PERSONNEL SECURITY POLICY

[Company Name]

Document Owner:
Effective Date:
Updated:

Disclaimer: This sample policy has been provided by Apptega, Inc. as a generic document to support the
development of your compliance program. It is unlikely to be complete for your organization without
customization. This document is not legal advice and Apptega is not a registered CPA firm.
Personnel Security Policy
Version 1.0
[Updated Date]

[Company Name]
Personnel Security Policy
Effective Date: Document Owner:
Revision History
Revision Rev. Date Description Prepared By Reviewed By Date Approved By Date
1.0

1. Overview.............................................................................................................................................1
2. Purpose................................................................................................................................................2
3. Scope...................................................................................................................................................2
4. Policy...................................................................................................................................................2
4.1............................................................................................................................................................2
4.2............................................................................................................................................................2
5. Audit Controls and Management........................................................................................................2
6. Enforcement........................................................................................................................................2
7. Distribution..........................................................................................................................................2
8. Related Standards, Policies, and Processes.........................................................................................2
9. Related Sub controls............................................................................................................................3
10. Definitions and Terms......................................................................................................................3

1. Overview
All staff, (including permanent, temporary, and contractor) interact with and in company
systems and processes to accomplish tasks. Some personnel may have access to
proprietary, or other highly sensitive information. Part of being a secure organization
includes addressing the potential risks posed by all personnel, in the events they use
their legitimate information, power, or authorization in malicious ways. Properly
managing personnel authorization, screening, transfer, and termination – among other
things – can mitigate the risks of personnel with malicious intentions.

CONFIDENTIAL
Personnel Security Policy
Version 1.0
[Updated Date]

2. Purpose
This policy provides procedures and protocols supporting an effective management of
personnel procedures and processes that ultimately protect the organization.

3. Scope
This policy applies to all company officers, directors, employees, agents, affiliates,
contractors, consultants, advisors or service providers that initialize, change, or monitor
any system configuration settings. It is the responsibility of all the above to familiarize
themselves with this policy and ensure adequate compliance with it.

4. Policy
4.1
It is <Company> policy to screen individuals prior to authorizing access to
organizational systems containing CUI.

4.2
<Company> is responsible for ensuring that organizational systems containing
CUI are protected during and after personnel actions such as terminations and
transfer.

5. Audit Controls and Management

On-demand documented procedures and evidence of practice should be in place for this
operational policy. Satisfactory examples of evidence and compliance are outlined in the
Audit and Accountability Policy.

6. Enforcement
Staff members found in policy violation may be subject to disciplinary action, up to and
including termination.

7. Distribution
This policy is to be distributed to all staff.

8. Related Standards, Policies, and Processes

 Access Control Policy
 Awareness and Training Policy
 Audit and Accountability Policy
 Identification and Authentication Policy
 Incident Response Policy
 Media Protection Policy

CONFIDENTIAL
Personnel Security Policy
Version 1.0
[Updated Date]

 Physical Protection Policy

 Risk Assessment Policy
 Security Assessment Policy

9. Related Sub controls

Control Code Control
3.9.1 Background Screening
3.9.2 Termination or Change of Responsibility

10. Definitions and Terms

The following definitions are not all-inclusive and should be updated as new information
is made available:
Term Definition

Personnel Full-time or Part-time employees, contractors, or others

who work with or for an organization.

CONFIDENTIAL