ISO/IEC 27002 Section 4

The Information Security Standard ISO/IEC 27002 is divided into eleven main sections. Section 4 is Human Resources.

Human Resources

This covers aspects of job definitions and resourcing, to reduce the risk of human error and ensure that staff understand what their rights and responsibilities are concerning information security.

Most organisations require staff to keep client information confidential. They also ask staff to report security incidents and perceived weaknesses.

Appropriate personnel security ensures:

• That employment contracts and staff handbooks have agreed, clear wording
• Ancillary workers, temporary staff, contractors and third parties are covered
• Anyone else with legitimate access to business information or systems is covered

It must deal with rights as well as responsibilities, for example:

• Access to personal files under the Data Protection Act
• Proper use of equipment as covered by the Computer Misuse Act

Staff training is an important feature of personnel security to ensure the Information Security Management System (ISMS) continues to be effective.

Periodically, refreshers on less frequently used parts of the Information Security Management System (ISMS), such as its role in disaster recovery plans, can make a major difference when there is a need to put the theory into practice.

Use links below for further information:

ISO/IEC 27002 Section 1 
ISO/IEC 27002 Section 2 
ISO/IEC 27002 Section 3 
ISO/IEC 27002 Section 5 
ISO/IEC 27002 Section 6 
ISO/IEC 27002 Section 7 
ISO/IEC 27002 Section 8 
ISO/IEC 27002 Section 9 
ISO/IEC 27002 Section 10 
ISO/IEC 27002 Section 11 
ISO/IEC 27002 Explained

If you would like more background information about information security standards follow this link.