Is there a mandatory critical element for employees with Information Technology (IT) security responsibilities?
Yes, if employees with administrative privileges to applications and systems, such as system administrators, network administrators, database administrators, and programmers meet one or more of the criteria below, a critical element for security controls must be incorporated into their performance plans. A. Criteria. (1) Ability to create user accounts and access rights. (2) System level access with the ability to alter records or information. (3) Ability to start and stop network services and servers. B. Critical Element for IT Security Controls. The employee adheres to all applicable IT security controls (managerial, operational, and technical) in accordance with the Services IT Security Plan and Security Program as published on the Service intranet, and ensures that they are integrated and/or executed in a way that will result in an acceptable level of risk. 1.6 Is there a mandatory critical element for managers or supervisors who directly or indirectly supervise employees or contra
