HRS-07: Employment Agreement Process

Control Family:

Human Resources

CSF v1.1 References:

PF v1.0 References:

Previous Version:

Control Statement

Employees sign the employee agreement prior to being granted access to organizational information systems, resources and assets.

Implementation Guidance

Employees should not be granted access to systems or information unless they have signed the employment agreement featuring terms and conditions concerning information security. The terms and conditions of employment should be appropriate to the employee based on their role. Additionally, roles and responsibilities should be communicated during the hiring process. The terms and conditions concerning information security should be reviewed and updated if relevant laws, regulations, or information security policies change. Furthermore, personnel may be asked to acknowledge and agree to such changes

Auditing Guidance

  1. Verify that the organization has defined formats and templates of employment agreements.
  2. Verify, if more than one Agreement is used, that they are mapped to appropriate roles and job descriptions.
  3. Examine the policy and procedures that mandate the signing of such Agreement before access is granted.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.