Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
iFour ConsultancyAnnexure A Control: 7 – Human Resource Security
Human Resource Security
 As specified in numerous sources, people are said to be the weakest links in any
security system...
Human Resource Security(continued)
 Topics that serve the purpose of HR security policy:
All employees who hold a tempor...
A7.1 Prior to employment
 Objective: To ensure that employees and contractors understand their
responsibilities and are s...
 Control: Background verification checks on
 All candidates for employment
 Contractors
 Third party users
should be c...
A 7.1.1 Screening (Continued)
If a job on initial appointment involves person having access to information
processing fac...
A 7.1.1 Screening (Continued)
 Different types of screening tests performed:
Background Screen
Credit Check
Physical Exam...
A 7.1.2 Terms and Conditions of employment
 Control: As part of their contractual obligation, employees, contractors and ...
 Objective: To protect the organization’s interests as part of the process of changing
or terminating employment.
 Respo...
 Control: Information security responsibilities and duties that remain valid after
termination or change of employment sh...
References
http://policy.monash.edu.au/policy-bank/management/its/security-
framework/chapter11.html
http://smallbusines...
Upcoming SlideShare
Loading in …5
×

of

ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 1

YouTube videos are no longer supported on SlideShare

View original on YouTube

ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 3 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 4 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 5 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 6 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 7 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 8 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 9 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 10 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 11 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 12 ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india Slide 13
Upcoming SlideShare
ISO 27001 2013 A12 Operations Security Part 2 - by Software development company in india
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india

Download to read offline

This PPT focuses on the annexure controls of ISO 27001:2013 standards. The annexure control A7 relates to 'Human Resource Security'. - by Software development company in india

Reference:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

ISO 27001 2013 A7 Human Resource Security Part 1- by Software development company in india

  1. 1. iFour ConsultancyAnnexure A Control: 7 – Human Resource Security
  2. 2. Human Resource Security  As specified in numerous sources, people are said to be the weakest links in any security system.  ISO 27001:2013 classifies this annexure control into following 3 control objectives: A7.1: Prior to employment A7.2: During employment A7.3: Termination and change of employment  Ensure that employees comply with security policies designed to protect firm, clients and workforce.  Make employees aware of these company policies and procedures.  Work with management to investigate and address violations in these rules. eCommerce solution provider Indiahttp://www.ifourtechnolab.com
  3. 3. Human Resource Security(continued)  Topics that serve the purpose of HR security policy: All employees who hold a temporary, fixed term or open contract, must comply with information security policy. All employees who accept their terms and conditions of employment i.e. sign a formal undertaking should abide to data protection policy. A disciplinary process shall be initiated in case employee violates these policies. Depending upon the information security requirements, company has the right to undertake additional background checks or tests to verify the suitability. The need and the method for reporting security incidents will be informed to employees. Employees leaving the organization will have their access privileges terminated and they should return all information assets and equipment. eCommerce solution provider Indiahttp://www.ifourtechnolab.com
  4. 4. A7.1 Prior to employment  Objective: To ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered.  Subsections A 7.1.1: Screening A 7.1.2: Terms of conditions and employment  Job description should clearly articulate security roles and responsibilities.  Sensitive job’s hiring should include adequate level of screening.  Security roles and responsibilities mentioned in job description should determine Validation of references Appropriate level of background checks eCommerce solution provider Indiahttp://www.ifourtechnolab.com
  5. 5.  Control: Background verification checks on  All candidates for employment  Contractors  Third party users should be carried out in accordance with relevant laws, regulations and ethics, and proportional to the business requirements, the classification of the information to be accessed, and the perceived risks.  Verification checks should consider privacy, protection of personal data and include these factors:  Availability of acceptable character references: i.e. 1 business and 1 personal reference.  Completeness and Accuracy check of applicant’s CV.  Confirmation of academic and professional qualifications claimed by applicant.  Identity check independently i.e. verification of Passport, PAN and other documents  Detailed checks – Credit checks and Criminal record checks. A 7.1.1 Screening eCommerce solution provider Indiahttp://www.ifourtechnolab.com
  6. 6. A 7.1.1 Screening (Continued) If a job on initial appointment involves person having access to information processing facilities which include sensitive information, then organization should perform detailed checks. Criteria and Limitations for verification checks should be defined by procedures. Who is eligible to screen people? How will be verification checks be carried out? When will be the verification checks carried out?  Contract with contractors and 3rd party users include roles and responsibilities for screening and notification procedures. eCommerce solution provider Indiahttp://www.ifourtechnolab.com
  7. 7. A 7.1.1 Screening (Continued)  Different types of screening tests performed: Background Screen Credit Check Physical Examination Drug Testing Sample job tasks Miscellaneous tests eCommerce solution provider Indiahttp://www.ifourtechnolab.com
  8. 8. A 7.1.2 Terms and Conditions of employment  Control: As part of their contractual obligation, employees, contractors and third party users should agree and sign the terms and conditions of their employment contract, which should state their and the organization’s responsibilities for information security.  Terms and conditions should specify these points:  All employees, contractors and 3rd party users should sign a confidentiality, non-disclosure agreement prior to being given access to information processing facilities.  Responsibilities of the employee, contractor or third party user for the handling of information received from other companies or external parties.  Responsibilities that are extended outside the organization’s premises and outside normal working hours, e.g. in the case of work from home.  Actions to be taken if the employee, contractor or third party user disregards the organization’s security requirements. eCommerce solution provider Indiahttp://www.ifourtechnolab.com
  9. 9.  Objective: To protect the organization’s interests as part of the process of changing or terminating employment.  Responsibilities should be in place to ensure an employee’s, contractor’s or third party user’s exit from the organization is managed.  Return of all equipment and the removal of all access rights are completed when any of these leave the organization.  Change of responsibilities and employments within an organization should be managed as the termination of the respective responsibility or employment.  Subsection: A 7.3.1: Termination or change of employment responsibilities A 7.3 Termination and change of employment eCommerce solution provider Indiahttp://www.ifourtechnolab.com
  10. 10.  Control: Information security responsibilities and duties that remain valid after termination or change of employment shall be defined, communicated to the employee or contractor and enforced.  HR function is generally responsible for the overall termination process and works together with the supervising manager of internal person who is leaving, to manage information security aspects.  There should be a process that validates that all the institution's assets are returned at termination.  There should be a process that ensures access to information assets are removed at the time of termination. A 7.3.1 Termination and change of employment responsibilities eCommerce solution provider Indiahttp://www.ifourtechnolab.com
  11. 11. References http://policy.monash.edu.au/policy-bank/management/its/security- framework/chapter11.html http://smallbusiness.chron.com/role-hr-play-enforcing-security-policy- 39619.html https://spaces.internet2.edu/display/2014infosecurityguide/Human+Resourc es+Security https://www.york.ac.uk/about/departments/support-and- admin/information-services/information-policy/index/information- security%E2%80%93human-resources-policy/#tab-1 http://slideplayer.com/slide/8852128/ eCommerce solution provider Indiahttp://www.ifourtechnolab.com

This PPT focuses on the annexure controls of ISO 27001:2013 standards. The annexure control A7 relates to 'Human Resource Security'. - by Software development company in india Reference: http://www.ifour-consultancy.com http://www.ifourtechnolab.com

Views

Total views

4,686

On Slideshare

0

From embeds

0

Number of embeds

4

Actions

Downloads

213

Shares

0

Comments

0

Likes

0

×