualifications.
- Financial history including judgments
- Union and association membership
Employment Agreements and Policies
Various employment agreements and policies should be signed when an individual joins an organization or is promoted to a more sensitive position within an organization. Usual employment agreements include non-compete, non-disclosure agreements and acceptable use policies.
Typical employment policies might include Internet acceptable use, social media policy, remote access, mobile and personal device use, and etc …
Onboarding and Termination Processes
Starting and termination processes should be formalized within an organization.
The standard way to start a new employee should be at least as follows:
- Formal introductions to key organizational personnel
- Creating user accounts and assigning IT resources
- Assigning security badges and parking permits
- A general policy discussion with Human Resources staff
Also, the standard way to terminate an employee’s work should include at least the following:
- Termination of responsibilities
- The return of assets
- Removal of access rights, and so on.
In addition, the organization should provide standard, formal and legal instructions for dealing with possible lawsuits, theft of property, destruction, unauthorized access or violence in the workplace, resignation, termination, dismissal, accident or death, immediate departure against prior notice and hostile conditions, etc.
The Contractor Agreements and Controls
They also need to sign agreements that guarantee the protection of the organization’s assets.
Individual responsibilities for compliance with applicable policies and regulations within the organization and policy requirements should be understood by all personnel within an organization.