Human Resources Security Policy

Human Resources Security Policy

SOC2 CertificationNetspective Unified Process
 

Netspective Communications LLC employees, employees of temporary employment agencies, vendors, business partners, and contractor personnel and functional units regardless of geographic location must comply with this Human Resources Policy. [FII-SCF-011-HRS-01]

  • Netspective Communications LLC shall establish a formal process for hiring, inducting and terminating all employees.
  • Netspective Communications LLC shall include security awareness training for all employees as part of their staff induction program.
  • All personnel in the scope must protect both tangible and intangible assets of Netspective Communications LLC.
  • All personnel in the scope have the responsibility to report any real or suspected threats to their manager.

Employees Recruitment and Induction

The following are the main process steps we follow as part of recruitment:-

  • Identify the hiring need

    Netspective Communications LLC identifies the need for new positions or to fill recently vacated positions. Resources may be reassigned from other projects with less work or assigned from those who have not been assigned to any specific project but match the required role. If the decision is made to hire a new resource, the company will proceed in that direction.

  • Advertise the Position

    This includes utilizing a combination of the Netspective Communications LLC’s website and social media platforms, job posting sites like LinkedIn, job fairs, and word-of-mouth recruitment.

  • Source the resume from job portals and agencies

    This includes getting resume from famous job portals like Naukri, Monster and similar paid resume database portals.

  • Initial Assessment

    We compare the candidate’s resume and other materials to the job requirements. We ensure that the candidate’s education qualifications align with our requirements. For technical and technology manager roles, we only hire graduates or postgraduates in computer science/applications/IT or electronics engineering. We evaluate the candidate’s prior job experience and skills to determine if they meet the essential requirements. We also consider the duration of their previous roles, looking for evidence of progression and drive rather than a pattern of job-hopping. The HR team conducts phone screenings to assess the candidate’s availability and confirm the essential requirements listed in their resume.

  • Technical Assessment/Interviews

    A panel of one or more individuals typically conducts interviews. The interviews focus on the applicant’s experience, skills, work history, and capabilities. Based on the evaluation results, we decide whether an additional technical round is necessary. After successful evaluations, we refer the candidate for final assessment.

  • Final Assessment

    Interviews with management will be done to evaluate the attitude, ability, approach, Netspective Communications LLC culture appropriateness etc. Final interviews are typically extended only to a selected pool of top candidates and is a mandatory process of selection like technical interview.

  • Final HR validation and Job offer

    • The candidates selected from the above-mentioned processes will be contacted by the HR to verify all the relevant information provided so far, along with the qualification details.
    • After validation and verification from HR, the list will be provided to Top management. The qualified candidates will be selected. Instructions will be given to the HR to initiate the Job offer for the candidate.
  • Joining and Induction

    Prior to joining, the certificates and documents are verified. During the time of joining the necessary documents are signed and the needful induction training will be given on the company and general approach, work culture, rules, and regulations etc. After successful HR induction, they will be assigned to suitable team for adaptation to the technology stack, practices, and processes relevant to each project. After successful training, the resource will be on boarded to the project.

Terms and Condition of Employment [FII-SCF-011-HRS-05]

  • All employees, contractors and third party users of Netspective Communications LLC must sign the terms and conditions of employment/engagement as an indication of acceptance.
  • Every Netspective Communications LLC employee or staff member must sign an appropriate Non-Disclosure agreement. In addition to Netspective Communications LLC own policies, procedures, standards and guidelines, this agreement shall specifically require the employee to comply with all applicable policies, procedures, standards and guidelines.
  • It is Netspective Communications LLC management responsibility to ensure that everyone in the Netspective Communications LLC is appropriately skilled, trained, and made aware of security challenges, clearly set roles, responsibilities. [FII-SCF-011-HRS-02] [FII-SCF-011-HRS-03]

Information Security Awareness [FII-SCF-011-HRS-02.1] [FII-SCF-011-HRS-03.1]

  • Netspective Communications LLC shall ensure that all personnel in the scope are aware of information security requirements.
  • All personnel in the scope shall be trained on the security requirement and processes associated with their jobs.
  • All personnel in the scope shall receive refresher training on Netspective Communications LLC information security requirements at least once a year.

Disciplinary Process [FII-SCF-011-HRS-05.1]

  • Netspective Communications LLC shall ensure that a formal disciplinary process is being communicated to all employees and contractors by way of employee handbook or orientation training or covered during security awareness training.
  • Every employee and contractors shall be made aware of do and do not’s and acceptable use of information assets.
  • In the event if a concern of security breach is identified, either through whistle-blower or verbal or other means, the immediate supervisor and HR must spend a month or two to vet whether the concern of security breach is genuine and must gather all the evidence beforehand.
  • Any deliberate or intentional security breach shall be discussed with the person and his manager.
  • The disciplinary process shall ensure correct and fair treatment for employees who are suspected of committing security breach.
  • The formal disciplinary process shall provide a gradual response taking into consideration factors such as:
    • Nature of the breach.
    • Gravity of the breach.
    • Impact on the business.
    • If it’s a repeated offense.
    • Whether the violator was properly trained.
    • Relevant legislation’s.
  • The disciplinary process shall involve following treatment options. The HR department and the management of Netspective Communications LLC shall take a final decision in this regard. If the same person breaches, then termination shall be taken as final option.
    • Warning – Verbal
    • Warning – in written
    • Suspension for 3 months without pay
    • Reduce bonus
    • Reduce salary
    • Demote to lower grade
    • Change work place
    • Terminate
    • File a complaint with law enforcement

Security Incidents

  • All employees and contractors are responsible for reporting to the appropriate manager any violation of security policy or other directives promptly.
  • HR Department shall ensure that all reported fraudulent activities are investigated.

Termination of Employment or change of employment [FII-SCF-011-HRS-09]

  • If contract of any personnel in the scope ends (involuntary contract termination, voluntary departure, and contract termination with mutual consent) the Human Resources Department with cooperation of the employee’s immediate supervisor and the information security department shall:
    • Immediately revoke all logical and physical access privileges granted to the terminated employee.
    • Recover Netspective Communications LLC assets or property from the terminated employees.
  • The HR departments in cooperation with the relevant HOD shall, if necessary,make sure that employees, who hold key positions and have given notice of their intention to leave Netspective Communications LLC, shall be transferred to positions from which they can cause minimum harm to Netspective Communications LLC’s information assets. Alternatively, it is up to their manager to give them mandatory leave.
  • If there is a change in employment, users allocated to new role or location then the assets must be returned to the IT and the access will be revoked based on the service request needs.

Off boarding checklist [FII-SCF-011-HRS-11]

  • Request a letter of resignation
  • Inform HR department and negotiate the exit dates based on project needs
  • Permission/Access termination - HR to immediately request IT to revoke the access rights (email, database, network, Git, physical locations)
  • Return of assets allotted and acceptance by IT [FII-SCF-011-HRS-09.1]
  • IT and the project managers to decide on the data that is created on the assets by exiting employees and initiate back up of that data
  • Anything that is very critical information like encryption keys details, passwords, user administration should be revoked by IT
  • Project hand over to others and acceptance by the project manager
  • Exit interview
  • Financial settlements

Approved by
Ajay Kumaran Nair on June 22, 2023 |
Last Updated by
Arun K R on June 22, 2023