Third Party Contractor : Awareness Programmes

Third party contractors coming into the organisation are usually specialists or professionals, and it is easy to assume that their expertise also extends to Information Security. In fact, the converse is true: they are least likely to appreciate your organisational Information Security arrangements. Permanent staff should be aware of the risks posed by such third party contractors on their site.

To view the related Policy click      

  • Data may be lost in error or through negligence by contractor staff inadequately trained in Information Security.

  • Ensure that all new contractor staff handling your data are trained in Information Security at induction. Consider making non compliance a disciplinary offence.
  • Brief all personnel and contractors who will have access to sensitive company systems, information or assets.
  • Data may be lost because technical data security measures are installed incorrectly by contractors, and their alarms and messages are misinterpreted.

  • All contractor staff required to install and operate Information Security monitoring systems must be qualified or trained to do so.
  • Information Security breaches may occur, and information be compromised, because contractor staff are unaware of the scope of the organisation's Information Security safeguards.

  • Ensure that contractor Information Security orientation is adequately detailed.
  • Never assume that a contractor already knows, or is aware of, their limits or boundaries when handling, or coming into contact with, the organisation's data. Always be explicit.
  • See alsoTraining New Recruits in Information Security.
Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page