Employee Security Guidelines: Understanding Your Role in Information Security
Your actions directly impact our organization's security posture. This guide outlines your responsibilities under ISO 27001 People Controls (A.6) and provides practical examples to help you protect our information assets.
Background Verification: Our First Line of Defense
Why We Screen
Background verification ensures we hire trustworthy individuals before granting access to sensitive systems or data, reducing the risk of internal threats.
Your Responsibilities
Provide accurate information during the hiring process and promptly notify HR of any discrepancies that may arise in your background verification.
Real-World Impact
In a recent case, a financial employee hired without proper criminal record checks was later found guilty of past fraud - a preventable security risk.
Employment Terms: Your Security Contract
Contract Importance
Your employment contract includes specific information security clauses that legally bind you to protect company information. These terms establish clear expectations and accountability for all employees.
By signing your contract, you acknowledge your role in maintaining our security posture and agree to follow established protocols.
Your Responsibilities
Thoroughly read and understand all information security clauses in your employment documents. This includes initial contracts and any subsequent updates related to security policies.
- Review security terms in employment documents
- Acknowledge updates to security policies
- Follow contractual security obligations
- Ask questions about unclear requirements
Security Awareness: Staying Informed and Vigilant
Apply Security Knowledge
Implement training in daily activities
Continuous Learning
Stay updated on new threats and protocols
Security Fundamentals
Complete required security training
Regular security training is your first line of defense against evolving cyber threats. Employees who recognize phishing attempts and other security risks can prevent incidents before they occur. Our security team regularly updates training materials to address emerging threats and compliance requirements.
Disciplinary Process: Accountability Matters
Security Violation
Policy breach identified and documented
Investigation
Incident details gathered and reviewed
Determination
Severity assessed based on impact and intent
Consequences
Appropriate disciplinary action taken
Our disciplinary process ensures fair and consistent handling of security violations. Consequences vary based on severity, ranging from additional training to termination in serious cases. The process reinforces the importance of security compliance while protecting organizational assets.
Post-Employment Security: Clean Transitions
Device Return
All company-issued hardware must be returned, including laptops, phones, security tokens, and storage devices. Ensure all data is intact and not copied elsewhere.
Access Revocation
Your access to company systems, applications, and facilities will be terminated. Never attempt to access systems after departure, as this constitutes unauthorized access.
Continued Confidentiality
Your obligation to protect company information continues after employment ends. Never share proprietary information, trade secrets, or client data with new employers or others.
Confidentiality Agreements: Protecting Our Information Assets
What NDAs Protect
- Trade secrets
- Client information
- Business strategies
When NDAs Apply
- Before employment
- During employment
- After employment
Your Obligations
- Maintain confidentiality
- Secure sensitive materials
- Report potential breaches
Consequences
- Legal action
- Financial penalties
- Reputational damage
Remote Work Security: Safe Practices Beyond the Office
Secure Connections
Always use company VPN and avoid public Wi-Fi
Protected Devices
Use only approved devices with encryption enabled
Physical Privacy
Prevent shoulder surfing and screen visibility in public
Secure Workspace
Maintain a private, organized work environment
Remote work introduces unique security challenges. An employee working from a coffee shop once left their screen unlocked while using public Wi-Fi, potentially exposing sensitive client data to shoulder surfing and network interception. Always maintain the same level of security awareness outside the office as you would within it.
Security Incident Reporting: If You See Something, Say Something
Observe
Notice suspicious activity, phishing emails, unusual system behavior, or potential policy violations
Report
Contact the security team immediately through the approved reporting channel (email, phone, ticketing system)
Document
Provide clear details about what you observed, when it occurred, and any immediate actions taken
Cooperate
Assist with any follow-up investigation by providing additional information as requested
Real-World Security Scenarios: Learning from Experience
Your Security Commitment: A Shared Responsibility
100%
Participation
Security requires full commitment from every employee, regardless of role or seniority
24/7
Vigilance
Information security awareness applies at all times, both in and out of the office
1
Team
We work as a unified force to protect our organization's critical information assets
Remember that security is only as strong as its weakest link. By understanding and fulfilling your security responsibilities, you become an essential part of our defense against ever-evolving threats. Your vigilance protects not just our organization, but our customers, partners, and your colleagues.
By clicking submit button, I confirm that I have read, understood, and will follow the information security and privacy responsibilities outlined in this guide, and will promptly report any security concerns.
NUK 9 Information Security Auditors LLP [NUK 9 Auditors]
E702, Arjun, NL Complex, Anand Nagar, Dahisar East
Mumbai, Maharashtra - 400068. India
E702, Arjun, NL Complex, Anand Nagar, Dahisar East
Mumbai, Maharashtra - 400068. India
This material, including all content, graphics, systems, and tools referenced or used herein, is the intellectual property of NUK 9 Auditors. Unauthorized copying, distribution, modification, or use of this material or related systems is strictly prohibited and may result in disciplinary or legal action.
Use of content is permitted only for internal team, it's contracted services and authorized purposes in accordance with company policies.
Use of content is permitted only for internal team, it's contracted services and authorized purposes in accordance with company policies.