S No Control Control Name Control

Number Description

HR
A.8.1.3 Terms and As part of their
conditions of contractual obligation,
employment employees,
contractors and
third party users shall
agree and sign the
terms and conditions
of
their employment
contract, which shall
state their and the
organization’s
responsibilities for
information security.

A.8.3.1 Termination Responsibilities for

responsibilities performing
employment
termination or change
of employment shall
be clearly defined and
assigned.
A.8.1.1 Roles and Security roles and
responsibilities responsibilities of
employees,
contractors and
third party users shall
be defined and
documented in
accordance
with the
organization’s
information security
policy.

A.8.1.2 Screening Background

verification checks on
all candidates for
employment,
contractors, and third
party users shall be
carried out in
accordance
with relevant laws,
regulations and
ethics, and
proportional to the
business
requirements, the
classification of the
information to be
accessed, and the
perceived risks.
A.8.2.3 Disciplinary There shall be a
process formal disciplinary
process for
employees who have
committed a security
breach.
Handbook Policy Procedur Audit
e Artifact
s

HR
1.It is important that employees,contractors and Informati HR-Hanbook Employee
third-party users are aware of their security and on offer
legal responsiblities regarding the handling of Security letter,
information and classifcations and use of Policy Signed
information processing facilities and the NDA by
consequences of not complying with security or employee
legal requirement.

2.It is important that employees,contractors and

third party users sign a confidentiality
agreement.

1.There should be processes in place ensuring Informati HR- 1)Physical

that all rights for logical and physical access are on Handbook Access
removed as and when the job fuction Security report
terminates. Policy
2)Network
2.The reponsibilties for termination or change of Access
employment should also include ongoing report
security or legal requirement that might
continue after the contractual arrangement was 3)Deletion
finalized. of email ID
Report

4)No Dues
& Exit
Form
1.The organisation will be vulnerable insecurity Informati 1)HR- Roles and
if employees,contractors and third party users on Handbook responsibil
are not aware of the information security Security ities
policy,what they have to comply with and what Policy 2)Security document
is expected from them. Organisation (ISMS
roles like
2.For all employees ,contractors and third-party 3)Respectiv CISO,
users,roles and responsiblities should be e Security
defined and clearly communicated, in line with Procedures forum)
the organization's security policies. at functional
level will
3.One way of achieveing this could be to have a define their
reference to all information security related respective
roles and responsibilties. ISMS roles &
responsibiliti
es

4)Contractor
s and Third
party
service
providers
Managemen
t Guidelines

1.Screeing is the essentail control that can Informati HR-Hanbook Backgroun

prevent taking on the wrong person. on d Check
Security Reports
2.Whatever screening and data collection takes Policy
place,care should be taken that all applicable
legislations and regulations are complied with.

3.Identification checks,CV reviews and checks of

qualification and character references should be
made.
1.Any non-compliance with security or controls Informati Incident Incident
by employees needs to be properly dealt with or on handeling Manageme
there will be decline in standards and an Security procedure nt Register
increase in insecurity. Policy

2.The disciplinay process will be influenced by

the organisation's and personnel mangement
practices but it should be documented and staff
should be aware of the details.
Implementation Audit
Responsibility Responsibilit
y

HR Quality

HR Quality
HR & Admin & IT OPs Quality

HR & Admin & IT OPs Quality

HR & All Quality