Personnel Onboarding

Published On: July 11th, 2023Categories: Business Continuity1.6 min read

HR requires all SAI360 personnel complete SAI360 Code of Business Conduct training and Security Awareness \ Data Protection training within the first 30 days of employment or contractor engagement. Personnel are required to sign Confidentiality Agreements/Non-Disclosure Agreements (NDA’s), which require them to agree not to disclose, divulge, or reproduce confidential information that they receive or have access to during their employment or contract work period with SAI360.

 

Background Screening

SAI360 conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations. Where allowed, the following elements are included in the background check:

  • Validation of personal references
  • Validation of work references
  • Confirmation of academic and professional qualifications
  • CV work history verification
  • Check on criminal records

Unsupervised physical access to SAI360’s premises or network ID’s is not provided until a full background check is completed.

In addition, Information Security requires that all SAI360 personnel are issued a SAI360 ID badge to access SAI360 facilities.

 

SAI360 Code of Conduct Certification

Annually, SAI360 requires that all personnel certify compliance with the SAI360 Code of Business Conduct.

 

Security Awareness Training

All SAI360 personnel are required to complete security awareness training during their onboarding as well as annually. Topics included, but not limited to, are as follows:

 

  • Information Security and Data Protection policies, procedures, and other ISMS supporting documentation
  • Techniques to identify and avoid social engineering and phishing attacks Process to report security and privacy incidents
  • Leading practices and principles on selecting and protecting user credentials
  • Remote working and traveling security
  • Acceptable use

 

In addition, Information Security conducts training activities throughout the year, including simulated spear-phishing (email) attacks for all personnel and role-based security training for developers and information security staff. Information Security reviews the training program annually to assess whether it reflects industry leading practices and current risks for information security personnel training.

Find out more about SAI360 Solutions

Request Demo