Welcome to this, the sixth edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to the ISO 17799 information security standard.
The information contained is free to our subscribers and provides guidance on a range of practical issues, plus commentary on recent Information Security incidents.
EMPLOYEE CONFIDENTIALITY UNDERTAKINGS
It is increasingly important that employees are required to sign confidentiality undertakings to their employers. The following guidance is given for consideration, although organizations are recommended to seek further expert opinion on the suitability of such statements to their own contracts of employment:
'Confidential Information' normally means any information which is not generally known in the relevant trade or industry, and belongs to the Organization, or is learned, discovered, developed, conceived, originated or prepared during, as a result of, or in connection with, the Employees work, or relates to the Organization's customers of clients, including but not limited to :
- Information which is unique to the Organization
- Any information which the Organization or their clients or customers may wish to protect by patent or copyright, or by keeping it secret or confidential; and
- Information relating to the existing or contemplated products, services, technology, designs, processes, formulae, computer systems, computer software, algorithms, research or development of the organization;
- Information relating to proprietary products or services;
- Any proprietary information not generally known to the public;
- Information relating to the business plans, sales or marketing methods, methods of doing business, customer lists, customer requirements or supplier information of the Organization;
- Information which may affect the value of the shares in the Organization and (where relevant) any price sensitive information
The Employees should be asked to acknowledge that the Organization:
- Is (inter alia) in the business or providing
- Operates a highly competitive commercial arena.
- Has and will invest significantly in terms of money and time in developing their business and products;
- Has and will expect to develop confidential proprietary information relating to their business; and
The Employees should acknowledge that during their employment they may have access to, gain knowledge of, be entrusted with and be involved in the creation of Confidential Information, improper disclosure of which could :
- Result in the Organization losing its competitive edge;
- Cause the Organization to suffer financial loss; and
- Be otherwise detrimental to the Organization.
The Employees should undertake that both during employment or thereafter, they will:
- Not disclose, divulge or communicate to any person any Confidential Information, save to those officials of the Organization whose proper province it is to know such information or with the written consent of the Board;
- Not use any Confidential Information for his/her own benefit or for the benefit of any third party or in a manner which could be detrimental to the Organization;
- Do everything reasonably within his power to protect the confidentiality of all Confidential Information;
The Employees should also undertake that on leaving the company they will:
- Deliver up to the Organization all copies and originals of documents, computer disks, tapes, accounts, data, records, papers, designs, specifications, price lists, lists of customers and all other information, whether written or electronically stored, which belongs to the Organization or relates in any way to their business or affairs or the business or affairs of any of their suppliers, agents, distributors or customers, or contain any Confidential Information, and are in the Employees' possession or under his control.
- Upon request supply the Organization with a signed statement confirming that the Employee has complied with this undertaking.
Again, further guidance on this and similar topics is included in the RUSecure Security On-line Support system (http://www.yourwindow.to/security-policies/).