Before joining
- Competence is evaluated prior to offer and hiring, under our Human Resource Security Policy.
- Personnel and contractors with privileged or administrative access to production systems are subject to background verification (including criminal-history checks where permitted by law), proportional to the role and the sensitivity of the information accessed.
- New joiners sign employment and confidentiality agreements.
Policy acceptance
All personnel formally accept the security policies that apply to them (including the Information Security Policy, Code of Conduct, Incident Response Plan and the others), and acceptance is tracked.
Training
- Security awareness training is required for all personnel, and completion is tracked.
- Engineers additionally complete secure-code training.
Ongoing & offboarding
- Skills, competence and performance are assessed during employment.
- When someone leaves, a documented offboarding process runs (access is revoked and assets are returned), and offboarding is completed within a defined timeframe.
Devices
Company computers are centrally managed: full-disk encryption is enforced, screens lock automatically, and malware detection runs on endpoints.