5
|
Personnel Security (CC-15000, semi-annual audit)
- Employees shall be required to maintain confidentiality in accordance with applicable laws and regulations, and shall sign a non-disclosure agreement for purposes of identifying the responsibility.
- When an employee leaves the company, the employee's ID code shall be canceled. His security pass, card, and related documents shall also be collected.
- The company shall regularly (at least annually) give information security lectures to all employees (for example, on information security policies, information security laws and regulations, information security operating procedures, and the proper use of information technology facilities) and retain records of the lectures.
- Employees shall receive information security training that is appropriate for their rank and complete the internally prescribed number of hours of training each year.
- The securities firms shall set up computer auditors. (This is applicable to securities firms placing orders via the Internet, but not applicable to those doing so via telephone or in the traditional manner).
|