34
InformatIon SecurIty PolIcy DeveloPment for comPlIance
A.8.1.3 Terms and conditions of employment
Control: As part of their contractual obligation, employees,
contractors, and third-party users should agree and sign the
terms and conditions of their employment contract, which
should state their and the organization’s responsibilities for
information security.
A.8.2 During
em
ployment
Objective: To ensure that employees, contractors, and third-party
users are aware of information security threats and concerns, their
responsibilities and liabilities, and are equipped to support organiza-
tional security policy in the course of their normal work and to reduce
the risk of human error.
Management responsibilities should be ...