Tavio Trust Center

Below is a list of all related controls for this domain. A status of green means compliant, yellow means partially compliant, and red means non-compliant.

Acceptable Use Policy

An Acceptable Use Policy (AUP) is in place to set expectations and rules for how employees or other users are allowed to use company systems, networks, facilities, and services. The policy outlines acceptable and unacceptable activities, defines the consequences for non-compliance, and helps to prevent or mitigate risks and threats to the organization. This policy aims to reduce the likelihood of security incidents, minimize legal liability, and maintain the availability and integrity of company resources.

Awareness Training Program

All employees are provided training on current threats and best practices for information security. The awareness training program is designed to raise awareness of the importance of security and provide guidance on identifying and responding to potential security incidents. Awareness training typically covers phishing, social engineering, password security, data protection, incident reporting, and other relevant subjects.

Bring Your Own Device (BYOD) Policy

A Bring Your Own Device (BYOD) policy is in place to govern the use of personal devices for business purposes and use on company-owned or managed networks or systems. This policy provides security requirements and guidelines for the acceptable use of personal devices within business environments and outlines the responsibilities of both the employer and the employee.

Code of Conduct

The organization has implemented a code of conduct to establish clear expectations for behavior and set a standard for employees and contractors. This code outlines the guiding principles and values that shape interactions and decision-making within the organization, fostering a safe and inclusive environment for all members. By adhering to the code of conduct, employees and contractors demonstrate their commitment to maintaining a respectful and ethical workplace.

Employee Handbook

An Employee Handbook is documented to outline employment terms and conditions, benefits, code of conduct, disciplinary procedures, and other important information related to employment. The handbook serves as a guide for employees to understand their rights and responsibilities within the organization.

Employee Performance Reviews

The organization completes employee performance reviews to assess and evaluate an individual’s job performance, provide feedback on strengths and areas for improvement, support career development, and make informed decisions related to promotions, bonuses, or performance-related actions.

Human Resource Security Policy

The organization has established a human resource security policy that outlines measures for safeguarding the organization’s information and resources by ensuring that employees, contractors, and other staff members are competent, reliable, and well-trained. These measures include conducting background checks and providing comprehensive training to equip personnel with the necessary skills to minimize the potential for insider threats and errors while ensuring they understand their roles and responsibilities. A robust human resource security policy is a crucial component of a comprehensive information security strategy, as it helps prevent security incidents associated with personnel.

Remote Working Policy

The organization has a remote working policy to provide clear guidelines and expectations for employees working remotely, ensuring productivity, data security, and compliance with regulations while promoting effective communication, work-life balance, and employee well-being.