Onboarding Policy

We are delighted that you will be joining us at Human Made! We have the privilege of working with some world-class clients and have a talented team of humans all over the world. As part of our work we work with a wide range of data and have access to many different systems. We have a responsibility to keep our clients’, our employees’, and the company’s systems and data secure. We take this responsibility seriously and this onboarding policy outlines what you need to know when you join the company.

Employee Screening

Everyone who works for Human Made, whether you are an employee, a freelancer, or a contractor, is screened. This is part of our pre-onboarding process and passing the screening is a requirement of joining the company. We use Sterling to conduct background checks. Only the People Ops team has access to Sterling to review background checks. If a flag appears on a screening check this may be discussed with managers.

We always run checks on the following:

  • Right to work checks (UK)
  • Global Compliance and Sanctions
  • Criminal Record

Individuals who have access to data at financial institutions have an additional credit check.

You can read in detail about Human Made’s employee screening here.

Security Training

You are responsible for ensuring that you work in ways that are secure and that take the best care of Human Made and our clients’ data. To help you with this, when you join Human Made you’ll need to undertake security awareness training. This makes sure that everyone at HM has the same basic level of understanding on information security. We use Hook Security to run this. The course covers cyber security best practices, such as avoiding phishing scams, social engineering and password safety. You should complete this course within 30 days of joining the company. 

We will post regular security updates on our Security H2. We expect you to stay up-to-date with security issues that have been posted within the company, and share security incidents with the wider team when appropriate. 

Mobile Device Management

Your Human Made purchased device will be managed by our company MDM. We use Apple Business Essentials for this. This enables us to codify the device configuration in our security policy. It also enables us to wipe your laptop if it is lost, broken, or when you leave the company. 

Data protection

You are responsible for properly handling any data you receive while working with Human Made. This means that data must be handled along the following principles.

The personal data needs to be:

  • Processed fairly and lawfully;
  • Relevant and not excessive;
  • Processed for limited purposes and in an appropriate way;
  • Accurate;
  • Not kept longer than necessary;
  • Processed in accordance with the laws dealing with personal data;
  • Kept secure;
  • Not transferred to people or organisations in countries without adequate protection.

Examples of what this means in practice include:

  • regularly deleting data from your computer or cloud storage that is no longer in use
  • only downloading or accessing data that you need in the course of your work
  • never sending client or prospect data outside of HM via email or other channels except with permission from the client
  • never sending employee data outside of HM via email or other channels except with permission from the employee
  • not sharing data that you have access to without the individual’s specific consent (e.g. giving out someone’s address)
  • not using your personal email for company business

Data leaks should be dealt with by emailing security@humanmade.com

Confidentiality

During your time at Human Made, you will have access to Confidential Information. To respect the privacy and rights of our clients, partners, and staff, it is important that this information is handled properly. Either during your employment at Human Made, or subsequently, you must not disclose any confidential information to any other people, companies, or other organisations.

What is confidential information?

Confidential information is any information that relates to the business, products, affairs and finances of Human Made. This includes technical data, know-how, and particularly people data and data relating to our clients and their users.

When does this not apply?

This doesn’t apply when:

  • you are authorised to disclose something by Human Made
  • it is required by law
  • information that is already in use or in the public domain
  • whistleblowing (as outlined section 43A of the Employment Rights Act 1996, or equivalent local laws).

Is this contractual?

Your contract with Human Made outlines the legal requirements with regards to confidentiality. You can find these in the following places:

  • UK Employment contract – Clause 18
  • Freelancer Agreement – under “Confidentiality”
  • Contractor Agreement – Clause 9
  • USA Employment contract – Clause 15
  • Australia Employment contract – Clause 16

What happens when I leave the company?

Whether you keep your computer or return it to the company, we will need to wipe your device. During your offboarding period you should remove any personal files, either saving them in an external hard drive or to the cloud. Your device will be wiped remotely using our MDM on your last day.

Breaches of security policies

What should I do if I am aware of a breach of Human Made’s security policies?

Breaches of the information security policy should be reported as part of our incident reporting procedure. You should email security@humanmade.com to inform the security team. 

What happens when someone breaches the policy?

We expect that everyone at Human Made works and acts in ways that are secure. Any breaches of our security policy will be dealt with under our disciplinary and capability procedure.

Accessed Tue, 08 Oct 2024 12:33:30 +0000 from https://handbook.hmn.md/getting-started/onboarding-policy/

Made by Humans