M4.3.1 - MANAGEMENT RESPONSABILITIES Implementation Guidance
The entity’s management shall require employees, contractors and third party users to apply security in accordance with established policies and procedures of the entity.
Back to M4.3.1 - P2 - MANAGEMENT RESPONSIBILITIES
Management responsibilities should ensure that employees, contractors and third party users:
- A. Are properly briefed on their information security roles and responsibilities prior to being granted access to sensitive information or information systems
- B. Are provided with guidelines to state security expectations of their role within the entity
- C. Are motivated to fulfill the security policies of the entity
- D. Achieve a level of awareness on security relevant to their roles and responsibilities within the entity
- E. Conform to the terms and conditions of employment, which includes the entity’s information security policy and appropriate methods of working
- F. Continue to have the appropriate skills and qualifications
