Back

Include that Information Security responsibilities extend outside normal business hours and organizational facilities in the Terms and Conditions of employment.


CONTROL ID
04580
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Code of Conduct., CC ID: 04897

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Information Security responsibilities for all staff throughout the organization should be specified in Terms and Conditions of employment (e.g., in a contract or employee handbook). (CF.02.01.01-2, The Standard of Good Practice for Information Security)
  • Terms and Conditions of employment should state that Information Security responsibilities extend outside normal working hours and premises. (CF.02.01.02a-1, The Standard of Good Practice for Information Security)
  • Terms and Conditions of employment should state that Information Security responsibilities continue after employment has ended. (CF.02.01.02a-2, The Standard of Good Practice for Information Security)
  • Information Security responsibilities for all staff throughout the organization should be specified in Terms and Conditions of employment (e.g., in a contract or employee handbook). (CF.02.01.01-2, The Standard of Good Practice for Information Security, 2013)
  • Terms and Conditions of employment should state that Information Security responsibilities extend outside normal working hours and premises. (CF.02.01.02a-1, The Standard of Good Practice for Information Security, 2013)
  • Terms and Conditions of employment should state that Information Security responsibilities continue after employment has ended. (CF.02.01.02a-2, The Standard of Good Practice for Information Security, 2013)