Background verification ensures we hire trustworthy individuals before granting access to sensitive systems or data, reducing the risk of internal threats.
Provide accurate information during the hiring process and promptly notify HR of any discrepancies that may arise in your background verification.
In a recent case, a financial employee hired without proper criminal record checks was later found guilty of past fraud - a preventable security risk.
Your employment contract includes specific information security clauses that legally bind you to protect company information. These terms establish clear expectations and accountability for all employees.
By signing your contract, you acknowledge your role in maintaining our security posture and agree to follow established protocols.
Thoroughly read and understand all information security clauses in your employment documents. This includes initial contracts and any subsequent updates related to security policies.
- Review security terms in employment documents
- Acknowledge updates to security policies
- Follow contractual security obligations
- Ask questions about unclear requirements
Implement training in daily activities
Stay updated on new threats and protocols
Complete required security training
Regular security training is your first line of defense against evolving cyber threats. Employees who recognize phishing attempts and other security risks can prevent incidents before they occur. Our security team regularly updates training materials to address emerging threats and compliance requirements.
Policy breach identified and documented
Incident details gathered and reviewed
Severity assessed based on impact and intent
Appropriate disciplinary action taken
Our disciplinary process ensures fair and consistent handling of security violations. Consequences vary based on severity, ranging from additional training to termination in serious cases. The process reinforces the importance of security compliance while protecting organizational assets.
All company-issued hardware must be returned, including laptops, phones, security tokens, and storage devices. Ensure all data is intact and not copied elsewhere.
Your access to company systems, applications, and facilities will be terminated. Never attempt to access systems after departure, as this constitutes unauthorized access.
Your obligation to protect company information continues after employment ends. Never share proprietary information, trade secrets, or client data with new employers or others.
- Trade secrets
- Client information
- Business strategies
- Before employment
- During employment
- After employment
- Maintain confidentiality
- Secure sensitive materials
- Report potential breaches
- Legal action
- Financial penalties
- Reputational damage
Always use company VPN and avoid public Wi-Fi
Use only approved devices with encryption enabled
Prevent shoulder surfing and screen visibility in public
Maintain a private, organized work environment
Remote work introduces unique security challenges. An employee working from a coffee shop once left their screen unlocked while using public Wi-Fi, potentially exposing sensitive client data to shoulder surfing and network interception. Always maintain the same level of security awareness outside the office as you would within it.
Notice suspicious activity, phishing emails, unusual system behavior, or potential policy violations
Contact the security team immediately through the approved reporting channel (email, phone, ticketing system)
Provide clear details about what you observed, when it occurred, and any immediate actions taken
Assist with any follow-up investigation by providing additional information as requested
Security requires full commitment from every employee, regardless of role or seniority
Information security awareness applies at all times, both in and out of the office
We work as a unified force to protect our organization's critical information assets
Remember that security is only as strong as its weakest link. By understanding and fulfilling your security responsibilities, you become an essential part of our defense against ever-evolving threats. Your vigilance protects not just our organization, but our customers, partners, and your colleagues.
By clicking submit button, I confirm that I have read, understood, and will follow the information security and privacy responsibilities outlined in this guide, and will promptly report any security concerns.
NUK 9 Information Security Auditors LLP [NUK 9 Auditors]
E702, Arjun, NL Complex, Anand Nagar, Dahisar East
Mumbai, Maharashtra - 400068. India
This material, including all content, graphics, systems, and tools referenced or used herein, is the intellectual property of NUK 9 Auditors. Unauthorized copying, distribution, modification, or use of this material or related systems is strictly prohibited and may result in disciplinary or legal action.
Use of content is permitted only for internal team, it's contracted services and authorized purposes in accordance with company policies.
Your actions directly impact our organization's security posture. This guide outlines your responsibilities under ISO 27001 People Controls (A.6) and provides practical examples to help you protect our information assets.