GV.RR-04 integrates cybersecurity considerations into human resources processes, such as hiring, onboarding, training, and offboarding, to enhance organizational security. This includes screening for cybersecurity knowledge, enforcing policy adherence, and ensuring departing employees’ access is revoked promptly. It embeds security awareness into the employee lifecycle.

By prioritizing cybersecurity in HR practices, organizations build a workforce equipped to support risk management goals, from basic awareness to specialized skills. Regular background checks and training reinforce a security-conscious culture, reducing insider risks. GV.RR-04 ties human capital management to cybersecurity resilience.