Personnel Security Policy

I wrote a generic Personnel Security Policy which is attached below.

Sections of this policy include:

Requirement to Protect Corporate Assets
Information Security Responsibilities in Employee Handbook & Contracts
Information Security Training
Background Checks
Bonding
Conflict of Interest
Non-Disclosure Agreements
Security Incidents

Here’s an excerpt:

Include information security responsibilities in company rules and worker’s contracts.

Information security responsibilities to be followed by all employees must be incorporated into Organization XYZ’s employee handbook.

All employees must acknowledge in writing (electronic acknowledgement is acceptable) that they have read and understood Organization XYZ’s employee handbook.

Specific information security responsibilities must be incorporated into all contracts with contractors (including consultants or any non-employee who performs work for hire) who have access to restricted, customer or otherwise sensitive information.

You can download a copy of the policy here: Personnel Security Policy

Let me know if you have any suggestions!

Tagged as: Data Security Policy, Information Security Policy, Personnel Security Policy, Security Policies, Security Policy

{ 1 comment… read it below or add one }

Personnel Security July 1, 2010 at 11:20 pm: I agree with you. The information collected must be classified and protected based on its importance to the business activities, risks, and security best practices.

Leave a Comment

Previous post: Acceptable Use Policy Example

Next post: Network Security Policy

Recent Data Breaches
- Update: UnitedHealthcare notifies Medicare members of data breach; company says 68 people in Missouri affected
  An employee access records in an unauthorized manner, according to the company. UnitedHealthcare is advising people in Missouri that have enrolled in its Medicare plans to a data breach by a now-former employee that has affected a reported 68 people across the state of Missouri. […]
- EFA demands data breach disclosures
  Electronic Frontiers Australia is calling for organisations to be required to notify data breaches where personal details of individuals are compromised. Its board has voted unanimously to support the implementation of mandatory data breach notification regulations. EFA board member, Karen Higgins, said: "It is outrageous that an organisation can have a […]
- Multiple 'mistakes' led to massive health data breach, director says
  New details of what went wrong in a costly health information data breach emerged Wednesday. […]
- McEntee: After data breach, I’ll long be looking over my shoulder
  McEntee: After data breach, I’ll long be looking over my shoulder By peg mcentee Tribune Columnist Published May 17, 2012 08:00AM MDT A couple of weeks ago, I returned home from vacation to learn my personal health information had been hacked. So I signed up for the free credit monitoring that lasts a year. On Monday, not having heard about my Social Securit […]
- Utah CTO takes fall for data breach
  Computerworld - The executive director of Utah's Department of Technology Services has resigned over a data breach two months ago that exposed the Social Security numbers and other personal data of about 280,000 Medicaid recipients. […]
- Utah Government Fires Tech Director After Data Breach on Medicaid Server
  May 16, 2012 -- Utah state technology director Stephen Fletcher resigned on Tuesday in the wake of a massive healthcare data breach that exposed personal information of about 780,000 people. […]
- Data breach
  Gov. Gary Herbert has fired the state’s top computer nerd in the wake of the Medicaid data breach. […]
- Utah guv fires tech director over health data breach, creates security czar
  Utah guv fires tech director over health data breach, creates security czar By heather may The Salt Lake Tribune Published May 15, 2012 06:10PM MDT Gov. Gary Herbert apologized to the 780,000 victims of the health data security breach on Tuesday. To restore the public’s trust, he announced Tuesday that he fired Department of Technology Services director Step […]
- Application Security, Inc. Pledges One Million Dollars Of Database Security Software To Help Enterprises Battle Data ...
  In an effort to help organizations defend against the ongoing data breach epidemic, Application Security, Inc. , the leading provider of database security solutions for the enterprise, today announced that it will give away up to one million dollars of database security software. […]
- Beazley Breach Response Services Expanded to Tackle Risks of PCI Investigations Following Suspected Data Breaches
  SAN FRANCISCO, May 7, 2012 /PRNewswire/ -- Enhancements announced today to Beazley Breach Response (BBR), Beazley's market-leading data breach response and insurance solution, include practical support ... […]

Subscribe to Data Security Policies via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Categories
- Security Policies
- Security Standards
Information Security
- IT Security Guy
Security Policies
- Christiansen’s IT Law
Security News Feed
- Why Apple, RIM, Nokia and Motorola are arguing over what your next SIM card will look like
  Apple's SIM design would result in handsets costing more to manufacture. […]
- Friday folly: HTC changes U. S. Android phones to avoid injunction
  HTC has changed the Android software on its newest US phones to avoid an injunction brought by Apple. […]
- Cyber security: U.S. mulls blocking China Mobile license
  Concerned about cyber security and possible spying, U.S. officials are considering denying China Mobile's license for providing international information service in the United States.Officials... […]
- UK government keeps RIM in play with BlackBerry 7 security rating
  RIM is holding on to the niche government market by certifying BlackBerry 7 as fit for government use, while Apple and Google have yet to step up to the mark. […]
- The Pirate Bay returns, Anonymous hater takes credit for DDoS
  The Pirate Bay is back online. An Anonymous traitor who goes by the name AnonNyre has claimed responsibility for the Distributed Denial of Service (DDoS) attack that kept the site offline for days. […]
- These 'Alpha Geeks' are already living in the future (photos)
  The thinkers, designers, engineers, and hackers at the center of the maker movement are focused on the innovation business. At the MAKE Hardware Innovation Workshop this week, the open-source... […]
- Wikileaks has been under DDoS attack for the last three days
  The Pirate Bay is down. Wikileaks is down. Visa was down. Are all these Distributed Denial of Service (DDoS) attacks a coincidence? Right now it's not clear, but something is definitely happening. […]
- Anonymous denies it is behind The Pirate Bay DDoS attack
  The hacktivist group Anonymous has denied allegations that it is behind the Distributed Denial of Service (DDoS) attack against The Pirate Bay. Update: The Pirate Bay has confirmed the denial. […]
- Google to centralize Android development and sales
  According to a Wall Street Journal report, Google is going to radically shift how it works with its partners in developing and selling Android. […]
- The Pirate Bay hit with massive DDoS attack
  The Pirate Bay is down for me. Is it down for you? It may be, since the site has confirmed it is experiencing "a quite big" Distributed Denial of Service (DDoS) attack. It's unclear who is behind it. […]
Data Security Policy Tags
Acceptable Use Policy Authentication Policy Business Continuity Policy Business Continuity Security Policy cloud cloud computing computer computers Computers and Internet Computers and Technology Corporate Security Policy Data Classification Policy Data Recovery Data Security Policies Data Security Policy Disaster Recovery Policy hard drive data recovery hard drive recovery Incident Response Plan Incident Response Plan Template Incident Response Policy Information Security Policy Internet Internet Security IT laptop laptop computer laptops mozy online backup online backup PC RAID data recovery Record Retention Policy security Security Breach Security Policies Security Policy Security Standards software spyware technology Vulnerability Management Policy Windows Hardening Guide Windows Hardening Standard Wireless Security Standard

tumblr stats