|
Home > About USPS & News > Forms & Publications > Postal Periodicals and Publications > Handbooks > Handbook AS-805 - Information Security > 6 Personnel Security > 6-3 Employee Accountability
6-3 Employee Accountability
Personnel with access to sensitive or critical information resources must not
be assigned duties that could cause a conflict of interest or present an
undetectable opportunity for malicious wrongdoing, fraud, or collusion.
It may be recommended that certain personnel with access to
business-controlled information resources not be assigned duties that could
cause a conflict of interest or present an undetectable opportunity for
malicious wrongdoing, fraud, or collusion. When it is not possible for duties to
be assigned to separate individuals, the role performed must be clearly
defined, associated activities logged, security-related functions audited, and
compensating controls identified and implemented.
6-3.2 Job Descriptions
It is the intent of the Postal Service to define and document the information
security requirements for each position.
6-3.3 Performance Appraisals
It is the intent of the Postal Service to evaluate the execution of information
security responsibilities and the compliance with information security policies
and procedures in personnel performance appraisals.
6-3.4 Condition of Continued Employment
It is the intent of the Postal Service to include the execution of information
security responsibilities and the compliance with information security policies
and procedures as a condition of continued employment for all personnel.
6-3.5 Sanctions
All personnel will be held accountable for carrying out their information
security responsibilities. Violators of Postal Service information security
policies will be subject to progressive sanctions commensurate with the
severity and frequency of the infraction, including disciplinary action or
criminal prosecution.
|
