Human Resource Security

Secure behavior

Description The organisation has a coherent awareness program that identifies the knowledge relevant to information security various stakeholders must have, the ways to measure the current level of knowledge, and...

Team capacity monitoring

Description Teams plan to have sufficient capacity to execute important tasks, also during holidays. There is monitoring on the capacity of the team and structural understaffing gets flagged and addressed....

Non-Disclosure Agreements

Description When working with sensitive information, individuals are required to agree with and sign a non-disclosure agreement (NDA). At a minimum the NDA specifies how the individual should handle the...

Staged warning model

Description The organisation has a policy for disciplinary action and inappropriate handling of information. Police reports will be filed when willfully breaking of the law or actions with criminal intent...

External visitors to non-public spaces

Description Non-contracted visitors in sensitive areas are always accompanied by organisational staff. Specification A procedure exists for employees from contracted partners to commence activities on site in sensitive areas, including...

Background Check

Description Before commencement of processing activities background checks are performed for all individuals working with sensitive data and systems to determine integrity and suitability for the tasks and ensure secure...

Identification

Description Before commencement of processing activities all individuals working with data and systems have been identified using a nationally issued Identification Document or through a trusted federated identity provider. Specification...

Operating procedures for Secure usage of IT services

Description Manuals and Operating Procedures that detail how to work with Information Systems and Services in a secure manner are available and communicated to end-users. Understanding of the operating procedures...