Does your organization continuously perform employees awareness training?
Does your organization have a formal on-boarding process for new employees or subcontractors?
Does your organization have a formal off-boarding process for leaving employees or subcontractors?
Does management make employees, contractors and third party users aware of Organizational security policies and procedures?
Do employees receive appropriate training and regular updates regarding information security and the Organizational security policies and procedures?
Are background checks performed on all prospective employees temporary stafff and sub-contractors before they process EvenFinancial informationto allowing constituent access to Scoped Systems and Data?
Do employees, contracts and third party users understand and agree to their responsibility towards Information Security specifically and their need to protect business information?
A.7.2.2 Information security awareness,education and trainingDo all employees, contractors and third party users undergo security awareness training appropriate to their role and function within the Organization?
A.7.2.3 Disciplinary processIs there a formal disciplinary process which allows the organization to take action against employees who have committed an information security breach?
A.7.3.1 Termination or change of employment responsibilitiesIs there a documented process for terminating or changing employment duties?