The university develops, disseminates, and periodically reviews/updates formal, documented procedures to facilitate the implementation of the Personnel Security policy and associated personnel security controls.

The university identifies and classifies personnel positions based on risk category in order to determine the risk level associated with the position, thereby determining the controls that must be implemented for the position.

The university screens individuals, to authenticate identity, before authorizing access to university information resources.

In the event of termination of individual employment, the university terminates information resource access, retrieves all university information system-related property, and provides appropriate personnel with access to official records created by the terminated employee that are stored on university information resources.

The university reviews information resource/facility access authorizations when personnel are reassigned or transferred to other positions within the university and initiates appropriate actions as identified by Human Resources.

The university completes appropriate signed access agreements for individuals requiring access to university information and information resources before authorizing access.

The university establishes personnel security requirements including security roles and responsibilities for third-party providers and monitors provider compliance.

The university employs a formal sanctions process for personnel failing to comply with established information security policies and procedures.