Maintain IT personnel recruitment processes in line with the overall organization’s personnel policies and procedures (e.g., hiring, positive work environment, orienting). Implement processes to ensure that the organization has an appropriately deployed IT workforce with the skills necessary to achieve organizational goals.

There are no PSGs published for this topic; however, the topic is under review for future PSGs.

Regularly verify that personnel have the competencies to fulfill their roles on the basis of their education, training and/or experience. Define core IT competency requirements and verify that they are being maintained, using qualification and certification program where appropriate.

There are no PSGs published for this topic; however, the topic is under review for future PSGs.

Define, monitor and supervise roles, responsibilities and compensation frameworks for personnel, including the requirement to adhere to management policies and procedures, the code of ethics, and professional practices. The level of supervision should be in line with the sensitivity of the position and extent of responsibilities assigned.

Provide IT employees with appropriate orientation when hired and ongoing training to maintain their knowledge, skills, abilities, internal controls and security awareness at the level required to achieve organizational goals.

Minimize the exposure to critical dependency on key individuals through knowledge capture (documentation), knowledge sharing, succession planning and staff backup.

There are no PSGs published for this topic; however, the topic is under review for future PSGs.

Include background checks in the IT recruitment process. The extent and frequency of periodic reviews of these checks should depend on the sensitivity and/or criticality of the function and should be applied for employees, contractors and vendors.

Require a timely evaluation to be performed on a regular basis against individual objectives derived from the organization’s goals, established standards and specific job responsibilities. Employees should receive coaching on performance and conduct whenever appropriate.

There are no PSGs published for this topic; however, the topic is under review for future PSGs.

Take expedient actions regarding job changes, especially job terminations. Knowledge transfer should be arranged, responsibilities reassigned and access rights removed such that risks are minimized and continuity of the function is guaranteed.

There are no PSGs published for this topic; however, the topic is under review for future PSGs.