GV.RR-04.048

Does your organization have a formal process to ensure personnel are aware of, acknowledge, and comply with security policies relevant to their roles?

Explanation

This question assesses whether your organization has established mechanisms to communicate security responsibilities to employees and hold them accountable for following security policies specific to their job functions. Effective security awareness programs ensure employees understand what security policies apply to them and how they should implement them in their daily work activities. Evidence could include: signed security policy acknowledgment forms, role-specific security training completion records, security awareness program documentation, or a security policy management system that tracks employee acknowledgments and periodic re-certifications of understanding.

Implementation Example

Define and enforce obligations for personnel to be aware of, adhere to, and uphold security policies as they relate to their roles

ID: GV.RR-04.048

Context

Function: GV: GOVERN
Category: GV.RR: Roles, Responsibilities, and Authorities
Sub-Category: Cybersecurity is included in human resources practices

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub