GV.RR-04:

Implementation Examples

Ex1:

Integrate cybersecurity risk management considerations into human resources processes (e.g., personnel screening, onboarding, change notification, offboarding)

Ex2: 

Consider cybersecurity knowledge to be a positive factor in hiring, training, and retention decisions

Ex3: 

Conduct background checks prior to onboarding new personnel for sensitive roles, and periodically repeat background checks for personnel with such roles

Ex4: 

Define and enforce obligations for personnel to be aware of, adhere to, and uphold security policies as they relate to their roles