UnixTime

Research Note

Security Terms and Conditions Checklist

Use this checklist when reviewing employment contracts, contractor terms, onboarding acknowledgements, or security addenda for A.6.2 coverage.

On this page

When to use this

Use this checklist when reviewing employment contracts, contractor terms, onboarding acknowledgements, or security addenda for A.6.2 coverage.

Checklist

  • Terms identify the personnel category: employee, contractor, temporary staff, or third-party user.
  • Terms require compliance with the Information Security Policy.
  • Terms describe handling responsibilities for classified or confidential information.
  • Terms describe acceptable use of information processing facilities.
  • Terms include legal, statutory, regulatory, and contractual obligations relevant to the role.
  • Confidentiality obligations are signed before access to confidential information.
  • Remote work, home working, customer-site work, and outside-hours responsibilities are covered where relevant.
  • Post-employment confidentiality obligations are stated where legally permitted.
  • Incident or weakness reporting obligations are stated.
  • Consequences of non-compliance are described.
  • Organization responsibilities for personnel personal data are stated.
  • Terms are updated when role, access, or work context changes.

Review table

Agreement or population Coverage gaps Owner Action required Due date Status
TBD TBD TBD TBD TBD TBD