Aside from making employees aware of company policies and procedures, HR representatives must work with management to investigate and address any instances involving violations of these rules.
To ensure that employees, contractors and third party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities.
Security responsibilities should be addressed prior to employment in adequate job descriptions and interms and conditions of employment.
All candidates for employment, contractors and third party users should be adequately screened, especially for sensitive jobs. Employees, contractors and third party users of information processing facilities should sign an agreement on their security roles and responsibilities.
Implementation guidance Security roles and responsibilities should include the requirement to: Security roles and responsibilities should be defined and clearly communicated to job candidates during the pre-employment process.
Other Information Job descriptions can be used to document security roles and responsibilities. Where a job, either on initial appointment or on promotion, involves the person having access to information processing facilities, and in particular if these are handling sensitive information, e.
Procedures should define criteria and limitations for verification checks, e.
A screening process should also be carried out for contractors, and third party users. In the same way, the agreement with the third party see also 6. Information on all candidates being considered for positions within the organization should be collected and handled in accordance with any appropriate legislation existing in the relevant jurisdiction.
Depending on applicable legislation, the candidates should be informed beforehand about the screening activities. Where appropriate, responsibilities contained within the terms and conditions of employment should continue for a defined period after the end of the employment see also 8.
The contractor or third party users may be associated with an external organization that may in turn be required to enter in contractual arrangements on behalf of the contracted individual.
To ensure that employees, contractors and third party users are aware of information security threats and concerns, their responsibilities and liabilities, and are equipped to support organizational security policy in the course of their normal work, and to reduce the risk of human error.
An adequate level of awareness, education, and training in security procedures and the correct use of information processing facilities should be provided to all employees, contractors and third party users to minimize possible security risks.
A formal disciplinary process for handling security breaches should be established. Implementation guidance Management responsibilities should include ensuring that employees, contractors and third party users: Other Information If employees, contractors and third party users are not made aware of their security responsibilities, they can cause considerable damage to an organization.
Motivated personnel are likely to be more reliable and cause less information security incidents. Poor management may cause personnel to feel undervalued resulting in a negative security impact to the organization. Ongoing training should include security requirements, legal responsibilities and business controls, as well as training in the correct use of information processing facilities e.Human Resources and Academic Personnel provide Hiring Managers resources and training on creating job descriptions, and on interviewing, screening, and hiring employees.
The IU job application forms are a principal source of information for hiring managers to screen staff candidates.
Human Resources professionals are responsible for ensuring that employees comply with security policies that are designed to protect your firm, your clients and your workforce. HR Daily Newsletter. SHRM's free HR Daily newsletter helps HR professionals stay on top of emerging workplace issues and provides critical news, trends and analysis each business day.
The Information Security Officer is supervised by the Chief Information Officer (CIO) and supervises the Information Security Analyst and may supervise graduate assistants and student workers. OFFICE OF HUMAN RESOURCES.
In implementing this Plan, the Coordinator works closely with the Information Technology Office, the Office of Student Services the Controller’s Office, Human Resources, and all other relevant academic and administrative organizational units.
Human Resources professionals are responsible for ensuring that employees comply with security policies that are designed to protect your firm, your clients and your workforce.