When to use this
Use this checklist when reviewing employment contracts, contractor terms, onboarding acknowledgements, or security addenda for A.6.2 coverage.
Related controls
- A.6.2 Terms and Conditions of Employment
- Security Responsibilities Addendum
- Confidentiality Agreement Register
- A.5.31 Legal, Statutory, Regulatory and Contractual Requirements
Checklist
- Terms identify the personnel category: employee, contractor, temporary staff, or third-party user.
- Terms require compliance with the Information Security Policy.
- Terms describe handling responsibilities for classified or confidential information.
- Terms describe acceptable use of information processing facilities.
- Terms include legal, statutory, regulatory, and contractual obligations relevant to the role.
- Confidentiality obligations are signed before access to confidential information.
- Remote work, home working, customer-site work, and outside-hours responsibilities are covered where relevant.
- Post-employment confidentiality obligations are stated where legally permitted.
- Incident or weakness reporting obligations are stated.
- Consequences of non-compliance are described.
- Organization responsibilities for personnel personal data are stated.
- Terms are updated when role, access, or work context changes.
Review table
| Agreement or population | Coverage gaps | Owner | Action required | Due date | Status |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- People controls
- Employment terms
Note Metadata
Aliases: Employment Security Terms Checklist
Source: 90 Templates/Security Terms and Conditions Checklist.md
Related Notes
- ISO 27001 A.5.1 - Policies for Information Security
- ISO 27001 A.5.31 - Legal, Statutory, Regulatory and Contractual Requirements
- ISO 27001 A.6.2 - Terms and Conditions of Employment
- A.6 People Controls MOC
- A.6.2 Audit Evidence Pack
- A.6 People Controls Implementation Guide
- A.6 People Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.6.2 Audit Checklist
- Confidentiality Agreement Register
- Template - Security Responsibilities Addendum
- Templates MOC