What to consider in security terms and conditions for employees according to ISO 27001

A good way to ensure that people are aware of their roles and responsibilities in an organization is by defining policies and procedures to be followed. But this solution has a limitation: they only cover the people who are already working for the organization and have access to information. What do you do when you need to introduce new employees or contractors in the environment?

Once the proper candidates have been selected by the organization (for more information regarding this topic, please see How to perform background checks according to ISO 27001), it is important to ensure the information will be properly protected even at the early stages of employment. How can you achieve this when a candidate has not yet had access to the organization’s policies and procedures? This article will present what should be considered in security terms and conditions for employees according to ISO 27001.

How to make security terms and conditions, and make them important

Broadly speaking, terms and conditions of work are the general rules by which employer and employee or contractor’s personnel working on organization’s behalf, agree upon for a job or activity. Normally they are presented during the pre-employment process in documents such as Terms and conditions of employment, Employment agreement, etc.

These documents normally cover a broad list of items such as working time (e.g., hours of work, rest periods, and work schedules), remuneration, and workplace conditions. However, with the increasing concern over the potential impact of loss or unauthorized disclosure, or alteration of information, organizations must start including information protection items in such agreements.

Since in many situations terms and conditions of employment are legal requirements for the establishment of a work relationship, by including security terms and conditions related to confidentiality, data protection, ethics, appropriate use of (Read more...)

*** This is a Security Bloggers Network syndicated blog from The ISO 27001 & ISO 22301 Blog – 27001Academy authored by The ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)