Interdependencies between essential and important entities

Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Terms and conditions of employment
Control ID:
7.1.2
Domain:
7Human Resource Security
Subdomain:
7.1Prior to employment

The contractual agreements with employees and contractors should state their and the organisation’s responsibilities for information security.

Measure the number of signed contracts held by the organisation. This number will indicate the social impact of a NIS incident.
Screening
Control ID:
7.1.1
Domain:
7Human Resource Security
Subdomain:
7.1Prior to employment

Background verification checks on all candidates for employment should be carried out in accordance with relevant laws, regulations and ethics and should be proportional to the business requirements, the classification of the information to be accessed and the perceived risks.

Measure the number of applicants that successfully passed the screening phase within a predetermined period of time. This number will indicate the social impact of a NIS incident.
Management responsibilities
Control ID:
7.2.1
Domain:
7Human Resource Security
Subdomain:
7.2During employmnent

Management should require all employees and contractors to apply information security in accordance with the established policies and procedures of the organisation.

Measure the number of people that participated in security awareness and briefing. Review the expectations of the participants regarding security.
Information secuirty awareness, education and training
Control ID:
7.2.2
Domain:
7Human Resource Security
Subdomain:
7.2During employmnent

All employees of the organisation and, where relevant, contractors should receive appropriate awareness education and training and regular updates in organisational policies and procedures, as relevant for their job function.

Measure the number of employees and contractors and other parties that participated in the training / awareness programs.
Disciplinary process
Control ID:
7.2.3
Domain:
7Human Resource Security
Subdomain:
7.2During employmnent

There should be a formal and communicated disciplinary process in place to take action against employees who have committed an information security breach.

Review the incidents that led to the activation of the disciplinary process. Measure the social impact of the incidents and the activations of the disciplinary process.
Termination or change of employment responsiblities
Control ID:
7.3.1
Domain:
7Human Resource Security
Subdomain:
7.3Termination and change of employment

Information security responsibilities and duties that remain valid after termination or change of employment should be defined, communicated to the employee or contractor and enforced.

Count the parties (internal and external) that need to be involved during the invocation of the Termination or change of employment procedure.

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies