Human Resource Security Standard

The International Organization for Standardization (ISO)

The International Organization for Standardization (ISO) is one of the most influential bodies in the world owing to the influential role it plays with regard to the standard-setting role it plays. It is composed of representatives from a variety of national standard organizations drawn from various countries in the world. The ISO essentially deals with standard setting in a variety of industries with its headquarters in Geneva, Switzerland. The ISO/IEC 27002 is a set of guidelines which focus on information security (Standard, 2015). It is aimed at helping organizations practice good management of information security. This analysis aims to critically analyze the human resource security standard and summarize its main concepts.

The Human Resource Security Standard

The human resource security standard is divided into three main provisions each guiding how information security should be managed by staff. That is, before employment, during employment, and after termination or change of employment (Standard, 2015). The first provision states that information security responsibilities ought to be taken into account during the employee recruitment process and should also be included in their contracts and other compliance obligations. The second provision states that managers are obligated to ensure that all employees know and comply with their obligations with regard to information security (Standard, 2015). Furthermore, a disciplinary process ought to be instituted to handle disputes arising from information security incidents. The final provision offers guidance on how the security features of a departing employee should be managed. For example, return of company equipment in their possession, and updating access rights.

Importance of the Human Resource Security Standard

This standard is important because it reduces vulnerabilities for employees. The human resource security standard can reduce vulnerabilities for students in their current workplace in the following ways; the first provision of this standard ensures that the employee is aware of the information security roles and responsibilities they should adhere to in their current place of employment (Standard, 2015). Second, pre-employment screening ensures their fitness for the roles being applied to through adequate job descriptions. Finally, the third provision ensures that that their liability is safeguarded and it also ensures the individuals are aware of their obligations under intellectual property laws.

References

Standard, A. (2015). ISO/IEC 27002. Information technology-security techniques-code of practice for information security controls,(AS ISO/IEC 27002: 2015), Standards Australia.