Establish, document, and communicate to all personnel the procedures outlining the roles and responsibilities concerning changes in employment.
The organization should establish and communicate a ‘termination of employment’ policy that defines the responsibilities and duties that should remain valid after termination of employment or a change in employment status. This may include guidelines on information confidentiality, intellectual property, and other knowledge obtained while personnel was employed under the organization’s control, and responsibilities contained within any additional confidentiality agreements. These responsibilities should be included in employment terms and conditions. The process for termination or change of employment should also be applied to external personnel (i.e., suppliers) when contract or job termination occurs or there is a role change within the organization
- Examine policy for adequacy, currency, communication, and effectiveness.
- Verify that organization charts are maintained and available as appropriate.
- Verify that a definition of terminated employees exists, and is implemented.
- Examine policy and procedures for notification of stakeholders upon changes in employment, or of roles, and the appropriate activities are triggered, i.e. access changes, asset return, etc.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.