±âȹ¡¤Á¶Á÷ | Object to be audited in Plan and Organization | 计划 & 组织
Check whether the target and scope of the lottery printing business are understood and defined clearly in terms of management of instant lottery based developing business and there is any risk.
- date : 2010-07-13 19:47|hit : 2990
-
- Human Resources Security
-
Check List
Prior to employment
Purpose
To ensure that employees, contractors and third party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities
Audit resources
Procedure
Verification
Document
Core of Conduct, Adherence and disciplinary action, Policy on hospitality or gifts
Product
Detailed study list and method
- Check if security roles and responsibilities of employees, contractors and third party users are defined and documented in accordance with the organization¡¯s information security policy.
- Check if background verification checks on all candidates for employment, contractors, and third party users are carried out in accordance with relevant laws, regulations and ethics, and proportional to the business requirements, the classification of the information to be accessed, and the perceived risks.
- Check if users agree and sign the terms and conditions of their employment contract, which state their and the organization¡¯s responsibilities for information security as part of their contractual obligation, employees, contractors and third party.
- Check if a Code of Conduct is issued to all personnel when initially employed.
- Ensure that all personnel formally acknowledge acceptance of this Code.
- Check if the Code of Conduct includes statements that all policies and procedures are adhered to and that infringement or other breaches of the Code could lead to a disciplinary action.
- Check if the Code of Conduct includes statements that employees are required to declare conflicts of Interest on employment as and when they occur and Specific examples of Conflict of Interest are cited within the Code.
- Check if the Code of Conduct includes a policy regarding hospitality or gifts provided by persons or entities
¡Ø REFERENCE: ISO27001, A.8.1, Human Resources Security
Check List
Improvement and optimization of organization
Purpose
To ensure that all employees, contractors and third party users are aware of information security threats and concerns, their responsibilities and liabilities, and are equipped to support organizational security policy in the course of their normal work, and to reduce the risk of human error.
Audit resources
Procedure
Verification
Document
Security training plan, Security training execution report
Product
Detailed study list and method
- Check if management requires employees, contractors and third party users to apply security in accordance with established policies and procedures of the organization.
- Check if all employees of the organization and, where relevant, contractors and third party users receive appropriate awareness training and regular updates in organizational policies and procedures, as relevant for their job function.
- Check if there is a formal disciplinary process for employees who have committed a security breach.
- Check if all new hired employees and, where relevant, new contractors and new third party users receive appropriate awareness training within two weeks of work commencement and regularly thereafter.
- Confirm that such training is documented and formally acknowledged by staff.
The Criteria to Winner: Security and Risk Management for Printed Lottery by Hyejung Moon is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Based on a work at www.itpolicy.co.kr.
Permissions beyond the scope of this license may be available at http://www.lulu.com.
- reply : 0
-
- list
-
- prev
- next