
Human Resource Security Policy
A formal disciplinary process shall be defined for employees who have
committed an information security breach.
The disciplinary action shall be decided based on the severity of the security
incident.
It shall take into consideration factors like:
Nature and gravity of the security breach and its subsequent impact
on business objectives of ID;
First or repeat offence;
Adequacy of training pertaining to
a) Policies, procedures and practices defined at ID.
b) Relevant business requirements, laws and regulations.
3.3.
Termination or Change of Employment
3.3.1. Termination Responsibilities
The Human Resource department at ID shall be responsible for:
The overall termination process and shall coordinate with the
reporting manager of the employee leaving to manage the security
aspects of the relevant procedures.
Informing users that specific aspects of responsibilities as mentioned
in the NDA/terms and conditions of employment may continue for a
defined period after the end of the employee’s, contractor’s or third
party user’s employment with ID
Communicating to the concerned reporting managers to review
access privileges on application systems in cases where there is a
change in employees, third party’s employment profile.
3.3.2. Return of Assets
All ID personnels shall be required to return all of the organization’s assets
in their possession upon termination or change of their employment.
The termination procedure shall include but not be limited to:
To return all previously issued software, documents, and equipment
by ID.
Other organizational assets such as mobile computing devices, credit
cards, access cards, and information stored on electronic media shall
also be returned.
3.3.3. Removal of Access Rights
The access rights of all ID resigned / transferred personnel to information
and information processing facilities shall be removed.
Internal 4 of 5