Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
11. Personnel Security<br />
These Personnel Security Non-Mandatory Procedures support the Enterprise Security <strong>Policy</strong><br />
(ITEC 7230 Rev 1), and the Acceptable Internet Use <strong>Policy</strong> (ITEC 1200).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
11. Personnel Security <br />
11.1. Acceptable Usage<br />
11.1.1. Establish Acceptable Usage Baselines (6 sets) (6 sets)<br />
11.2. Personnel Operations<br />
11.2.1. Establish Pre-Hiring Processes (4 sets) (3 sets)<br />
11.2.2. Hire Employees in a Structured Fashion (3 sets) (1 set)<br />
11.2.3. Transfer Employees in a Structure Fashion (4 sets) (2 sets)<br />
11.2.4. Terminate Employees in a Structured Fashion (3 sets) (1 set)<br />
11.3. Maintain Records <br />
11.1. Acceptable Usage<br />
No applicable Non-Mandatory Procedures.<br />
11.2. Personnel Operations<br />
The following are the Non-Mandatory Procedures that support the Personnel<br />
Operations section <strong>of</strong> the Default Security Requirements:<br />
11.2.1. Establish Pre-Hiring Processes<br />
Since employees will be assigned access to systems and information Agencies<br />
should take steps to ensure appropriate security considerations are taken into<br />
account:<br />
11.2.1.1 Create Access Agreements<br />
To provide documented records that all personnel have, upon hire,<br />
accepted their information security responsibilities, standardized<br />
access agreements are required:<br />
• Formal access agreements specify the expectations placed<br />
upon employees as well as the standards to which they will be<br />
held.<br />
11.2.1.2 Define Positional Roles<br />
Utilizing role-based access methodology allows for the streamlining <strong>of</strong><br />
on-boarding processes and the simplification <strong>of</strong> employee<br />
management which in turn enhances security:<br />
• Define roles within the organization within which personnel<br />
will be placed using additive rather than exclusive roles where<br />
possible.<br />
• Assign standardized account accesses and permissions to each<br />
role.<br />
37