INDUCTION & TRAINING POLICY
Document Identification |
HSNZ/POL/02 |
|
Document Name |
Induction & Training Policy |
|
Master Copy |
CISO |
|
Version Number |
1.3 |
|
Date Of Release |
15 Aug 2023 |
|
Prepared By |
Eparama Tuibenau |
CISO |
Approved by |
Kevin McAfee |
Managing Director |
VERSION HISTORY
Sl No |
Version No. |
Prepared by |
Approved by |
Description of Version |
Date |
Reason for Version Change |
|
From |
To |
||||||
1 |
1.0 |
- |
CISO |
MD |
First Release |
14 Apr 2020 |
No changes made |
1 |
1.0 |
1.1 |
CISO |
MD |
Updated |
21 Jun 2021 |
Modifications due to changes in HealthSafe |
1 |
1.1 |
1.2 |
CISO |
MD |
Reviewed |
22 Jul 2022 |
Annual review |
1 |
1.2 |
1.3 |
CISO |
MD |
Modified |
15 Aug 2023 |
Annual review |
DOCUMENT STATUS
Date |
Document Status |
14 Apr 2020 |
Modified |
18 Jun 2021 |
Reviewed |
22 Jul 2022 |
Modified |
15 Aug 2023 |
Current |
Table of Contents
1 Purpose
2 Scope
3 Input
4 Output
5 Interacting Process
6 Abbreviations, Acronyms and Definitions
7 Procedure
8 Monitoring the Process
9 Records
1. PURPOSE
To establish and maintain policy for induction and training activities which are coordinated by Functional Head
To formulate a procedure to ensure that all new employees are inducted and provide training for optimal onboarding.
2. SCOPE
This procedure shall apply to the HR function at HealthSafe NZ
3 INPUT
- New Hire
- Training Schedule
4 OUTPUT
- A completed induction program and training for new hire
5 INTERACTING PROCESS
- Functional Head, New Hire, Various HealthSafe team members
6 ABBREVIATIONS, ACRONYMS AND DEFINITIONS
Abbreviation |
Description |
Admin |
Administrative Department |
CISO |
Chief Information Security Officer |
IT |
Information Technology Department |
7 PROCEDURE
Once an offer is accepted by the candidates and employment agreements have been signed, send out an email to all internal departments who are involved in the new hire process.
New hire receives a Training Schedule which includes a list of all training areas which include the task to be trained on, date completed, by whom, feedback points, line manager sign off and comments if required. The training schedule ensures that employees are all adequately trained as well as ensuring that policies have been read and, abide by proper security responsibility and violation or disregard for these responsibilities and security standards will be reasons for disciplinary actions.
Employee goes through induction
- Meets with the Functional Head and goes through orientation which includes: Meeting with the appropriate person to be provided with the tools and login credentials required for the job and their training schedule
- New Hire is issued the relevant ISMS policies to read and accept
- Meets with staff who will take the new hire through a schedule of product training and setup.
Finally the employee is introduced to the rest of the employees.
Functional Head creates employee folder in Google Drive under the Staff folder.
The Training Schedule process
The Functional Head will initiate the training schedule including awareness programs for the employees, trainees and third party contractors of HealthSafe NZ.
The Functional Head will appoint a trainers in consultation with ISMS based on the skill set of such person. The trainers may be CISO or an outside professional trainer (under appropriate written contract and NDA) or an internal staff member with the appropriate experiences and knowledge.
A generic Information Security Awareness Training will include the following points when applicable:
- What are information and its importance in the business?
- Basics of Information Security Management System like Definitions and Characteristics like Confidentiality, Integrity and Availability
- Information Security Roles & Responsibilities
- Policies, Procedures and Guidelines
- Risk Assessment Procedure
- Threats, Vulnerabilities & Impact analysis
- Asset Identification and Classification procedure
- Employees Code of Conduct
- Disciplinary Action procedures
- System Security Management procedures
- Access Control procedures
- Operations procedures
- Incident Management procedures
- Business Continuity Plans
- Internal Audit Procedures
- Compliance Management Procedures
8 MONITORING THE PROCESS
- Received verbal feedback from new hire’s manager on his/her knowledge of the Company
- Monitoring the progress of the new hire’s Training Schedule
9 RECORDS
- Welcome email with onboarding information
- Training Schedule