This tool contains two sample policies that define the security standards that must be applied regarding personnel. Sample 1 includes a comprehensive framework aimed at ensuring the security of IT personnel and resources within an organization. It emphasizes the importance of rigorous screening processes prior to employment to ensure that potential employees meet the required security standards. The policy mandates that all personnel, including employees and contractors, are well-informed of their security responsibilities through continuous awareness programs and training, ensuring that they are equipped to handle security incidents effectively.

Key aspects include the enforcement of security roles and responsibilities at all stages of employment—from hiring to termination—and the integration of security measures into daily operations. The policy also stipulates that access rights are promptly revoked when an employee is terminated or transferred to prevent unauthorized access. Overall, the document serves as a guideline for maintaining a secure operational environment, safeguarding company assets and promoting a culture of security among personnel.

The following responsibilities must be considered prior to employment:

• Employees are responsible for all actions they take or their assigned access accounts.
• Employees assigned security or control responsibilities, as defined by this policy, must execute processes by the corporate IT information security policy.
• Employees must report any security incidents, potential security risks or vulnerabilities to the information security group.
• Corporate IT information security policies must be communicated to new employees and acknowledged in writing by the team member.