HRS-08: Employment Agreement Content

Control Family:

Human Resources

CSF v1.1 References:

PF v1.0 References:

Previous Version:

Control Statement

The organization includes within the employment agreements provisions and/or terms for adherence to established information governance and security policies.

Implementation Guidance

The agreement between the employee and organization should include—but is not limited to—a confidentiality or non-disclosure agreement if the employee will have access to confidential data. Policy statements relevant to the employee/contractor should be communicated through training. Employee legal responsibilities regarding their rights as an employee of the organization (i.e., whistleblower, data protection regulations, etc.) should include guidance on how to handle both physical and digital assets. The organization should take appropriate and proportionate action if an employee is in breach of an agreement

Auditing Guidance

  1. Verify that the organization has defined formats and templates of Employment Agreements.
  2. Verify that the Agreements include references to the organization's Information Security Management System (ISMS), and that they mandate compliance.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.