Vetting is performed for all positions (including employees, vendors, and contractors) at a level commensurate with position risk
Context and Guidance: Vetting that is described in WORKPLACE-1a and WORKFORCE-1c should be performed for all positions and to a level that reflects the risk associated with each position. The level of risk associated with a position can be due to level of authority (such as CEO), level of responsibility (such as network administrator), or access to assets with significant cost, sensitivity, or criticality to the organisation.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: WORKFORCE-1a, WORKFORCE-1c, WORKFORCE-1f.