Before commencement of processing activities background checks are performed for all individuals working with sensitive data and systems to determine integrity and suitability for the tasks and ensure secure behaviour.
Screening is repeated periodically and a procedure is in place to deal with situations where screening identifies security risks.
Specification
Background checks depend on the risk associated with authorisations, but include at a minimum: checking of references and a "verklaring omtrent gedrag" (VOG).
Screening is repeated at least every 10 years
ISO 27001 & 27002:2022
A6.1,
A6.2,
A6.6
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
HR.01 Recruitement (incl onboarding procedures)