HRS-13: Compliance User Responsibility

Control Family:

Human Resources

Previous Version:

Control Statement

Make employees aware of their roles and responsibilities for maintaining awareness and compliance with established policies and procedures and applicable legal, statutory, or regulatory compliance obligations.

Implementation Guidance

The organization should maintain a training and awareness program that regularly reminds personnel of their responsibilities. These responsibilities include maintaining awareness and compliance with policies, procedures, and applicable legal, statutory, and/or regulatory obligations. The training and awareness program may include several awareness-raising activities via appropriate physical or virtual channels, such as campaigns, booklets, posters, newsletters, websites, information sessions, briefings, e-learning modules, and emails.

Auditing Guidance

  1. Examine the process for selection of applicable legal, statutory, or regulatory compliance obligations, and for review of its output.
  2. Verify, by Interviews or otherwise, that employees are aware of their roles and responsibilities with respect to such obligations.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.