An Acceptable Use Policy (AUP) is in place to set expectations and rules for how employees or other users are allowed to use company systems, networks, facilities, and services. The policy outlines acceptable and unacceptable activities, defines the consequences for non-compliance, and helps to prevent or mitigate risks and threats to the organization. This policy aims to reduce the likelihood of security incidents, minimize legal liability, and maintain the availability and integrity of company resources.

All employees are provided training on current threats and best practices for information security. The awareness training program is designed to raise awareness of the importance of security and provide guidance on identifying and responding to potential security incidents. Awareness training typically covers phishing, social engineering, password security, data protection, incident reporting, and other relevant subjects.

The organization conducts background checks to ensure the security and integrity of its operations. These checks help identify potential risks or threats by verifying an individual’s education, employment history, criminal record, and other relevant information.

Policies are in place to govern the use of personal devices for business purposes and use on company-owned or managed networks or systems. These policies provides security requirements and guidelines for the acceptable use of personal devices within business environments and outlines the responsibilities of both the employer and the employee.

The organization enforces clean desk requirements to enhance the security of sensitive information. Employees must maintain a clutter-free workspace, ensuring that papers and documents are securely stored when they are not present.

The organization has implemented a code of conduct to establish clear expectations for behavior and set a standard for employees and contractors. This code outlines the guiding principles and values that shape interactions and decision-making within the organization, fostering a safe and inclusive environment for all members.

Employee contracts are signed, establishing a legal agreement between the organization and its employees. These agreements outline the terms and conditions of the employment relationship, including details such as job duties and responsibilities, compensation and benefits, work schedule, employment status (full-time, part-time, temporary, etc.), duration of employment, confidentiality, and other applicable matters to each position within the company.

An Employee Handbook is documented to outline employment terms and conditions, benefits, code of conduct, disciplinary procedures, and other important information related to employment. The handbook serves as a guide for employees to understand their rights and responsibilities within the organization.

The organization has established a human resource security policy that outlines measures for safeguarding the organization’s information and resources by ensuring that employees, contractors, and other staff members are competent, reliable, and well-trained. These measures include conducting background checks, formal onboarding procedures, regular employee feedback cycles, and providing comprehensive training to equip personnel with the necessary skills to minimize the potential for insider threats and errors while ensuring they understand their roles and responsibilities.

Personnel offboarding, transfer, and termination checklists outline the steps and procedures to be followed when an employee leaves the organization, is transferred to a different role, or is terminated. These checklists ensure compliance with legal and regulatory obligations, minimize risks associated with the employee’s departure or change of position, and ensure a smooth transition for the employee and the team.

The organization has a remote working policy to provide clear guidelines and expectations for employees working remotely, ensuring productivity, data security, and compliance with regulations while promoting effective communication, work-life balance, and employee well-being.

Roles, responsibilities, and authority levels are defined within company policies and written job descriptions to ensure that tasks are developed and decisions are made by the appropriate individuals or groups. Authorities and reporting hierarchy is defined within a documented organizational chart. New employees go through an onboarding process during which, among others, their responsibilities and the different Impro.ai policies and work procedures are communicated.

The organization conducts skill gaps analysis to identify the gaps in knowledge, skills, and competencies within the organization. It helps to assess the current capabilities of employees and compare them to the skills required to meet organizational goals and objectives. By conducting a skill gaps analysis, the organization can identify areas where additional training, recruitment, or development efforts are needed to bridge the gaps and ensure that the workforce has the necessary skills to perform their roles effectively.