Background
----------

ISO/IEC 27002:2022 clause 6 suggests a variety of information security controls for workers, particularly employees.


Policy statements
-----------------

1.	Address insider threats through HR management, including pre-employment screening, incorporating security obligations into contracts, applying security principles to IT systems and business processes, and appropriate management oversight.

2.	Insiders play crucial roles in identifying and resolving information risks, and are encouraged to report concerns to management.

3.	Information risk analysis should consider potential accidental errors, deliberate abuses and the possibility of personal gain by insiders, particularly those in trusted or senior roles or handling valuable assets or critical operations.


Notes
-----

This is a “skeleton” policy providing just the bare bones, the basic foundations on which to construct a custom policy for your organisation.  Jump-start the process by visiting www.SecAware.com for a more comprehensive customisable policy template in MS Word.