Page 146 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 146
Employment Agreements and Policies
When a new employee is hired, they should sign an employment
agreement. Such a document outlines the rules and restrictions of the
organization, the security policy, the acceptable use and activities
policies, details of the job description, violations and consequences,
and the length of time the position is to be filled by the employee.
These items might be separate documents. In such a case, the
employment agreement is used to verify that the employment
candidate has read and understood the associated documentation for
their prospective job position.
In addition to employment agreements, there may be other security-
related documentation that must be addressed. One common
document is a nondisclosure agreement (NDA). An NDA is used to
protect the confidential information within an organization from being
disclosed by a former employee. When a person signs an NDA, they
agree not to disclose any information that is defined as confidential to
anyone outside the organization. Violations of an NDA are often met
with strict penalties.
NCA: The NDA’s Evil Sibling
The NDA has a common companion contract known as the
noncompete agreement (NCA). The noncompete agreement
attempts to prevent an employee with special knowledge of secrets
from one organization from working in a competing organization
in order to prevent that second organization from benefiting from
the worker’s special knowledge of secrets. NCAs are also used to
prevent workers from jumping from one company to another
competing company just because of salary increases or other
incentives. Often NCAs have a time limit, such as six months, one
year, or even three years. The goal is to allow the original company
to maintain its competitive edge by keeping its human resources
working for its benefit rather than against it.
Many companies require new hires to sign NCAs. However, fully
