“The human interference is the weakest link in the information technology industry”- you might have heard this remark hundred times in your lifetime. Every day a new story of IT security violation comes into existence and takes sleep away from the eyes of the entrepreneurs and the managers. In most of these stories, human failure or inaction plays the role of the villain. All the organizations across the world, regardless of their size and business process type, have been putting efforts to minimize the violation of IT security. These organizations are trying to make their employees and stakeholders aware of the vitality of protection information so that they can be prepared to cope up with the violations. However, nothing can help the organization when a wrong person is allowed to step into the organization. Sometimes, the human resource management thinks a person competent for the job, who is not that competent in reality. Even the advanced training and awareness campaign can do nothing with that. In such a situation, an organization may use ISO 27001 certification to address the concern for human resource security before performing a recruitment process. Sounds weird? It’s a bet; after going through this article, even if you don’t have this certification, you will be eagerly looking for it. Let’s have a detailed discussion to clear your doubt.
Which Parameters should an Organization set out for Employment?
When it comes to information security, the answer can be given in just two words, trust, and competence. Whenever an organization is going to hire someone, human resource personnel needs to share certain information with other people, such as other employees, business associates, or steady customers. It is important to share the information only with those who can be trusted. Along with this, every organization seeks competence as well. Whenever the recruitment process is going on, the management desires the most capable people to perform specific activities in order to meet the business objectives. Most of the people might be thinking how a quality assurance certification can help the recruitment process. Let’s find the answer, then!
Per ISO 27001, What to Consider Before Recruitment?
An organization needs to demonstrate due diligence in the face of conducting recruitment process to select trustworthy and competent people. For securing the network of an organization, it is important to look for an employee having sound knowledge and experience in this particular field. If the hired person does not possess such competencies, he or she should not be considered for that particular position.
If an organization wants to ensure these aspects before hiring employees, it is important to perform a background check as per ISO 27001 Standard:
- Verification of the completeness and accuracy of the applicant’s resume
- Verification of references, either personal or professional
- Verifications qualifications and academic background
- Verification of the person’s identity
As per the standard set out for ISO 27001 certification, the background check must be conducted:
- By authorized people to develop a formal approach following the rules that define who must perform the task, when and how to perform the task and why the background check is being executed.
- In the face of hiring new employees and promoting or transferring the current employees to a new position as the requirements for the new position might be stricter than the previous one.
If the background check is conducted by a third-party contractor on behalf of an organization, ISO 27001 standard demands an agreement between the organization and the third party contractors.
No one can deny that recruiting someone to work in an organization is one of the most crucial aspects of business management. No matter how good your business process, equipment, resources, and systems are, all of these aspects will depend on the ability of the person you are going to hire. If a wrong person is hired, even the best tools would be of no use.
By conducting background checks according to the ISO 27001 guidelines, you can minimize the possibilities of poor performance. Hence, your organization will be able to ensure the Information Security Management. If you are yet to introduce your organization to ISO 27001, you should immediately start working on the certification process.