Documentation
    {{docApp.userSession.userId}}
    {{docApp.userSession.userName}}
    {{docApp.userSession.email}}
    Issuer : {{docApp.userSession.issuerInstance}}
    Expires : {{new Date(docApp.userSession.validUntil).toLocaleDateString()}}

{{docApp.title}}

{{docApp.description}}

How can we help?

{{docApp.searchError}}
{{product.name}}

Searching in {{docApp.searchFilterBySpecificBookTitle}}

{{docApp.searchResultFilteredItems.length}} results for: {{docApp.currentResultsSearchText}} in {{docApp.searchFilterBySpecificBookTitle}}
Search results have been limited. There are a total of {{docApp.searchResponse.totalResultsAvailable}} matches.

You have an odd number of " characters in your search terms - each one needs closing with a matching " character!

{{docApp.libraryHomeViewProduct.title || docApp.libraryHomeViewProduct.id}}

{{docApp.libraryHomeViewProduct.description}}

  1. {{book.title}}

{{group.title || group.id}}

{{group.description}}

  1. {{book.title}}

{{group.title}}

{{book.title}}
More...

HR Security

Hornbill understands that our employees are not only our biggest assets but have the potential to be our biggest threats. It is well documented that the majority of data breaches occur from within a business either intentionally or by accident.

We take recruitment, vetting, and the leaving of staff very seriously in order to reduce security risks. Below are the key points from our HR policies that ensure employees are vetted, trained, and nurtured in best practices to ensure data security.

Recruitment

Recruitment of new staff can only be undertaken with the approval of the Chief Technical Officer.

This approval may be recorded in minutes or by e-mail. Each position has a job description that includes any relevant security requirements. Master copies of the job descriptions are held by the HR department.

  • New positions are advertised or a suitable agency is appointed dependent upon the role being considered.
  • Interviews are arranged as necessary along with appropriate practical tests with likely candidates who are usually identified from CV review.
  • For suitable candidate(s) an offer is made in writing. This offer is dependent upon satisfactory screening and completion of a probationary period (normally a minimum of 3 months).
  • A minimum of one reference is taken up and the person’s right to work in the UK is validated. Education achievements are also checked/validated.

Should these checks indicate an issue then the HR Dept reviews the circumstances with the Chief Technical Officer and whoever else is relevant prior to determining a suitable course of action. Records of the vetting are retained by the HR Dept.

A New Starter Checklist is completed during the induction process and is retained by the HR Dept during the period of employment.

Security Screening

All employees must undertake a security screening to BS7858:2012 standard. This includes proof of identity, proof of residence, References, A copy of their police record, A statement of financial status, and A history of all employment (going back five years or to 12 years old, whichever occurs first)

Employees are provided with and sign a Contract of Employment which includes a confidentiality agreement covering the various responsibilities and actions required of signatories in order to avoid unauthorized information disclosure, the permitted use of the information, the signatories’ rights in respect of that information, and the required actions on termination of the agreement. A copy of the signed contract is retained within the employee personnel file.

All new starters are inducted with information security training as well as other appropriate training. This is recorded on the New Starter Checklist.

All employees receive appropriate training including information security awareness as relevant. Such training is recorded as necessary.

Staff Changes

Employees are reviewed by the appraisal process.

  • If a member of staff changes roles (e.g. following a promotion) then any alteration in access rights is notified to the IT Department by e-mail by the person’s manager. A copy of this e-mail is retained by the IT department for a minimum of one year. Any such change will normally require the Chief Technical Officer’s approval.
  • Assets given to employees in order to perform their duties either at the start or during employment are noted as relevant by the IT department (e.g. for laptops) or the Quality Engineering Manager.
  • Should an employee leave then the Leavers checklist is completed by the HR Dept and retained for a minimum of 3 years following cessation of their employment. The Leavers checklist includes a list of items to be returned (such as keys, building fob, credit card, etc). The leaver is reminded of their obligations and NDAs both verbally and in writing.

Training

At Hornbill, we prioritize the security and confidentiality of our employees and clients. That’s why all of our employees undergo comprehensive cybersecurity training upon joining the company, as well as when they change roles. Additionally, we provide annual e-training courses to ensure that our employees are up-to-date on the latest security protocols and practices. These courses also serve as a reminder of their responsibilities in maintaining the security and confidentiality of our organization and its stakeholders. Through our e-training, employees are also made aware of all ISO policies and practices that pertain to their specific roles. This ensures that our team is well-equipped to handle any potential security threats and upholds the highest standards of information protection.

  • Version {{docApp.book.version}}
  • Node {{docApp.node}} / {{docApp.build}}
In This Document