Personnel Security Policy

Personnel Security Policy

SOC2 CertificationNetspective Unified Process
 

The Personnel Security Policy outlines the procedures for the management of Personnel Security within the Netspective Communications LLC. [FII-SCF-023-SAT-01]

  • Within 30 days of hire, the entity must provide general security awareness training to the workforce, which should include recognizing and reporting insider threats. If required, additional training on specific security procedures must be completed before granting access to entity-sensitive information that is not covered in the general security training. The entity must reinforce all security training at least annually and track it. [FII-SCF-023-SAT-02]

  • Awareness_training

    Database error please contact administrator!

    • The entity must require its workforce to follow the Acceptable Use of Information Technology Resources Policy, and establish an auditable process for users to acknowledge their agreement to comply with the policy’s requirements.

    • The entity must evaluate all job positions to determine whether they need access to sensitive information and/or sensitive information technology assets.

    • If a job position requires access to sensitive information and sensitive information technology assets, the entity must conduct workforce suitability determinations, unless prohibited by law, regulation or contract. Depending on the risk level, suitability determinations may include, where appropriate and permissible, the evaluation of criminal history record information or other reports from federal, state, and private sources that maintain public and non-public records. The suitability determination must provide the entity with reasonable grounds to conclude that an individual will likely be able to perform the required duties and responsibilities of the position without undue risk to the entity.

    • The entity must establish a process for periodically reviewing or repeating suitability determinations upon a change of job duties or position.

    • The entity is responsible for ensuring that all issued property is returned prior to an employee’s separation and that accounts are disabled and access is removed immediately upon separation.

    Approved by
    Ajay Kumaran Nair on June 13, 2023 |
    Last Updated by
    Sreejith K on June 13, 2023