How to perform background checks according to ISO 27001

“The human factor is the weakest link in the security.” How many times have we already heard this sentence? How many stories have we already heard about security incidents caused by human failure or inaction?

In an effort to minimize this situation, organizations all around the world have been working hard to make their employees and contractors aware of the importance of protecting information, and to prepare them to handle attempted attacks and incidents when they arise. But, what if the wrong person is allowed to enter the organization? What if a person you think is competent for the job is, in fact, not that competent? The best training and awareness campaigns won’t help you with that.

In this article, you will see how ISO 27001, the leading ISO standard for information security management, addresses human resources security before employment, and how its practices can help your organization to put in place the right people for the job.

Why worry about people before you employ them?


In terms of information security, we can basically summarize this answer in two words: trust and competence.

When an organization decides to hire someone, this person will interact with other people’s information, either from other employees, partners, or customers. It’s essential to ensure that you can trust this person to handle and protect information.

Following trust, when an organization hires, it is seeking to find the most capable people to perform specific activities in order to achieve its business objectives, so verifying competence is essential. (See also: How to learn about ISO 27001 and BS 25999-2.)

What to consider before hiring people

A company will need to show due diligence when hiring new employees in order to find trustful and competent people.

For example, to implement a secure network, it is (Read more...)

*** This is a Security Bloggers Network syndicated blog from The ISO 27001 & ISO 22301 Blog – 27001Academy authored by The ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at: