Preparing Terms and Conditions of Employment

The Terms and Conditions of Employment specify the particulars of the employment relationship between an employer and employee. All such documents usually cover certain basic issues, but their content may also vary because what is deemed necessary for inclusion depends on the type of organisation, the position, and so forth. Standard contracts of employment are re-drafted from time to time to ensure that they keep up with the changing times. Increasingly, the issue of Information Security is being recognised as one that should be expressly addressed in modern contracts of employment.


To view the related Policy click      

  • Where individual job descriptions and duties make no reference to Information Security other than for technical people, staff may be under the mistaken impression that they have no responsibility for Information Security.

  • Everyone is responsible for security in an organisation. General Information Security responsibilities must be allocated to each member of staff.
  • Detail the specific responsibilities for the Information Security roles e.g. Security Officer, Data Protection Officers, System Administrator.
  • Technical Information Security specialists should also have their responsibilities detailed.
  • Where the Terms and Conditions of Employment do not incorporate the security requirements for the use of information systems, your organisation could possibly suffer damage with minimal legal redress against the individual(s) concerned.

  • Your organisation's Terms and Conditions of Employment should :-
  1. Incorporate the need to comply with current statutory regulations, e.g. the Data Protection Act, Computer Misuse Act, Intellectual Property and Copyright Law. (See Being Aware of Legal Obligations.)
  2. Reflect the security responsibilities of employees outside the workplace and whilst working away e.g. on business trips.
  3. Refer to any disciplinary procedures which would be applied if Security Policies and Standards were breached.
  4. Confirm that it is the organisation's responsibility to provide appropriate training and education in the subject of Information Security.
  5. Consider using the Terms and Conditions of Employment suggested by the Chartered Institute of Personnel and Development as an example of how to formulate your own (see their Web site).
Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page