Article 19
Human resources policy
Financial entities shall include in their human resource policy or other relevant policies all of the following ICT security related elements:
the identification and assignment of any specific ICT security responsibilities;
requirements for staff of the financial entity and of the ICT third-party service providers using or accessing ICT assets of the financial entity to:
be informed about, and adhere to, the financial entity’s ICT security policies, procedures, and protocols;
for the staff, to return to the financial entity, upon termination of employment, all ICT assets and tangible information assets in their possession that belong to the financial entity.
( 1 ) Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law (OJ L 305, 26.11.2019, p. 17, ELI: http://data.europa.eu/eli/dir/2019/1937/oj).