PS - Personnel Security

(PS-1) Personnel Security Policy and Procedures

The university develops, disseminates, and periodically reviews/updates formal, documented procedures to facilitate the implementation of the Personnel Security policy and associated personnel security controls.

(PS-2) Position Risk Designation

The university identifies and classifies personnel positions based on risk category in order to determine the risk level associated with the position, thereby determining the controls that must be implemented for the position.

(PS-3) Personnel Screening

The university screens individuals, to authenticate identity, before authorizing access to university information resources.

(PS-4) Personnel Termination

In the event of termination of individual employment, the university terminates information resource access, retrieves all university information system-related property, and provides appropriate personnel with access to official records created by the terminated employee that are stored on university information resources.

(PS-5) Personnel Transfer

The university reviews information resource/facility access authorizations when personnel are reassigned or transferred to other positions within the university and initiates appropriate actions as identified by Human Resources.

(PS-6) Access Agreements

The university completes appropriate signed access agreements for individuals requiring access to university information and information resources before authorizing access.

(PS-7) Third Party Personnel Security

The university establishes personnel security requirements including security roles and responsibilities for third-party providers and monitors provider compliance.

(PS-8) Personnel Sanctions

The university employs a formal sanctions process for personnel failing to comply with established information security policies and procedures.