Hello Peer Mohammed!
Thanks for your reply, i am in IT co.working as HR exe. and i need to prepare a document related to sales force, how i have to prepare the documents for all the questions? what will be the perfect anwers for all? as we dont maintain all the securities, but we are thinking of to introduce all the securities as soon we will prepare all the document for sales force. Its necessary to produce to our clients whenever its requires. All the questions are appended below, kindly provide me some answers of my queries.
3.1 Does your organization have a written/fully documented personnel security policy that aligns with the current information security policy?
3.2 Does your organization's policy provide the following: definition of
roles and responsibilities, employment screening process, defined terms and conditions of employment, and a termination process for employees, third parties and contractors?
Indicate if your policy includes the following components:(Please
provide additional supporting detail in the comments section.)
3.3 Does your organization conduct background checks for all new employees, contractors, and third parties per any necessary regulations? Do background checks include references, verification of qualifications, criminal record check, credit check, and/or a drug screen?
3.4 Does your organization require all employees, contractors, and
third-parties to sign confidentiality or non-disclosure agreements when going through the hiring process?
3.5 Does your organization's employment agreement cover aspects of
information security responsibility within the organization?
3.6 Does your management require all employees to apply security in
accordance with the established organizational policies and procedures?
3.7 Does your organization require all employees to receive annual security awareness training, including social engineering, in accordance with their areas of responsibility? Are there supporting resources such as internal websites to support this training?
3.8 Does your organization's policy outline a disciplinary process for
employees who have committed a security breach?
Regards
Sheuli