Human Resource Security Policy v1.0 Classification: In ternal DOCUMENT ID : NN - NNN - NN 1 Sample Human Resource Security Policy Human Resource Security Policy v1.0 Classification: In ternal DOCUMENT ID : NN - NNN - NN 2 Version Control Version Date Prepared By Reviewed By Approved By 1.0 dd - mm - yy Change History Version Description of Change 1.0 First release Distribution List 1. Write the target audience who should receive a copy of this document. 2. 3. This document is created by the Azpirantz Marketing Team. For expert consulting aligned with your business needs, please reach out to sales@azpirantz.com. Human Resource Security Policy v1.0 Classification: In ternal DOCUMENT ID : NN - NNN - NN 3 Purpose This policy aims to: 1. Confirm that all employees and contractors comprehend their responsibilities and possess the necessary qualifications for their assigned positions. 2. Guarantee that employees and contractors are knowledgeable about and adhere to their information security obligations. 3. Protect the organization's assets and interests throughout the employee lifecycle, including departures. Scope This policy governs all employees, contractors, and any other individuals who have been authorized to access ABC Corp.'s information assets and information processing facilities. Responsibility Adherence to this policy is the responsib ility of all employees and contractors. The Information Security Management System (ISMS) Steering Committee shall be accountable for the overall governance, oversight, and enforcement of this policy. Policy Statements Roles and Responsibilities 1. The organization shall define and document all information security roles and their associated responsibilities. 2. Information security responsibilities shall be allocated to the appropriate employees, and their awareness of these responsibilities shall be ensur ed. 3. Conflicting duties and areas of responsibility shall be segregated to mitigate opportunities for the unauthorized or unintentional modification or misuse of the organization's assets. Pre - employment Procedures 1. The organization shall perform backgroun d verification checks on all employment candidates. These checks shall be conducted in adherence to relevant legal, regulatory, and ethical guidelines, and their scope shall be commensurate with business requirements, the classification of information to b e accessed, and the assessed risks. Human Resource Security Policy v1.0 Classification: In ternal DOCUMENT ID : NN - NNN - NN 4 2. Contractual agreements with employees and contractors must specify their obligations regarding information security. Throughout Employment 1. Employees and contractors are required to implement information security measur es in accordance with established organizational policies and procedures. 2. All employees and contractors shall receive appropriate information security awareness education and training, along with periodic updates regarding organizational policies and proce dures relevant to their job functions. 3. The organization shall establish and communicate a formal disciplinary process for addressing information security breaches committed by personnel. Upon Termination and Change of Employment 1. Any information security responsibilities and duties that persist following the termination or change of an employee's or contractor's engagement shall be clearly defined, communicated to the individual, and enforced. 2. The management of changes in responsibility or employment stat us shall be handled as a two - step process: the termination of the existing responsibility or employment and the commencement of the new one. Note: This document serves as a sample template. Organizations are required to develop a comprehensive policy that incorporates specific legal, regulatory, contractual, and business requirements.