Digital Marketing

Essential security policies for human resources

This example of a security-related human resources policy outlines how employee information technology should be addressed. The goal is to ensure that all staff are aware of the best practices used to protect information and how to ensure proper use of your network equipment, in accordance with the organization’s rules, regulations and guidelines.

While this document covers many rules, standards, and guidelines, it is not exhaustive. Therefore, human resource managers, employees, contractors, and third parties must exercise due care with respect to how employee information technology is handled.

New employees should receive information security training and occasional awareness updates to promote employee vigilance within the company. These activities ensure that employees understand and take responsibility for company information and resources.

The following minimum procedures must be clearly explained and applied.

  • The employee may not download and/or install unauthorized software on the organization’s computers or connect to the network with unauthorized equipment.
  • The employee may not interfere with the proper functioning of protection tools, including antivirus programs, screen savers, etc.
  • The employee cannot access prohibited sites through the Internet.
  • Employees must inform their line manager and the IT department of any security incidents or malfunctions they find.
  • The employee must be instructed in the creation of strong passwords and the proper storage of passwords. In addition, the password must expire after a certain period of time depending on the sensitivity of the access.
  • When an employee moves or changes roles within the organization, their access privileges must be updated accordingly.
  • Upon termination of an employee, the employee’s access to technology resources must be immediately suspended.
  • Once the employee has been informed of the termination, they must not be allowed to return to their office, but must be immediately escorted out of the building.
  • The IT department should have a list of all user accounts and suspend the corresponding accounts immediately.
  • Log files should be scanned routinely to ensure all employee accounts have been suspended.
  • The supervisor should be responsible for reviewing all electronic employee information and disposing of it or forwarding it to their replacements.
  • The supervisor must be responsible for the return of all access cards, identification cards and handbooks of terminated employees.
  • The supervisor should be responsible for the return of all company-owned electronic equipment issued to the terminated employee, including laptops, wireless cards, cell phones, and PDAs.

A formal disciplinary process should be developed and published within the organization regarding any and all users who violate security rules.

To ensure that the organization is not ethically or legally liable for misconduct, any employee accused of malicious activity should receive equal treatment and not receive preferential treatment. Additionally, any investigation into suspicious employee conduct must examine all material facts.

Leave a Reply

Your email address will not be published. Required fields are marked *