Professional Documents
Culture Documents
Group
Information Management
Standard 8.1 Human Resources Security: Prior to
Employment
Document owner: Philip Colby
Reviewed by: IM Governance
Approved by: ISSG
Release status: Approved
Security classification: Unclassified
This document is uncontrolled when printed.
Document reference: none
Document version: 1.1
Last review date: 20060608
Next review date: 20070701
Change history
8.1 Human Resources Security: Prior to Employment Version: 1.1
ã 2006 BG Group Page 1 of 3 Date: 20060608
BG Group
Information Management
Purpose
To ensure that employees, contractors and third party users understand their
responsibilities, and are suitable for the roles they are considered for, and to reduce
the risks of theft, fraud or misuse of facilities.
Scope
ISO 17799 section 8.1.
Audience
This standard applies to all of BG Group and subsidiaries, and to jointly owned
assets where BG is the operator. In nonoperated assets it has advisory status.
Standard
1. Roles and responsibilities
Where appropriate, job descriptions must include any specific responsibilities for the
protection of particular assets, or for the execution of security processes or activities.
2. Screening
Potential recruits must be screened in accordance with HR procedures including
checks by outsourced ‘information verification’ service providers if appropriate.
Verification checks on permanent staff must be carried out at the time of job
applications. This should include the following controls:
a) Availability of satisfactory employment references.
b) A check (for completeness and accuracy) of the applicant’s curriculum vitae.
c) Confirmation of claimed academic and professional qualifications.
d) Independent identity check (passport or similar document).
e) Credit reference checks for those in senior financial roles.
A similar screening process should be carried out for contractors and temporary staff.
Where these staff are provided through an outsourcing service provider or agency,
then the contract should specify the provider’s responsibilities for screening and the
notification procedures they need to follow if screening has not been completed or if
the results give cause for doubt or concern.
Where a job involves a person in having access to sensitive information, more
detailed checks are appropriate, and advice should be sought from HR.
8.1 Human Resources Security: Prior to Employment Version: 1.1
ã 2006 BG Group Page 2 of 3 Date: 20060608
BG Group
Information Management
3. Terms and conditions of employment
All employees of the BG Group are required to consent to maintaining the
Company’s information security policy as part of their terms and conditions of
employment. This includes legal responsibilities, e.g. under data protection
legislation, and the obligation to maintain the confidentiality of Company information.
As part of their terms and conditions of employment, employees of BG Group are
required to comply with the Business Principles and with all Company policies and
procedures including the company Security Policy. Temporary staff, contractors, and
third party users not already covered by an existing contract should be required to
sign a confidentiality agreement prior to being given access to information processing
facilities.
Procedures
Periodic checks are made for unused accounts.
Control Evidence
Records of account requests are held by the Service Desk.
Records of removed accounts are held by the Service Desk.
Induction site on the Company portal.
Employment contracts.
8.1 Human Resources Security: Prior to Employment Version: 1.1
ã 2006 BG Group Page 3 of 3 Date: 20060608