Please enable JavaScript.
Coggle requires JavaScript to display documents.
1 - Personnel Security Policies and Procedures - Coggle Diagram
1 - Personnel Security
Policies and Procedures
Job Descriptions
and Responsibilities
Job responsibilities must be kept up-to-date to audit regularly privileges are adequate
Job description must be kept up-to-date to ensure the least privilege principle is applied (need-to-know and need-to-have)
Candidate screening
and hiring
Screening
Review of CV and cover letters
Phone/video screening interviews
Skill assessments/coding tests/personality testing evaluation
Background check
Security clearance validation
Checking police and government records for arrests or illegal activities
Interviewing colleagues
Education verification
Reference checks
Obtaining candidate's work and educational history
Verifying identity through fingerprints, driver's licence, and/or birth certificate
Holding a personal interview
Additional: drug testing, credit checks, checking driving records, online background checks (incl. social media)
New employee must sign
an employment agreement
Acceptable use policy (AUP)
What is and what is not an acceptable activity, practice, or use for company equipment and resources
Security policy
Details of the job description
Violations and consequences
Minimum or probationary length of time the position is to be filled
Non-Disclosure Agreement (NDA)
Unilateral NDA
Bilateral NDA
Multilateral NDA
Non-Compete Agreement (NCA)
Offboarding
Reminder of the legal obligation to maintain silence on all items covered by any signed NDAs (possible re-signature)
Removal of an employee's identity from the IAM system
Disable/delete the user account
Revoke certificates
Cancel access codes
Terminate any specifically granted privilege
Exit interview to improve the company based on feedback
Return of organizational devices/equipment
Employee oversight
Managers should regularly review
Job descriptions
Work tasks
Privileges
Responsibilities
Collusion prevention (When several people work together to perpetrate a crime)
Mandatory vacations
A different worker perform the same tasks with a similar account while the other is on vacation
Principles of separation of duties
Restricted job responsibilities
job rotation
Cross-training
Strict monitoring of special privileges and privileged accounts
Periodic reevaluation of employees needed for sensitive or critical job positions
User Behavior Analytics (UBA)
User and Entity Behavior Analytics (UEBA)
Analyze the behavior of users and their assets for a specific goal/purpose
Vendor, consultant, and Contractor Agreements and Controls
Vendor Management System (VMS)
Software solution that assists with managing and procuring staffing services, hardware, software, etc.