6. Legality, Ethics and Transparency
An important part of your risk mitigation approach should be to include employees as a critical resource in your protective security – but not forgetting that they can also represent one of your potential risks. It is therefore important that employees understand the role they can play in protecting the organisation from internal and external threat.
Information on security policies, practices and procedures needs to be visible, accessible and widely communicated to all staff across your organisation. Questions you should address include:
How is information on security issues communicated to staff and how regularly is this done?
- Do staff know where to find relevant material on security issues?
- Is all essential information on security stored in an easily accessible, centrally located site?
- Are you confident that your organisation is taking a transparent and ethical approach that is proportionate to the risk eg protective monitoring of employees?
CPNI guidance and information is available to assist security managers in engaging and communicating with staff effectively:
- HoMER (Holistic Management of Employee Risk) – guidance to help mitigate people risk
- Workplace behaviours - security risks around employee behaviour
- Security culture tool – how to measure security culture and identify if right measures are in place to support it.