The employment contracts specify the responsibilities of the employee and the organization for cyber security.
Contracts should include e.g.:
All employees handling confidential information should sign a confidentiality or non-disclosure agreement before processing confidential information.
The agreement should include e.g.:
The organization must ensure that the new employee signs an employment contract before he or she has access to any of the organization's records or data systems.
The employment contract should reflect the employee's responsibilities for information security and other roles relevant to the organization's information security.
Confidentiality and non-disclosure requirements are reviewed at regular intervals and whenever changes affecting these requirements occur.
Our organization has defined the actions to be taken in the event of a breach of confidentiality. These may include e.g. the following steps:
The organisation must have non-disclousure obligations for personnel. The non-disclousure obligation should continue beyond the employment contract or order.
There should be a procedure for handling violations of the obligations.
The employees of our organization accept the general information security policy formed by the management with their signatures. The policy may refer to a number of more specific security guidelines.