Background

----------

ISO/IEC 27002:2022 clause 6.2 indicates that "The employment contractual agreements
should state the personnel�s and the organization�s responsibilities for
information security [in order] to ensure personnel understand their information
security responsibilities for the roles for which they are considered."

Policy statements
-----------------

1. Employment and service contracts should align with the organisation's

information security policies and applicable laws.

2. As a condition of employment, information risk and security-related roles and

responsibilities should be clearly laid out and accepted e.g. before being granted
access to highly confidential data, workers should sign non-disclosure agreements.

3. Information security-related bligations that persist after workers leave the

organisation should be clarified as part of the exit process e.g. maintaining
confidentiality of trade secrets and personal information.

Notes
-----

This is a �skeleton� policy providing just the bare bones, the basic foundations on
which to construct a custom policy for your organisation. Jump-start the process
by visiting www.SecAware.com for a more comprehensive customisable policy template
in MS Word.