Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Terms and conditions of employment
Control ID:
7.1.2
Domain:
7Human Resource Security
Subdomain:
7.1Prior to employment

The contractual agreements with employees and contractors should state their and the organisation’s responsibilities for information security.

Measure the number of signed contracts held by the organisation. This number will indicate the social impact of a NIS incident.
Screening
Control ID:
7.1.1
Domain:
7Human Resource Security
Subdomain:
7.1Prior to employment

Background verification checks on all candidates for employment should be carried out in accordance with relevant laws, regulations and ethics and should be proportional to the business requirements, the classification of the information to be accessed and the perceived risks.

Measure the number of applicants that successfully passed the screening phase within a predetermined period of time. This number will indicate the social impact of a NIS incident.
Management responsibilities
Control ID:
7.2.1
Domain:
7Human Resource Security
Subdomain:
7.2During employmnent

Management should require all employees and contractors to apply information security in accordance with the established policies and procedures of the organisation.

Measure the number of people that participated in security awareness and briefing. Review the expectations of the participants regarding security.
Information secuirty awareness, education and training
Control ID:
7.2.2
Domain:
7Human Resource Security
Subdomain:
7.2During employmnent

All employees of the organisation and, where relevant, contractors should receive appropriate awareness education and training and regular updates in organisational policies and procedures, as relevant for their job function.

Measure the number of employees and contractors and other parties that participated in the training / awareness programs.
Disciplinary process
Control ID:
7.2.3
Domain:
7Human Resource Security
Subdomain:
7.2During employmnent

There should be a formal and communicated disciplinary process in place to take action against employees who have committed an information security breach.

Review the incidents that led to the activation of the disciplinary process. Measure the social impact of the incidents and the activations of the disciplinary process.
Termination or change of employment responsiblities
Control ID:
7.3.1
Domain:
7Human Resource Security
Subdomain:
7.3Termination and change of employment

Information security responsibilities and duties that remain valid after termination or change of employment should be defined, communicated to the employee or contractor and enforced.

Count the parties (internal and external) that need to be involved during the invocation of the Termination or change of employment procedure.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information