10.1 Human resources security
10.1.1. For the purpose of Article 21(2), point (i) of Directive (EU) 2022/2555, the relevant entities shall ensure that their employees and direct suppliers and service providers, wherever applicable, understand, demonstrate and commit to their security responsibilities, as appropriate for the offered services and the job and in line with the relevant entities’ policy on the security of network and information systems.
10.1.2. The requirement referred to in point 10.1.1. shall include the following:
(a) mechanisms to ensure that all employees, direct suppliers and service providers, wherever applicable, understand and follow the standard cyber hygiene practices that the entities apply pursuant to point 8.1.;
(b) mechanisms to ensure that all users with administrative or privileged access are aware of and follow their roles, responsibilities and authorities;
(c) mechanisms to ensure that management bodies understand their role, responsibilities and authorities regarding network and information system security;
(d) mechanisms for hiring qualified personnel, such as reference checks, vetting procedures, validation of certifications, or written tests.
10.1.3. The relevant entities shall review the assignment of personnel to specific roles as referred to in point 1.2., as well as their commitment of resources, at planned intervals and at least annually. They shall update the assignment where necessary.
Navigieren Sie sicher durch die NIS2-Richtlinie!
Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!