Information Technology Reference
In-Depth Information
job dependent and extend from keystroke capture and security cameras to monitor-
ing personal activity like international travel and contact with foreign nationals.
5.5.1.4 Employee Evaluation
IA policy compliance, ethical behavior, and other IA-related activities should be
included in employee evaluations and contribute to determining promotions and
raises. This is a strong message to employees, promotes compliance with corporate
policy, and drives appropriate behavior.
5.5.1.5
Employee Termination
The IA architecture addresses employee termination: how, when, situations of
notice versus escorts out the door, account termination, repossession of identifica-
tion badges, access keys, and organizational property.
5.5.1.6 Employee References
Although not an IA issue, corporate policy should address how future references are
given (or not) for former employees.
5.5.1.7 Commentary
Short of a world consisting of angels of the first order, there is need to provide
for pre-employment, post-employment, monitoring, and evaluation of employees
to protect organizational interests such as intellectual property, customer relations
and satisfaction, and general employee safety.
5.5.2
Compliance Management Program
One management responsibility is to identify relevant compliance requirements
(e.g., legislation) for the organization. Subsequent to identification is the need to
reflect these compliance requirements in organizational policy, disseminate the
policies, and ensure these policies are read and understood and that employees
adhere to them—hence the need for a
compliance management program
. he IA
architect may assist greatly with this endeavor through a formal methodology and
formal documentation. Like any other aspect of security, compliance management
is a process, not a destination; therefore, initial implementation of a compliance
management program precedes an operations and maintenance phase.
Business drivers behind compliance management include legislative drivers;
thou shall comply to stay in business, out of jail, and avoid fines. Other drivers
