Back

Require personnel to sign the Code of Conduct as a part of the Terms and Conditions of employment.


CONTROL ID
06664
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Code of Conduct., CC ID: 04897

This Control has the following implementation support Control(s):
  • Require all personnel to re-sign the Code of Conduct, as necessary., CC ID: 06666


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Define, monitor and supervise roles, responsibilities and compensation frameworks for personnel, including the requirement to adhere to management policies and procedures, the code of ethics, and professional practices. The level of supervision should be in line with the sensitivity of the position … (PO7.3 Staffing of Roles, CobiT, Version 4.1)
  • There should be a requirement for internal staff to accept Terms and Conditions of employment in writing. (CF.02.01.03-1, The Standard of Good Practice for Information Security)
  • There should be a requirement for internal staff to accept Terms and Conditions of employment in writing. (CF.02.01.03-1, The Standard of Good Practice for Information Security, 2013)
  • Employees committing to collective business objectives (e.g., aligning individual targets and performance with the entity's business objectives). (Enforcing Accountability ¶ 3 Bullet 3, Enterprise Risk Management - Integrating with Strategy and Performance, June 2017)
  • Train: Enable individuals to develop and maintain enterprise risk management competencies appropriate for assigned roles and responsibilities, reinforce standards of conduct and desired levels of competence, tailor training to specific needs, and consider a mix of delivery techniques, including clas… (Attracting, Developing, and Retaining Individuals ¶ 1 Bullet 2, Enterprise Risk Management - Integrating with Strategy and Performance, June 2017)
  • Employees and contractors should sign the Code of Conduct in order to acknowledge their understanding of it. (SG.PS-9 Additional Considerations A1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization ensures that personnel certify (manually or electronically) acceptance of responsibilities for privacy requirements {organizationally documented frequency, at least annually}. (AR-5b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)