Level 2 Supporting Policies
      Back to home
      1. HealthSafe Help Center
      2. HS ISO27001 Documents
      3. Level 2 Supporting Policies

      02. Healthsafe Induction & Training Policy




      INDUCTION & TRAINING POLICY




      Document Identification 

      HSNZ/POL/02

      Document Name

      Induction & Training Policy

      Master Copy

      CISO

      Version Number

      1.3

      Date Of Release 

      15 Aug 2023

      Prepared By

      Eparama Tuibenau

      CISO

      Approved by

      Kevin McAfee

      Managing Director


       

       


      VERSION HISTORY


      Sl No

      Version No.

      Prepared by

      Approved by

      Description of Version

      Date

      Reason for Version Change

      From

      To

      1

      1.0

      -

      CISO

      MD

      First Release

      14 Apr 2020 

      No changes made

      1

      1.0

      1.1

      CISO

      MD

      Updated

      21 Jun 2021 

      Modifications due to changes in HealthSafe

      1

      1.1

      1.2

      CISO

      MD

      Reviewed

      22 Jul 2022 

      Annual review

      1

      1.2

      1.3

      CISO

      MD

      Modified

      15 Aug 2023 

      Annual review

      DOCUMENT STATUS


      Date

      Document Status

      14 Apr 2020

      Modified

      18 Jun 2021

      Reviewed

      22 Jul 2022

      Modified

      15 Aug 2023

      Current







      Table of Contents


      1 Purpose


      2 Scope


      3 Input


      4 Output


      5 Interacting Process


      6 Abbreviations, Acronyms and Definitions


      7 Procedure


      8 Monitoring the Process


      9 Records









      1. PURPOSE


      To establish and maintain policy for induction and training activities which are coordinated by Functional Head 


      To formulate a procedure to ensure that all new employees are inducted and provide training for optimal onboarding.


      2. SCOPE


      This procedure shall apply to the HR function at HealthSafe NZ


      3 INPUT

      • New Hire
      • Training Schedule

      4 OUTPUT


      • A completed induction program and training for new hire

      5 INTERACTING PROCESS


      • Functional Head, New Hire, Various HealthSafe team members


      6 ABBREVIATIONS, ACRONYMS AND DEFINITIONS


      Abbreviation

      Description

      Admin

      Administrative Department

      CISO

      Chief Information Security Officer

      IT

      Information Technology Department

      7 PROCEDURE


      Once an offer is accepted by the candidates and employment agreements have been signed, send out an email to all internal departments who are involved in the new hire process.


      New hire receives a Training Schedule which includes a list of all training areas which include the task to be trained on, date completed, by whom, feedback points, line manager sign off and comments if required. The training schedule ensures that employees are all adequately trained as well as ensuring that policies have been read and, abide by proper security responsibility and violation or disregard for these responsibilities and security standards will be reasons for disciplinary actions.

       

      Employee goes through induction


      1. Meets with the Functional Head and goes through orientation which includes: Meeting with the appropriate person to be provided with the tools and login credentials required for the job and their training schedule
      2. New Hire is issued the relevant ISMS policies to read and accept
      3. Meets with staff who will take the new hire through a schedule of product training and setup.

      Finally the employee is introduced to the rest of the employees.


      Functional Head creates employee folder in Google Drive under the Staff folder.


      The Training Schedule process


      The Functional Head will initiate the training schedule including awareness programs for the employees, trainees and third party contractors of HealthSafe NZ.


      The Functional Head will appoint a trainers in consultation with ISMS based on the skill set of such person. The trainers may be CISO or an outside professional trainer (under appropriate written contract and NDA) or an internal staff member with the appropriate experiences and knowledge.

      A generic Information Security Awareness Training will include the following points when applicable:


      • What are information and its importance in the business?
      • Basics of Information Security Management System like Definitions and Characteristics like Confidentiality, Integrity and Availability
      • Information Security Roles & Responsibilities
      • Policies, Procedures and Guidelines 
      • Risk Assessment Procedure
      • Threats, Vulnerabilities & Impact analysis
      • Asset Identification and Classification procedure
      • Employees Code of Conduct
      • Disciplinary Action procedures
      • System Security Management procedures
      • Access Control procedures
      • Operations procedures
      • Incident Management procedures
      • Business Continuity Plans
      • Internal Audit Procedures
      • Compliance Management Procedures


      8 MONITORING THE PROCESS

      • Received verbal feedback from new hire’s manager on his/her knowledge of the Company 
      • Monitoring the progress of the new hire’s Training Schedule

      9 RECORDS

      • Welcome email with onboarding information
      • Training Schedule