Internal Rules: Difference between revisions

From Secure Group Wiki
Jump to navigation Jump to search
Line 91: Line 91:
* Report scams, privacy breaches and hacking attempts.
* Report scams, privacy breaches and hacking attempts.
Our System Administrators need to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. Our System Administrators must investigate promptly, resolve the issue and send a companywide alert when necessary.
Our System Administrators need to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. Our System Administrators must investigate promptly, resolve the issue and send a companywide alert when necessary.
==== Additional measures ====
To reduce the likelihood of security breaches, we also instruct our employees to:
* Turn off their screens and lock their devices when leaving their desks.
* Report stolen or damaged equipment as soon as possible to HR and Employee Experience Expert
* Change all account passwords at once when a device is stolen.
* Report a perceived threat or possible security weakness in company systems.
* Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.
* Avoid accessing suspicious websites.
* We also expect our employees to comply with our social media and internet usage policy.
Our System Administrators will:
* Install firewalls, anti-malware software, and access authentication systems.
* Arrange for security training to all employees.
* Inform employees regularly about new scam emails or viruses and ways to combat them.
* Investigate security breaches thoroughly.
* Follow these policies provisions as other employees do.
==== Remote employees ====
Remote employees must follow this policy’s instructions too. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards, and settings, and ensure their private network is secure. We encourage them to seek advice from our System Administrators.

Revision as of 08:07, 22 January 2020

Internal Rules

Employee Probationary Period

Policy brief & purpose

This policy clarifies the rules, conditions, and expectations for employees during their probationary period.

Scope

This policy applies to all employees of our Company. The Company will make an effort to ensure that its hiring procedures serve the purpose of recruiting the best employees for each open position. The probation period gives both employees and employers enough time to find out if their new employment relationship will eventually work out to the benefit of both.

Policy Elements

Employees on Probation

Those who can be placed in an employee probationary period include the following

  • New employees
  • Current employees who are promoted to another position, including but not only when it comes to a position of higher responsibility

The length of the probationary period is up to 6 months. It will be clearly stated in the employment contract. uring the probation period, the parties shall have all rights and duties as under a final employment contract. In the probation period not included in the time during which the employee has been on statutory leave, or has not performed the work for which the contract has been concluded for other valid reasons. An employment contract with a probation period with the same employee of the Company for the same position may be concluded only once.

Meaning of the Probation Period

The probationary period is the time between signing an employment contract and being granted final employment status – i.e. till the employment contract signed is considered concluded for indefinite period of time or, as the case may be, concluded for the fixed period of time set forth in the contract (in case of a fixed-term contract with probation period). It is a “trial period” during which the employee is being evaluated as a suitable fit for the position and the Company. A trial period clause may be envisaged in contracts concluded for an unlimited period of time as well as in fix term contracts. The respective employee who is under probation period will be given consistent feedback and coaching to have the chance to learn their new job and improve during the probationary period.

Before the end of the probation period, the manager will determine if the employee should be retained in the organization. This decision will be made by appraising the following criteria:

  • The skills, competencies, and knowledge of the employee on the job
  • The employee’s progress on given assignments
  • Their reliability, trustworthiness and other relevant personality characteristics of the employee
  • The employee’s relations and collaboration with subordinates, supervisors, and peers

However, the Company does not have the duty to justify its decision to retain or not the employee.

Procedure

  • If the employee is deemed unsuitable while on a probationary period, the employee may be terminated without the minimum prior notice mandated by law or provided for in the individual employment contract.
  • Termination may occur before the ending of the probationary period.
  • The employee will be officially notified in writing for the decision to terminate them.
  • Employees may still have to be dismissed for various reasons, after the end of the probationary period. In such cases, the company will follow labor law, legal guidelines and its own separation of employment policy.

Policy violation

In case the employee does not comply with the conditions of our Probationary Period, the following action will be taken:

  • Termination of Employment

Employee Code of Conduct

Policy brief & purpose

As an employee, you are responsible to behave appropriately at work. This policy outlines our expectations towards employee's conduct. We can’t cover every single case of conduct, but we trust you to always use your best judgment. Reach out to your manager or HR if you face any issues or have any questions.

Scope

This policy applies to all employees.

Dress Code

Policy Elements

These dress code rules always apply:

  • All employees must be clean and well-groomed.
  • All clothes must be work-appropriate. Clothes that are typical in workouts and outdoor activities aren’t allowed.
  • All clothes must project professionalism. Clothes that are too revealing or inappropriate aren’t allowed.
  • Our company’s official dress code is Casual.
  • If you frequently meet with clients or prospects, please conform to a more formal dress code. We expect you to be clean when coming to work and avoid wearing clothes that are unprofessional (e.g. workout clothes, too short or too revealing).

As long as you conform with our guidelines above, we don’t have specific expectations about what types of clothes or accessories you should wear.

Policy Violation

In case the employee does not follow the Dress Code, the following action will be taken:

  • Disciplinary action

Cybersecurity and digital devices

Take security seriously: Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. We can all contribute to this by being vigilant and keeping cybersecurity top of mind.

Policy Elements

There are guidelines for using computers, phones, our internet connection, and social media to ensure security and protect our assets. This category, as an exception, applies to all our employees, contractors and anyone who has permanent or temporary access to our systems and hardware.

Confidential data

Confidential data is secret and valuable. Common examples are:

  • Unpublished financial information
  • Data of customers/partners/vendors
  • Patents, formulas or new technologies
  • Customer lists (existing and prospective)

All employees are obliged to protect this data. In this category, we will give our employees instructions on how to avoid security breaches

Protect personal and company devices

When employees use their digital devices to access company emails or accounts, they introduce security risks to our data. We advise our employees to keep both their personal and company-issued computer, tablet and cell phone secure. They can do this if they:

  • Keep all devices password protected.
  • Ensure they do not leave their devices exposed or unattended.
  • Log into company accounts and systems through secure and private networks only.
  • Avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.
Manage passwords properly

Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. We use a password management tool that generates and stores passwords. Employees are obliged to create a secure password for the tool itself, following the abovementioned advice.

Transfer data securely

Transferring data introduces security risk. Employees must:

  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request employees to ask our System Administrators for help.
  • Share confidential data over the company network/ system and not over public Wi-Fi or private connection.
  • Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.
  • Report scams, privacy breaches and hacking attempts.

Our System Administrators need to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. Our System Administrators must investigate promptly, resolve the issue and send a companywide alert when necessary.


Additional measures

To reduce the likelihood of security breaches, we also instruct our employees to:

  • Turn off their screens and lock their devices when leaving their desks.
  • Report stolen or damaged equipment as soon as possible to HR and Employee Experience Expert
  • Change all account passwords at once when a device is stolen.
  • Report a perceived threat or possible security weakness in company systems.
  • Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.
  • Avoid accessing suspicious websites.
  • We also expect our employees to comply with our social media and internet usage policy.

Our System Administrators will:

  • Install firewalls, anti-malware software, and access authentication systems.
  • Arrange for security training to all employees.
  • Inform employees regularly about new scam emails or viruses and ways to combat them.
  • Investigate security breaches thoroughly.
  • Follow these policies provisions as other employees do.

Remote employees

Remote employees must follow this policy’s instructions too. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards, and settings, and ensure their private network is secure. We encourage them to seek advice from our System Administrators.