ISMS Compliance
CyFun BasicProtect

PR.IP-11: HR cybersecurity practices

Cybersecurity is included in human resources practices

PROTECTPR.IP-11

Requirement

Personnel having access to the organisation's most critical information or technology shall be verified.

Our Implementation

All current team members were vetted through the company incorporation process, with full identity verification and legal due diligence completed. Team members have direct involvement in technical and security decisions, with access rights assigned based on operational role.

Pre-employment screening procedures, including background verification and reference checks, are documented for future hires. Employment agreements with security clauses (confidentiality, acceptable use, data protection obligations) will be executed before onboarding any new personnel. Onboarding and offboarding procedures — including account provisioning, access rights assignment, and account deactivation — are being formalised.

Gaps / Planned improvements:

  • Employment agreement templates with security clauses to be finalised (NEX-357)
  • Formal onboarding/offboarding checklists to be developed (NEX-357)
PlannedL1 — Initial

PR.IP-4: Backup management

Backups of information are conducted, maintained, and tested

PR.MA-1: Maintenance and patching

Maintenance and repair of organisational assets are performed and logged

On this page

RequirementOur Implementation