S 3.2 Commitment of staff members to compliance with relevant laws, regulations and provisions

Initiation responsibility: Head of Personnel Section; departmental data privacy officer; IT Security Management

Implementation responsibility: Personnel Section; superiors

When new staff members are employed, they should be put under obligation to observe the relevant legal provisions (e.g. Section 5 of the Federal Data Protection Act: data secrecy), regulations and in-house rules. For this purpose, new staff members must be made familiar with the existing IT security rules and regulations and, at the same, be motivated to comply with them. To achieve this, it is advisable not only to impose such an obligation but also to provide the staff concerned with the required copies of the pertinent rules and regulations and to have them sign a receipt, or to submit these copies to employees in a central position for the purpose of review.

Additional controls:

• In which way is such an obligation imposed?

• Is the compliance commitment laid down in writing?

• Are copies of the pertinent documents supplied to new staff for reference and keeping?

• Are the employees aware of the legal framework which determines their tasks?