Last review date: April 2020, version 1.0.2
The purpose of the Bethel University Personnel Security Policy is to ensure adequate checks are established to determine and/or confirm, within appropriate legal and professional limits, the qualifications and suitability of a job candidate for roles within Bethel University.
The Bethel University Personnel Security Policy applies to all Bethel University applicants and employees; full-time and part-time.
- For all roles within Bethel University, the hiring process should ensure the candidate has the necessary competence to perform the role and can be trusted to take on the role, especially for roles related to the use, management, or protection of information security.
- Information security responsibilities must be communicated to employees as part of the on-boarding process.
- Observed violations of the information security policies should be communicated through the employees reporting structure or by emailing email@example.com with the concerns.
- Background checks are required prior to employing Bethel University employees, regardless of whether or not a competitive recruitment process is used.
- Background checks may be required for employees who change positions in the company, obtaining more sensitive duties, as determined by Human Resources or the hiring manager.
- Background checks may be required for employees at any time after the employment start date, at the discretion of Human Resources or Executive Management.
- Contractors with access to Bethel University confidential information must have a process in place for conducting background checks on applicable staff. An agreement must be put in place specifying the responsibilities for conducting background checks if a procedure is not currently being followed or in question.
- ISO 27002: 7, 13
- NIST CSF: PR.IP, DE.CM
Waivers from certain policy provisions may be sought following the Bethel University Waiver Process.
Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.
Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of contract(s), and related civil or criminal penalties.