The employment contracts specify the responsibilities of the employee and the organization for cyber security.
Contracts should include e.g.:
Kaikkien luottamuksellisia tietoja käsittelevien työntekijöiden olisi allekirjoitettava salassapito- tai vaitiolositoumus ennen luottamuksellisen tiedon käsittelyä.
Salassapitositoumuksen tulisi sisältää mm.:
Salassapitosopimuksien edellytyksiä ja tarpeita tarkistellaan ja päivitetään säännöllisin väliajoin.
The employment contract should distinguish between cyber security responsibilities and obligations that remain in force after the termination of the employment relationship. The employee should also be reminded of these at the end of the employment relationship to ensure compliance.
Before granting access rights to data systems with confidential information employees have:
Training arranged before granting access rights applies not only to new employees but also to those who move to new tasks or roles, especially when the data systems used by the person and the security requirements related to the job role change significantly with the change of job role. The training is arranged before the new job role becomes active.