Requirement

10.1: Human resources security

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

1. For the purpose of Article 21(2), point (i) of Directive (EU) 2022/2555, the relevant entities shall ensure that their employees and direct suppliers and service providers, wherever applicable, understand and commit to their security responsibilities, as appropriate for the offered services and the job and in line with the relevant entities’ policy on the security of network and information systems.

2. The requirement referred to in point 10.1.1 shall include the following:

mechanisms to ensure that all employees, direct suppliers and service providers, wherever applicable, understand and follow the standard cyber hygiene practices that the relevant entities apply pursuant to point 8.1;
mechanisms to ensure that all users with administrative or privileged access are aware of and act in accordance with their roles, responsibilities and authorities;
mechanisms to ensure that members of management bodies understand and act in accordance with their role, responsibilities and authorities regarding network and information system security;
mechanisms for hiring personnel qualified for the respective roles, such as reference checks, vetting procedures, validation of certifications, or written tests.

3. The relevant entities shall review the assignment of personnel to specific roles as referred to in point 1.2, as well as their commitment of human resources in that regard, at planned intervals and at least annually. They shall update the assignment where necessary.

Fulfill this requirement by completing the tasks below ->

This requirement is part of the framework:

NIS2 Implementing Regulation

Other requirements of the framework

10.1: Human resources security

Best practices

How to implement:

10.1: Human resources security

This policy on

10.1: Human resources security

provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.

2. The requirement referred to in point 10.1.1 shall include the following:

mechanisms to ensure that all employees, direct suppliers and service providers, wherever applicable, understand and follow the standard cyber hygiene practices that the relevant entities apply pursuant to point 8.1;
mechanisms to ensure that all users with administrative or privileged access are aware of and act in accordance with their roles, responsibilities and authorities;
mechanisms to ensure that members of management bodies understand and act in accordance with their role, responsibilities and authorities regarding network and information system security;
mechanisms for hiring personnel qualified for the respective roles, such as reference checks, vetting procedures, validation of certifications, or written tests.

Read below what concrete actions you can take to improve this ->

Frameworks that include requirements for this topic:

No items found.

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to

10.1: Human resources security

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

No other tasks found.

Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement

10.1: Human resources security

of the framework

NIS2 Implementing Regulation

Task name

Priority

Task completes

Complete these tasks to increase your compliance in this policy.

Critical

Staff guidance and training procedure in cyber security

Critical

High

Normal

Low

Personnel security

Cyber security training

Staff guidance and training procedure in cyber security

This task helps you comply with the following requirements

Članak 30.1.g: Kibernetičke higijene i osposobljavanje o kibernetičkoj sigurnosti NIS2 Croatia

2.6: Ohjeet ja koulutus TiHL tietoturvavaatimukset

9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu Kyberturvallisuuslaki

9.2 §: Kyberturvallisuuden toimintaperiaatteet Kyberturvallisuuslaki

9.6 §: Henkilöstöturvallisuus ja tietoturvakoulutus Kyberturvallisuuslaki

Maintaining confidentiality agreements

Critical

High

Normal

Low

Personnel security

Cyber security in contracts

Maintaining confidentiality agreements

This task helps you comply with the following requirements

Članak 30.1.i (Ljudskih resursa): Sigurnost ljudskih resursa NIS2 Croatia

9.6 §: Henkilöstöturvallisuus ja tietoturvakoulutus Kyberturvallisuuslaki

6.1.2: Non-disclosure agreement management TISAX

2.1.2: Staff compliance with information security policies TISAX

9.7.1: Personnel commitment to Confidentiality TISAX

Defining cyber security responsibilities and tasks in employment contracts

Critical

High

Normal

Low

Personnel security

Cyber security in contracts

Defining cyber security responsibilities and tasks in employment contracts

This task helps you comply with the following requirements

Članak 30.1.i (Ljudskih resursa): Sigurnost ljudskih resursa NIS2 Croatia

9.6 §: Henkilöstöturvallisuus ja tietoturvakoulutus Kyberturvallisuuslaki

2.1.2: Staff compliance with information security policies TISAX

9.7.1: Personnel commitment to Confidentiality TISAX

30 § 3.9° (ressources humaines): La sécurité des ressources humaines NIS2 Belgium

General security guidelines for staff

Critical

High

Normal

Low

Personnel security

Security guidelines

General security guidelines for staff

This task helps you comply with the following requirements

Članak 30.1.g: Kibernetičke higijene i osposobljavanje o kibernetičkoj sigurnosti NIS2 Croatia

2.6: Ohjeet ja koulutus TiHL tietoturvavaatimukset

9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu Kyberturvallisuuslaki

2.1.2: Staff compliance with information security policies TISAX

9.7.1: Personnel commitment to Confidentiality TISAX

Ensuring supply chain security

Critical

High

Normal

Low

Partner management

Supplier security

Ensuring supply chain security

This task helps you comply with the following requirements

Art. 24.3: Sicurezza della catena di approvvigionamento NIS2 Italy

§ 32.(4).d: Sicherheit in der Lieferkette NIS2 Austria

§ 30.(2).4: Sicherheit der Lieferkette NIS2 Germany

§ 30: Krav til sikkerhed i forsyningskæden Energisektor beredskabsbekendtgørelse

§ 29: Procedurer for sikkerhed i forsyningskæden Energisektor beredskabsbekendtgørelse

Defining security roles and responsibilities

Critical

High

Normal

Low

Risk management and leadership

Cyber security management

Defining security roles and responsibilities

This task helps you comply with the following requirements

T02: Turvallisuustyön tehtävien ja vastuiden määrittäminen Katakri

24. Responsibility of the controller GDPR

6.1.1: Information security roles and responsibilities ISO 27001

ID.AM-6: Cybersecurity roles and responsibilities NIST

ID.GV-2: Cybersecurity role coordination NIST

Disciplinary process for security breaches

Critical

High

Normal

Low

Personnel security

Cyber security in contracts

Disciplinary process for security breaches

This task helps you comply with the following requirements

7.2.3: Disciplinary process ISO 27001

PR.IP-11: Cybersecurity in human resources NIST

5.28: Collection of evidence ISO 27001

6.4: Disciplinary process ISO 27001

7.3: Awareness ISO 27001

Screenings and background checks before recruitment

Critical

High

Normal

Low

Personnel security

Changes in employment relationships

Screenings and background checks before recruitment

This task helps you comply with the following requirements

9.6 §: Henkilöstöturvallisuus ja tietoturvakoulutus Kyberturvallisuuslaki

2.1.1: Competence of employees TISAX

30 § 3.9° (ressources humaines): La sécurité des ressources humaines NIS2 Belgium

PR.IP-11: Cybersecurity is included in human resources practices (deprovisioning, personnel screening…).CyberFundamentals

PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions.CyberFundamentals

Reminding personnel about their cyber security responsibilities

Critical

High

Normal

Low

Personnel security

Cyber security training

Reminding personnel about their cyber security responsibilities

This task helps you comply with the following requirements

21.2.g: Cyber hygiene practices and training NIS2

2.1.3: Staff training TISAX

9.11 §: Perustason tietoturvakäytännöt ja henkilöstön vastuu Kyberturvallisuuslaki

30 § 3.7°: Les pratiques et la formation en matière d'hygiène cybernétique NIS2 Belgium

Članak 30.1.g: Kibernetičke higijene i osposobljavanje o kibernetičkoj sigurnosti NIS2 Croatia

Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.