To ensure that employees are equipped with the skills, knowledge, and tools to support the organization’s values and adhere to information security policies, Information security requirements shall be embedded into each stage of the employment lifecycle, specifying security-related actions required during each individual’s induction, ongoing management, and termination of their employment.
Screening and Background checks
To ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered, background checks on all candidates for employment shall be carried out by relevant laws, regulations, and ethics and should be proportional to the business requirements, the classification of the information to be accessed and the perceived risks.
During employment or assignment
All employees and contractors shall apply to information security by the established information security policies, steering documents, and frameworks within Schibsted. All employees and contractors shall receive appropriate awareness, education, and training, as defined in chapter 8. Schibsted Security Awareness. Also, regular updates on information security policies and frameworks, as relevant to their job function, shall be communicated.
Termination or change of employment responsibilities
To protect the organization’s interests, information security responsibilities and duties that remain valid after termination or change of employment or assignment should be defined, enforced and communicated to the employee or contractor as well as documented in contracts or non-disclosure agreements, i.e., NDA.