...
All CloudCard employees will undergo an annual performance review which will include an assessment of job performance, competence in the role, adherence to company policies and code of conduct, and achievement of role-specific objectives.
Onboarding
The following are required for employees upon starting employment at CloudCard and before being granted access to customer data:
A multi-state criminal background check
Sign a non-disclosure agreement
Review all relevant policies
Once the above activities are completed, the employee can be granted access to systems according to the following process:
Access requests are submitted for the systems for which the employee has a business need, and at the lowest level of privilege the employee needs to accomplish their duties.
System owners approve the access requests and grant the access.
An employee is typically issued a laptop, and the device volumes are encrypted.
Employees also receive annually refreshed Security Awareness training.
Terms & Conditions of Employment
...
The above security awareness training will include (but not be limited to) identification of social engineering, including phishing and spear phishing.
| Anchor | ||||
|---|---|---|---|---|
|
Employees must be physically located in the United States or Canada in order to access Customer Data or CloudCard Confidential Data. Employees must not perform any work for CloudCard from outside the United States and Canada without prior written approval from management. Even when approval is granted to work from outside the United States and Canada, employees must not access customer data from these locations.
| Anchor | ||||
|---|---|---|---|---|
|
...
Offboarding Process
Employee and contractor termination and offboarding processes shall ensure that physical and logical access is promptly revoked in accordance with company SLAs and policies and that all company-issued equipment is returned.
Any security or confidentiality agreements that remain valid after termination shall be communicated to the employee or contractor at the time of terminationoffboarding to ensure their is no breach of confidential information by a former employees or contractors after their employment.
When offboarding, the employee’s laptop is returned to CloudCard and erased prior to disposal or reuse. The employee’s access is reviewed, and system owners are instructed to revoke access, which must be done within 24 business hours.
Disciplinary Process
Employees and third-parties who violate CloudCard information security policies shall be subject to the CloudCard progressive disciplinary process, up to and including termination of employment or contract.
...
Version | Date | Description | Author | Approved by |
1.0 | 2023-03-21 | First Version | Ryan Heathcote | Luke Rettstatt |
1.1 | 2024-07-02 | Second Version | Luke Rettstatt | Luke Rettstatt |
1.2 | 2024-08-17 | Add Onboarding / Offboarding sections | Ryan Heathcote | Luke Rettstatt |