| Next revision | Previous revision |
| terms_and_conditions_of_employment [2025/08/15 08:58] – created tijs | terms_and_conditions_of_employment [2025/08/15 09:11] (current) – tijs |
|---|
| | **Terms and conditions of employment**\\ |
| |
| | ^ Control type ^ Information Security Properties ^ Cybersecurity concepts ^ Operational capabilities ^ Security domains ^ |
| | | Preventative | Confidentiality, Integrity Availability | Protect | HR security | Governance and ecosystem | |
| | |
| | **Definition**\\ The employment contractual agreements should state the personnel’s and the organizations responsibilities for information security. |
| | |
| | **What to include in the employment contract**\\ The following can be considered: |
| | |
| | • NDA, non-disclosure agreements |
| | • confidentiality agreements |
| | • legal rights |
| | |
| | **Additional guidance**\\ |
| | |
| | • Classification of information |
| | • management of information |
| | • management of assets |
| | • information processing facilities |
| | • information services |
| | • handling information you get from third parties and interested parties |
| | • what actions will be taken if you don’t follow the information security requirements |
| | |
| | **Communication**\\ You will communicate roles and responsibilities for information security during the pre-employment phase of your process. |
| | |
| | **Agreement**\\ Information security requirements should be agreed which usually is the case of the employee signing the contract and you having a copy of the contract on file. |
| | |
| | **Appropriateness of terms**\\ You want to make sure that any terms and requirements are appropriate to the person, their role, what they do and the access they have. |
| | |
| | **Review of terms**\\ As a process of continual improvement be sure to review the terms you have, especially if you change your policies or the laws, or regulations change. |
| | |
| | **Non-Disclosure Agreement**\\ There are certain things that will remain in place after employment and this is usually defined for a set period of time. Consider things like an non-disclosure agreement and confidentiality agreement that you may want in place for 12 months post-employment ending. |
| | |
| | **Employee hand book /code of conduct**\\ Having an employee hand book or code of conduct is a fantastic way to share and communicate information security responsibilities and key messages and I have seen this work well in many organizations. |
| | |
| | **Employees that come from agency / third party**\\ If you have employees that you do not employ directly but rather you use and agency of third party then the agency of third party should really enter into a contract on behalf of those people. |
| |
| ^ **Control type** ^ **Information Security Properties** | **Cybersecurity concepts** | **Operational capabilities** | **Security domains** | | |
| | Preventative | Confidentiality, Integrity Availability | Protect | HR security | Governance and ecosystem |Control type Information Security Properties Cybersecurity concepts | |
| |
