Internal Rules: Difference between revisions

From Secure Group Wiki
Jump to navigation Jump to search
Line 111: Line 111:
* Follow these policies provisions as other employees do.
* Follow these policies provisions as other employees do.


==== Remote employees ====
====== Remote employees ======
Remote employees must follow this policy’s instructions too. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards, and settings, and ensure their private network is secure. We encourage them to seek advice from our System Administrators.
Remote employees must follow this policy’s instructions too. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards, and settings, and ensure their private network is secure. We encourage them to seek advice from our System Administrators.



Revision as of 09:49, 22 January 2020

Internal Rules

Employee Probationary Period

Policy brief & purpose

This policy clarifies the rules, conditions, and expectations for employees during their probationary period.

Scope

This policy applies to all employees of our Company. The Company will make an effort to ensure that its hiring procedures serve the purpose of recruiting the best employees for each open position. The probation period gives both employees and employers enough time to find out if their new employment relationship will eventually work out to the benefit of both.

Policy Elements

Employees on Probation

Those who can be placed in an employee probationary period include the following

  • New employees
  • Current employees who are promoted to another position, including but not only when it comes to a position of higher responsibility

The length of the probationary period is up to 6 months. It will be clearly stated in the employment contract. uring the probation period, the parties shall have all rights and duties as under a final employment contract. In the probation period not included in the time during which the employee has been on statutory leave, or has not performed the work for which the contract has been concluded for other valid reasons. An employment contract with a probation period with the same employee of the Company for the same position may be concluded only once.

Meaning of the Probation Period

The probationary period is the time between signing an employment contract and being granted final employment status – i.e. till the employment contract signed is considered concluded for indefinite period of time or, as the case may be, concluded for the fixed period of time set forth in the contract (in case of a fixed-term contract with probation period). It is a “trial period” during which the employee is being evaluated as a suitable fit for the position and the Company. A trial period clause may be envisaged in contracts concluded for an unlimited period of time as well as in fix term contracts. The respective employee who is under probation period will be given consistent feedback and coaching to have the chance to learn their new job and improve during the probationary period.

Before the end of the probation period, the manager will determine if the employee should be retained in the organization. This decision will be made by appraising the following criteria:

  • The skills, competencies, and knowledge of the employee on the job
  • The employee’s progress on given assignments
  • Their reliability, trustworthiness and other relevant personality characteristics of the employee
  • The employee’s relations and collaboration with subordinates, supervisors, and peers

However, the Company does not have the duty to justify its decision to retain or not the employee.

Procedure

  • If the employee is deemed unsuitable while on a probationary period, the employee may be terminated without the minimum prior notice mandated by law or provided for in the individual employment contract.
  • Termination may occur before the ending of the probationary period.
  • The employee will be officially notified in writing for the decision to terminate them.
  • Employees may still have to be dismissed for various reasons, after the end of the probationary period. In such cases, the company will follow labor law, legal guidelines and its own separation of employment policy.

Policy violation

In case the employee does not comply with the conditions of our Probationary Period, the following action will be taken:

  • Termination of Employment

Employee Code of Conduct

Policy brief & purpose

As an employee, you are responsible to behave appropriately at work. This policy outlines our expectations towards employee's conduct. We can’t cover every single case of conduct, but we trust you to always use your best judgment. Reach out to your manager or HR if you face any issues or have any questions.

Scope

This policy applies to all employees.

Dress Code

Policy Elements

These dress code rules always apply:

  • All employees must be clean and well-groomed.
  • All clothes must be work-appropriate. Clothes that are typical in workouts and outdoor activities aren’t allowed.
  • All clothes must project professionalism. Clothes that are too revealing or inappropriate aren’t allowed.
  • Our company’s official dress code is Casual.
  • If you frequently meet with clients or prospects, please conform to a more formal dress code. We expect you to be clean when coming to work and avoid wearing clothes that are unprofessional (e.g. workout clothes, too short or too revealing).

As long as you conform with our guidelines above, we don’t have specific expectations about what types of clothes or accessories you should wear.

Policy Violation

In case the employee does not follow the Dress Code, the following action will be taken:

  • Disciplinary action


Cybersecurity and digital devices

Take security seriously: Everyone, from our customers and partners to our employees and contractors, should feel that their data is safe. We can all contribute to this by being vigilant and keeping cybersecurity top of mind.

Policy Elements

There are guidelines for using computers, phones, our internet connection, and social media to ensure security and protect our assets. This category, as an exception, applies to all our employees, contractors and anyone who has permanent or temporary access to our systems and hardware.

Confidential data

Confidential data is secret and valuable. Common examples are:

  • Unpublished financial information
  • Data of customers/partners/vendors
  • Patents, formulas or new technologies
  • Customer lists (existing and prospective)

All employees are obliged to protect this data. In this category, we will give our employees instructions on how to avoid security breaches

Protect personal and company devices

When employees use their digital devices to access company emails or accounts, they introduce security risks to our data. We advise our employees to keep both their personal and company-issued computer, tablet and cell phone secure. They can do this if they:

  • Keep all devices password protected.
  • Ensure they do not leave their devices exposed or unattended.
  • Log into company accounts and systems through secure and private networks only.
  • Avoid accessing internal systems and accounts from other people’s devices or lending their own devices to others.
Manage passwords properly

Password leaks are dangerous since they can compromise our entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. We use a password management tool that generates and stores passwords. Employees are obliged to create a secure password for the tool itself, following the abovementioned advice.

Transfer data securely

Transferring data introduces security risk. Employees must:

  • Avoid transferring sensitive data (e.g. customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request employees to ask our System Administrators for help.
  • Share confidential data over the company network/ system and not over public Wi-Fi or private connection.
  • Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.
  • Report scams, privacy breaches and hacking attempts.

Our System Administrators need to know about scams, breaches and malware so they can better protect our infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails or phishing attempts as soon as possible to our specialists. Our System Administrators must investigate promptly, resolve the issue and send a companywide alert when necessary.

Additional measures

To reduce the likelihood of security breaches, we also instruct our employees to:

  • Turn off their screens and lock their devices when leaving their desks.
  • Report stolen or damaged equipment as soon as possible to HR and Employee Experience Expert
  • Change all account passwords at once when a device is stolen.
  • Report a perceived threat or possible security weakness in company systems.
  • Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.
  • Avoid accessing suspicious websites.
  • We also expect our employees to comply with our social media and internet usage policy.

Our System Administrators will:

  • Install firewalls, anti-malware software, and access authentication systems.
  • Arrange for security training to all employees.
  • Inform employees regularly about new scam emails or viruses and ways to combat them.
  • Investigate security breaches thoroughly.
  • Follow these policies provisions as other employees do.
Remote employees

Remote employees must follow this policy’s instructions too. Since they will be accessing our company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards, and settings, and ensure their private network is secure. We encourage them to seek advice from our System Administrators.

Policy Violation

In case the employee does not follow the Cybersecurity measures, the following action will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation

If we suspect employees are engaged in suspicious or unethical activities, we reserve the right of investigating any sort of communication that occurred inside the Company's facilities or through the Company's devices.

Internet usage

Policy elements
What is appropriate employee internet usage?

Our employees are advised to use our company’s internet connection for the following reasons:

  • To complete their job duties.
  • To seek out information that they can use to improve their work.
  • We expect our employees to remain productive at work while using the internet.
  • Any use of our network and connection must follow our confidentiality and data protection policy.
What is inappropriate employee internet usage?

Our employees must not use our network to:

  • Browse, download or upload obscene, offensive or illegal material.
  • Send confidential information to unauthorized recipients.
  • Invade another person’s privacy and sensitive information.
  • Download or upload copyrighted material and software.
  • Visit potentially dangerous websites that can compromise the safety of our network and computers.
  • Perform unauthorized or illegal actions, like hacking, fraud, buying/selling illegal goods and more.

We also advise our employees to be careful when downloading and opening/executing files and software. If they’re unsure if a file is safe, they should ask the System Administrators. Employees must not deactivate or configure anti-virus settings and firewalls without managerial approval. We won’t assume any responsibility if employee devices are infected by malicious software, or if their personal data are compromised as a result of inappropriate employee use.

Company-issued equipment

We expect our employees to respect and protect our company’s equipment. “Company equipment” in this computer usage policy for employees includes company-issued phones, laptops, tablets, and any other electronic equipment, and belongs to our company. We advise our employees to lock their devices in their desks when they’re not using them. Our employees are responsible for their equipment whenever they take it out of their offices.

Policy Violation

In case the employee does not follow the Internet usage measures, the following action will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment and legal action: if a severe violation

Examples of severe violations are:

  • Using our internet connection to steal or engage in other illegal activities.
  • Causing our computers to be infected by viruses, worms or other malicious software.
  • Sending offensive or inappropriate emails to our customers, colleagues or partners.

Cellphone

Policy elements

We allow the use of cell phones at work. Personal phone use is allowed for not more than 2 mins. This is to make sure you can take phone calls in case of an emergency related to your family. You must not get distracted from your work. You must not disturb the other people in the room by making personal phone calls. You need to always make them on your break. Employees use company-issued phones for business purposes only and preserve them in perfect condition.

We won’t allow employees to:

  • Play games on the cell phone during working hours.
  • Use their cell phone’s camera or microphone to record confidential information.
  • Use their phones in areas where cell use is explicitly prohibited
  • Speak on their phones within earshot of colleagues’ working space during working hours.
  • Download or upload inappropriate, illegal or obscene material on a company cell phone using a corporate internet connection.
Policy Violation

Our company will monitor employees for excessive or inappropriate use of their cell phones. If an employee’s phone usage causes a decline in productivity or interferes with our operations, we’ll ban that employee from using their cell phones during working hours and the following action will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation

Examples of severe violations are:

  • Cause a security breach.
  • Violate our confidentiality policy.

Corporate e-mail

Policy Elements

Corporate emails are powerful tools that help employees in their jobs. Employees should use their company email primarily for work-related purposes. We will define what constitutes appropriate and inappropriate use.

Inappropriate use of company email

Our employees represent our company whenever they use their corporate email address. They must not:

  • Sign up for illegal, unreliable, disreputable or suspect websites and services.
  • Send unauthorized marketing content or solicitation emails.
  • Register for a competitor’s services unless authorized.
  • Send insulting or discriminatory messages and content.
  • Intentionally spam other people’s emails, including their coworkers.

Our company has the right to monitor and archive corporate emails.

Appropriate use of the corporate email

Employees are allowed to use their corporate email for work-related purposes without limitations to:

  • Communicate with current or prospective customers and partners.
  • Log in to purchased software they have legitimate access to.
  • Give their email address to people they meet at conferences, career fairs or other corporate events for business purposes.
  • Sign up for newsletters, platforms and other online services that will help them with their jobs or professional growth.
Email security

Email is often the medium of hacker attacks, confidentiality breaches, viruses, and other malware. These issues can compromise our reputation, legality, and security of our equipment. Employees must always be vigilant to catch emails that carry malware or phishing attempts. We instruct employees to:

  • Avoid opening attachments and clicking on links when content is not adequately explained (e.g. “Watch this video, it’s amazing.”)
  • Be suspicious of clickbait titles.
  • Check the email and names of unknown senders to ensure they are legitimate.
  • Look for inconsistencies or style red flags (e.g. grammar mistakes, capital letters, an excessive number of exclamation marks.)

If an employee isn’t sure that an email they received is safe, they can ask our System Administrators.

Email signature

We encourage employees to use the email signature from Secure Group that exudes professionalism and represents our company well. Employees dealing with sales and executives, who represent our company to customers and stakeholders should pay special attention to how they close emails.

Policy Violation

In case the employee does not follow the Corporate email measures, the following action will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation

Examples of severe violations are:

  • Using a corporate email address to send confidential data without authorization.
  • Sending offensive or inappropriate emails to our customers, colleagues or partners.
  • Using a corporate email for illegal activity.

Social media

Policy Elements

We want to provide practical advice to prevent the careless use of social media in our workplace. We address two types of social media use:

  • Using personal social media at work
  • Representing our company through social media.
Using personal social media at work

You are permitted to access your personal accounts at work. But, we expect you to act responsibly, according to our policies and ensure that you stay productive. Specifically, we ask you to:

  • Discipline yourself. Avoid getting sidetracked by your social platforms.
  • Ensure others know that your personal account or statements don’t represent our company. For example, use a disclaimer such as “opinions are my own.”
  • Avoid sharing intellectual property (e.g trademarks) or confidential information. Ask your manager before you share company news that’s not officially announced.
  • Avoid any defamatory, offensive or derogatory content. You may violate our company’s anti-harassment policy if you direct such content towards colleagues, clients or partners.
Representing our company through social media

We expect you to protect our company’s image and reputation. Specifically, you should:

  • Be respectful.
  • Avoid speaking on matters outside your field of expertise when possible.
  • Follow our confidentiality and data protection policies and observe laws governing copyrights, trademarks, plagiarism, and fair use.
Policy Violation

We manage and monitor all social media postings on our corporate accounts. In case the employee does not follow the Social Media measures, the following actions will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation

Examples of non-conformity with the employee social media policy include but are not limited to:

  • Disregarding job responsibilities and deadlines to use social media
  • Disclosing confidential information through personal or corporate accounts
  • Directing offensive comments towards other members of the online community

Conflict of Interest

Policy Elements

Conflict of interest may occur whenever an employee’s interest in a particular subject may lead them to actions, activities or relationships that undermine the company and may place it to disadvantage.

What is an employee conflict of interest?

This situation may take many different forms that include, but are not limited to, conflict of interest examples:

  • Employees’ ability to use their position with the company to their personal advantage
  • Employees engaging in activities that will bring direct or indirect profit to a competitor
  • Employees owning shares of a competitor’s stock
  • Employees using connections obtained through the company for their own private purposes
  • Employees using company equipment or means to support an external business
  • Employees acting in ways that may compromise the company’s legality

When an employee understands or suspects that a conflict of interest exists, they should bring this matter to the attention of management so corrective actions may be taken. Managers must also keep an eye on potential conflicts of interest of their subordinates. The responsibility of resolving a conflict of interest starts with the immediate manager and may reach senior management. All conflicts of interest will be resolved as fairly as possible. Senior management has the responsibility for the final decision when a solution can not be found. In general, employees are advised to refrain from letting personal and/or financial interests and external activities come into opposition with the company’s fundamental interests.

Policy Violation

In case the employee does not follow the Conflict of interest measures, the following actions will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe violation

Employee relationships

Policy Elements
Before you date a colleague

Before you decide to date a colleague, please consider any problems or conflicts of interest that may arise. For example, if you’re working with a colleague on an important project, a relationship between the two of you (or a possible breakup) could affect your work.

When you begin dating a colleague

HR won’t get involved in your private lives and will always be discrete. You don’t need to tell us if you go on a few dates with a colleague or become involved, as long as there’s no disruption in the workplace or your own work. Also, make sure to:

  • Keep your personal issues and discussions out of the workplace.
  • Be productive and focused as always.
Acceptable behavior

Our workplace is still a professional setting. We expect our employees to treat each other with respect and avoid hindering other people’s work. If you want to express your romantic interest in a colleague, don’t do anything that may embarrass or expose them and always respect their time and choices. If a colleague is persistent in flirting with you and becomes annoying or disturbs your work, ask them to stop and inform your manager if they continue. Please report them to HR if they make unwanted sexual advances. Sexual harassment is prohibited, including seemingly harmless actions.

Policy Violation

In case the employee does not follow the Employee relationship measures, the following actions will be taken: Corrective Action Plan (CAP)


Workplace measures

Policy Elements
Visitors
  • You cannot have personal visits to your workplace.
  • You cannot bring family members at your workplace.
  • You can always meet family members in case of an emergency on your break out of the office space.
  • Pets are not allowed in the office.
Workplace code
  • Food at the workplace is not allowed unless it is a snack.
  • You cannot eat your breakfast or lunch at your desk.
  • You must have your breakfast and lunch in the cafeteria.
  • You must bring your coffee mugs and water cups to the kitchen sinks at the end of the day.
  • Every day you must check the windows and AC in your room to be switched off and closed.
  • You must leave your workplace clean at the end of your workday.
  • You are responsible for keeping your desk organized and free from any non-related working items
Policy Violation

In case the employee does not follow the Employee relationship measures, the following actions will be taken: Disciplinary action(see page 66) if minor violation Corrective Action Plan (CAP)(see page 69) if a severe or frequent violation


Solicitation and Distribution

Policy Elements

Solicitation is any form of requesting money, support or participation for products, groups, organizations or causes which are unrelated to our company. These include but are not limited to:

  • Seeking funds or donations for a non-profit organization
  • Asking for signatures for a petition
  • Selling merchandise or services
  • Requesting support for a political candidate
  • Engaging in religious proselytism

We prohibit the solicitation of any kind such as:

  • Selling goods for personal profit.
  • Requesting support or funding for political campaigns.
  • Unauthorized posting of non-work related material on company bulletin boards.
  • Solicitation or distribution of non-business literature.
  • Proselytizing others to any religious groups.
  • Employees may refer to any questions or doubts to the Office Manager.
Policy Violation

In case the employee does not follow the Employee relationship measures, the following actions will be taken:

  • Disciplinary action: if a minor violation
  • Termination of Employment: if a severe or frequent violation

Severe violations include but are not limited to:

  • Soliciting in our workplace during working hours for illegitimate reasons.
  • Making colleagues uncomfortable by being overly persistent.
  • Distributing material that contains hate or other offensive speech.
  • Embezzling or mishandling donations by other employees for events or causes.