Del&Co has decided to improve their staff-related controls to prevent incidents.

 According to ISO/IEC 27001:2022, Annex A.7, the objective of human resource security is to ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered, and to reduce the risk of human error, theft, fraud, or misuse of facilities. The standard specifies eight controls in this domain, which are:

A.7.1 Prior to employment: This control covers the screening, terms and conditions, and roles and responsibilities of employees and contractors before they are hired.

A.7.2 During employment: This control covers the awareness, education, and training, disciplinary process, and management responsibilities of employees and contractors during their employment.

A.7.3 Termination and change of employment: This control covers the return of assets, removal of access rights, and exit interviews of employees and contractors when they leave or change their roles.

The other controls in Annex A are related to other aspects of information security, such as organizational, physical, and technological controls. For example:

A.9.2 User access management: This control covers the authentication and authorization of users to access information systems and services, based on their roles and responsibilities.

A.11.1 Secure areas: This control covers the control of physical access to the equipment and information assets, such as locks, alarms, guards, etc.

A.13.2 Information transfer: This control covers the protection of information during its transfer, such as encryption, digital signatures, secure protocols, etc.

Therefore, video cameras are not a preventive control related to the staff, but rather a physical control related to the equipment and assets. Video cameras can be used to monitor and record the activities of the staff, but they cannot prevent them from causing incidents. They can only help to detect and investigate incidents after they occur.