Security awareness should be included in your human resources policy. A general security awareness should be present and be felt within the workplace. The management and project managers are responsible for supervision, and they serve an exemplary function. Course and training can help.
In the recruitment and selection of new staff members, it is important for the HR department to emphasise the core academic values, as described in the Netherlands Code of Conduct for Research Integrity. This is because, in some countries, institutions are under the direct rule of the authorities, and principles like fairness, diligence, transparency, independence and accountability are not observed.
It is also important that HR staff members are aware of security. They are the first point of contact for new staff members, and they can identify signals in the CVs or networks of new staff members.
Depending on the nature of the risks, new employees may be required to produce a Certificate of Good Conduct (VOG) for certain positions. During the process of applying for a Certificate of Good Conduct, it will be possible to assess specific job aspects that are relevant to the work that the new staff member will be performing. It is important to note that a Certificate of Good Conduct covers a period of only four years, and only Dutch systems are consulted in the certification process. It therefore says very little about foreign researchers who have only recently, or not yet, arrived in the Netherlands. In some cases, comparable certificates issued by foreign countries can be helpful.
An integrity assessment can also be used for recruitment to determine whether:
- the candidate’s conduct is consistent with rules and generally applicable values, including when under pressure or when the rules are unclear;
- the candidate is not guided by improper motives, but by the general interest, and is not likely to be tempted to fail to apply rules or interpret them too broadly;
- the candidate exhibits and takes responsibility for consistency in conduct.
It is also advisable to provide some form of ‘aftercare’ when staff members who have been working with sensitive knowledge or technology leave employment. Such care could consist of maintaining contact with the individual in question. The confidentiality provisions in the employment contract can also be formulated in such a way that they remain in force even after leaving employment.
It is important to ensure that everyone receives adequate training and/or information in order to recognise challenges relating to security and take appropriate action.
For example:
- Including relevant information and regulations as standard elements in the welcome package. Providing a (mandatory) module or briefing on knowledge security for new staff members, and possibly for students who will be working with sensitive knowledge or technology.
- Offering refresher modules given at the start of new research projects, in order to maintain the required level of awareness among project members.
- Setting up an intranet platform where staff members can find information and where they can test their knowledge and alertness (self-assessment).
- Setting up a special training programme for visiting researchers and students from countries with increased risk profiles, focusing on the core academic values.