The objectives of AU's policy for human resource security are:
Background verification checks on all candidates for employment shall be carried out in accordance with relevant laws, regulations and ethics and shall be proportional to the business requirements, the classification of the information to be accessed and the perceived risks. (A.7.1.1)
The HR unit in question and the unit employing the employee must ensure that employees in particularly trusted positions, including managerial and IT positions, are subject to a thorough background check.
The contractual agreements with employees and contractors shall state their and the organization's responsibilities for information security. (A.7.1.2)
The person at Aarhus University responsible for concluding the employment contract must inform the new member of staff about the university's information security policy.
A number of initiatives have been planned and established centrally in order to comply with the above requirements:
|
Management shall require alle employees and contractors to apply information security in accordance with the established policies and procedures of the organization. (A.7.2.1)
All employees of the organization and, where relevant, contractors shall receive appropriate awareness education and training and regular updates in organizational policies and procedures, as relevant for their job function. (A.7.2.2)
The manager is responsible for ensuring that all unit employees:
There shall be a formal and communicated disciplinary process in place to take aktion against employees who have committed an information security breach. (A.7.2.3)
The responsible HR unit and the unit employing the employee must ensure that the formal disciplinary process is followed.
A number of initiatives have been planned and established centrally in order to comply with the above requirements:
|
Information security responsibilities and duties that remain valid after termination or change of employment shall be defined, communicated to the employee or contractor and enforced. (A.7.3.1)
Employees and contractors must return all assets issued by Aarhus University upon termination of employment, contract or special agreement, such as emeritus schemes. It is also incumbent upon them to uphold confidentiality regarding information pertaining to Aarhus University after the end of the contractual relationship.
A number of initiatives have been planned and established centrally in order to comply with the above requirements:
|
QUESTION GUIDE
Consider the question guide as a tool to navigate the requirements of the policy: