As cited in a variety of sources, people are often described as the weakest link in any security system. It is important to build security into the entire Human Resource (HR) process, from pre-employment, during employment, and through termination, to ensure that policies and procedures are in place to address security issues. Consistent training throughout the entire process ensures that employees and contractors are fully aware of their roles and responsibilities and understand the criticality of their actions in protecting and securing both information and facilities. In collaboration with Human Resources staff, evaluate HR department policies and procedures to verify whether institutional supervisors and employees: Review and acknowledge understanding (documented) of your institution’s Acceptable Use policy. Require contractors, part-time staff, and student workers to review and comply with the Acceptable Use Policy and sign NDA’s or confidentiality agreements if appropriate given their levels of access to institutional information. Understand the HR disciplinary process for policy violations. Comply with HR requirements for new hire background checks. Develop job descriptions which include information security responsibilities and adequate separation of duties where applicable. Complete Provide ongoing information security awareness training opportunities for staff, faculty, and students. Provide HR and IT with the most current statuses status of staff, faculty, student workers, and part-time staff employed by the university institution to assist with account provisioning and terminations. Return institutional assets as required by HR policies/procedures when terminating employment.
|