1) Are policies distributed to staff annually?
Please advice the last distribution to all employess and Did all staff receive it? With evidence and samples
2) Are all staff and temporary employees (freelancers, contractors, subcontractors, etc) bound by a written confidentiality agreement?
Please advice with samples and evidence of finding of temporary employees are boiund by a written confidentiality agreement
3) Review the processes for setting up, amending and removing user access. Accounts should be disabled and retained for 12 months upon removing access. Temporary staff should have named accounts with expiration dates.
4) How does management handle the reassignment of people moving between conflicting assignments?
5) Are access rights (to physical facilities and systems) reviewed upon notice and amended to limit access during the notice period and promptly removed upon termination.
Does the admin team review access when notice is first given by staff and make appropriate amendments prior to last day?