Monitoring and Assessment
Monitoring and assessment is an essential element of good personnel security.
CPNI’s Insider Data collection study indicated that some organisations had not made regular or systematic use of their own technical or financial auditing functions to spot irregularities or unusual workplace behaviours. In other organisations, counter-productive workplace behaviours were known in one part of the organisation, but this was not shared with other sections, resulting in delays in the organisation taking mitigating actions to reduce the risk, allowing insiders to act in the first place, or for some, to continue their activity without detection for longer than necessary
CPNI advocates a holistic approach to protective monitoring where information about employee risks (physical, electronic audit and personnel data) are brought together under a single point of accountability and governance, to ensure a transparent, legal, ethical and proportionate protective monitoring capability
This section will help your organisation understand:
- why your organisation should have monitoring and assessment policies and processes in place
- what to have in place to check that all workers (and others) are conforming and complying with your policies and systems
- how to identify individuals who may be posing an insider risk and
- how to prevent the insider risk turning into an insider act.
The pages below provide further information. In particular see the Investigation and Disciplinary page for information on how to investigate employees of concern.
Follow this link to visit the Legal Considerations for Employee IT Monitoring page.