02. Healthsafe Induction & Training Policy




INDUCTION & TRAINING POLICY




Document Identification 

HSNZ/POL/02

Document Name

Induction & Training Policy

Master Copy

CISO

Version Number

1.3

Date Of Release 

15 Aug 2023

Prepared By

Eparama Tuibenau

CISO

Approved by

Kevin McAfee

Managing Director



 

 


VERSION HISTORY


Sl No

Version No.

Prepared by

Approved by

Description of Version

Date

Reason for Version Change

From

To

1

1.0

-

CISO

MD

First Release

14 Apr 2020 

No changes made

1

1.0

1.1

CISO

MD

Updated

21 Jun 2021 

Modifications due to changes in HealthSafe

1

1.1

1.2

CISO

MD

Reviewed

22 Jul 2022 

Annual review

1

1.2

1.3

CISO

MD

Modified

15 Aug 2023 

Annual review


DOCUMENT STATUS


Date

Document Status

14 Apr 2020

Modified

18 Jun 2021

Reviewed

22 Jul 2022

Modified

15 Aug 2023

Current








Table of Contents


1 Purpose


2 Scope


3 Input


4 Output


5 Interacting Process


6 Abbreviations, Acronyms and Definitions


7 Procedure


8 Monitoring the Process


9 Records









1. PURPOSE


To establish and maintain policy for induction and training activities which are coordinated by Functional Head 


To formulate a procedure to ensure that all new employees are inducted and provide training for optimal onboarding.


2. SCOPE


This procedure shall apply to the HR function at HealthSafe NZ


3 INPUT

  • New Hire
  • Training Schedule

4 OUTPUT


  • A completed induction program and training for new hire

5 INTERACTING PROCESS


  • Functional Head, New Hire, Various HealthSafe team members


6 ABBREVIATIONS, ACRONYMS AND DEFINITIONS


Abbreviation

Description

Admin

Administrative Department

CISO

Chief Information Security Officer

IT

Information Technology Department


7 PROCEDURE


Once an offer is accepted by the candidates and employment agreements have been signed, send out an email to all internal departments who are involved in the new hire process.


New hire receives a Training Schedule which includes a list of all training areas which include the task to be trained on, date completed, by whom, feedback points, line manager sign off and comments if required. The training schedule ensures that employees are all adequately trained as well as ensuring that policies have been read and, abide by proper security responsibility and violation or disregard for these responsibilities and security standards will be reasons for disciplinary actions.

 

Employee goes through induction


  1. Meets with the Functional Head and goes through orientation which includes: Meeting with the appropriate person to be provided with the tools and login credentials required for the job and their training schedule
  2. New Hire is issued the relevant ISMS policies to read and accept
  3. Meets with staff who will take the new hire through a schedule of product training and setup.

Finally the employee is introduced to the rest of the employees.


Functional Head creates employee folder in Google Drive under the Staff folder.


The Training Schedule process


The Functional Head will initiate the training schedule including awareness programs for the employees, trainees and third party contractors of HealthSafe NZ.


The Functional Head will appoint a trainers in consultation with ISMS based on the skill set of such person. The trainers may be CISO or an outside professional trainer (under appropriate written contract and NDA) or an internal staff member with the appropriate experiences and knowledge.

A generic Information Security Awareness Training will include the following points when applicable:


  • What are information and its importance in the business?
  • Basics of Information Security Management System like Definitions and Characteristics like Confidentiality, Integrity and Availability
  • Information Security Roles & Responsibilities
  • Policies, Procedures and Guidelines 
  • Risk Assessment Procedure
  • Threats, Vulnerabilities & Impact analysis
  • Asset Identification and Classification procedure
  • Employees Code of Conduct
  • Disciplinary Action procedures
  • System Security Management procedures
  • Access Control procedures
  • Operations procedures
  • Incident Management procedures
  • Business Continuity Plans
  • Internal Audit Procedures
  • Compliance Management Procedures


8 MONITORING THE PROCESS

  • Received verbal feedback from new hire’s manager on his/her knowledge of the Company 
  • Monitoring the progress of the new hire’s Training Schedule

9 RECORDS

  • Welcome email with onboarding information
  • Training Schedule