information systems - controls over people
This covers aspects of job definitions and resourcing, to reduce the risk of human error and ensure that staff understand what their rights and responsibilities are concerning information security.
Most organisations require staff to keep client information confidential. They also ask staff to report security incidents and perceived weaknesses.
Appropriate personnel security ensures:
That employment contracts and staff handbooks have agreed, clear wording
Ancillary workers, temporary staff, contractors and third parties are covered
Anyone else with legitimate access to business information or systems is covered
It must deal with rights as well as responsibilities, for example:
Access to personnel files under the Data Protection Act
Proper use of equipment as covered by the Computer Misuse Act
Staff training is an important feature of personnel security to ensure the Information Security Management System (ISMS) continues to be effective.
Periodically, refreshers on less frequently used parts of the Information Security Management System (ISMS), such as its role in disaster recovery plans, can make a major difference when there is a need to put the theory into practice.
Working with Our Strategic Partners
Boston House | 214 High Street | Boston Spa | West Yorkshire | LS23 6AD | Tel +44 0844 800 0085 | Fax +44 01937 529236
Company Registration Number: 04489574 | VAT Reg No 816865400