S 3.1 Well-regulated familiarisation/training of new staff with their work

Initiation responsibility: Agency/company management; Head of Personnel Section

Implementation responsibility: Personnel Section; superiors

New staff must be made aware of the in-house IT-related regulations, practices and procedures. Without adequate training to the job, they do not know who to turn to as regards IT security issues; they do not know which IT safeguards have to be implemented and what IT security policy is pursued by the agency/company. This can result in disruption and damage affecting IT operations. Consequently, great importance must be attached to the well-regulated familiarisation of new staff with their work environment.

Familiarisation / training should, as a minimum, include the following:

• planning of the required training activities; training schemes specifically designed for the respective workplaces (cf. also S 3.4 Training before actual use of a programme and S 3.5 Education on IT security measures);

• introduction of all persons acting as points of contact, particularly for IT security questions;

• explanation of the in-house regulations and rules as regards IT security.

For the purpose of training staff for their jobs, it is useful to have an inter-office slip or a checklist showing the various activities and the familiarisation level attained.

Additional controls:

• What provisions have been made for training new staff to their jobs?

• How much time are new staff members allowed for training to the job?