Personnel must have security guidelines that deal with e.g. the following topics:
The employment contracts specify the responsibilities of the employee and the organization for cyber security.
Contracts should include e.g.:
All employees handling confidential information should sign a confidentiality or non-disclosure agreement before processing confidential information.
The confidentiality commitment should include, among other things:
The requirements and needs for confidentiality agreements are reviewed and updated at regular intervals.
Organization's confidentiality or non-disclosure agreements continue beyond the employment contract or order.
Organization also has defined a procedure handling violations of the personnel obligations.