HR Compliance

QuestionsAnswers
Do you perform background screenings for applicants, including criminal, credit, professional/academic, references and drug screening? Are they applicable to all employees, contractors, vendors, and others who may have access to your systems, applications, and devices? Are there any exceptions?Each employee undergoes a process of background verification. We hire reputed external agencies to perform this check on our behalf. We do this to verify their criminal records, previous employment records, if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users. There will be exception and it applies to all the employees, contractors, vendors, and others who may have access to your systems.
Does the organization perform appropriate background verification for employees related to the customer scope of work?Yes, we conduct background verification of all the employees
Does the organization require background verification and criminal history checks for all candidates for employment, contractors and third party vendors?Yes. We conduct Background verification criminal history checks for all candidates for employment, contractors and third party vendors
Is there a structured process with defined responsibilities for removal of access rights & revoking of assets when person leaves the customer scope of work?Yes. We have the procedure for exit clearance and we will remove all the access provided and take all the assets back from the employees.
Are all employees, contractors and agency staff subject to background checks prior to employment ?We do conduct employees and contractors background verification as per the compliance requirements
Are employees mandated to sign a non-disclosure or confidentiality agreement/NDA/Code of conduct ?As a part of onboarding process all the employees are mandated to sign a non-disclosure agreement
Do you have an information security awareness program mandatory for all staff (employees and contractors) ? Are all staff required to take the information security awareness trainings and sessions ?As part of the employee on-boarding process, all new joinees are provided with awareness training on information security and privacy requirements at Freshworks. Annually a refresher training is conducted for all the employees. In addition, on a need basis, role-based information security and data privacy training are provided to different teams.
Has disciplinary process been defined as part of Security policy or HR policy for employees who have committed a security breach? Are the employees aware of the fact that in case they breach security there could be a disciplinary action taken against them?The disciplinary process has been documented and communicated to the employees. As a part of on boarding process we also have taken Information security declaration form from all the employees and made it mandatory. All the employees are aware that in case of any breach the desciplinary action will be taken against them,
Is there a formal user registration and de-registration process implemented to enable assignment of access rights ?User registration and de-registration process is a part of Onboarding and Offboarding.
Are efforts being made to decrease spread of respiratory infections by improving hygiene practices at work and educating employees on the importance controlling infections at work by adopting correct hygiene practicesWe have provided WFH option to all our employees and also we follow hygiene practices at work and educating employees on the importance controlling infections at work by adopting correct hygiene practices
Is the Organisation restricting travel into affected geographic areas. Issue guidance for employees working in or near an affected area when an outbreak begins. Also issue guidance for employees returning from affected areas.We have taken a approriate measures and stopped travelling due to an outbreak. All the employees are working from home and issued guidelines to get protected from the current situation.
Is the Organisation providing sufficient and accessible infection control supplies, such as alcohol-based hand gel, tissues and disposable masks if recommended, as well as instructional signs that display correct infection control procedures.We are compliant.
Does the organisation ensure that building maintenance and cleaning services incorporate recommended infection control procedures.We are compliant.
What hiring criteria used for employing or contracting Supplier personnel (background check)?YES. We conduct the mandatory background verification.
Provide an overview of your on-boarding and off-boarding process, describing the NDA your employees are required to sign upon employment, the agreed delay to disable an account upon contract termination, etc...Each employee undergoes a process of background verification. We hire reputed external agencies to perform this check on our behalf. We do this to verify their criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users. All new hires are required to sign Non-Disclosure and Confidentiality agreements. The Employee expressly agrees that he/she shall not use Confidential Information provided by the Company in the development or delivery or for personal gain from providing any products or services for his/her own account or for the account of any third party.
Confirm if there is any background verification of your employment candidatesYes. We conduct the background verification of all our employees.
Does the background check for all the employees accessing and handling the organisation's information?We performs background checks for all the employees in accordance with law. The background check includes criminal, education, and employment verification etc.
Are there awareness training sessions on remote working guidelines, social engineering, etc. conducted ? What is the periodicity of training?We conduct ISMS training for all the employees. The frequency of the training will be annually.
Does the process of employyes background verification check in place?Yes. We conduct the background verification of all the employees.
What kind of cloud security awareness you provide to your administrators?We provide mandatory security and awareness training to all our employees and spread awareness about the information security accrross the organization.
Are your admins are cloud certified?Yes. Our employees are having required education and certifications to perform the job.
Except information security governance being in place, the Vendor has competent and security aware people as a part of the information security program used in protecting the service.Each employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they undergo training in information security, privacy, and compliance. Furthermore, we evaluate their understanding through tests and quizzes to determine which topics they need further training in. We provide training on specific aspects of security that they may require based on their roles. All our engineers and other employees who suports application service are having appropriate education and skillset to perform the job.Each employee undergoes a process of background verification. We hire reputed external agencies to perform this check on our behalf. We do this to verify their criminal records, previous employment records, if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users.
Are all employment candidates, contractors and involved third parties subject to background verification (as allowed by local laws, regulations, ethics and contractual constraints)?Yes
Are all personnel required to sign Confidentiality Agreements to protect customer information, as a condition of employment?Yes. All the employees and third party service providers are required to sign Confidentiality Agreements to protect customer information as per ISMS compliance requirements.
Supplier Security Relationship – Indicate for processors requiring access to data, the security controls and arrangements carried out as regards such accessWe conduct Background verification of the vendors before onboarding. We have implemented Supplier Management Procedure, and this is applicable to all suppliers delivering various products and services with respect to delivery functions and support functions including Finance, Legal, Human Resources, IT Infrastructure. We are having contracts or agreements and non-disclosure agreements with all our suppliers Xoxoday monitors supplier services and compliance requirements and review each supplier annually with respect to the services delivered by the supplier. The review frequency could be changed based on the criticality of the services provided. Validation of suppliers related documentations are also part of our internal and external Audits.
Service provider shall perform criminal record check, security clearance and other background screening for all his staff who may handle or come in contact with the customer data or systems. Only staffs that pass these checks should be allowed to interact with the customer data or systemsIt’s a part of our recruitment process. Attached the Background Verification Procedure
Does your organization perform background checks to examine and assess an employee’s or contractor’s work and criminal history? Are particular sensitive positions subject to periodic follow-up background checks?i.e. Credential verification, criminal history, credit history and referencesEach employee undergoes a process of background verification. We hire reputed external agencies to perform this check on our behalf. We do this to verify their criminal records, previous employment records if any, and educational background. Until this check is performed, the employee is not assigned tasks that may pose risks to users.
Does the process of employyes background verification check in place?Yes. We conduct the background verification of all the employees.
Do you have formal staff vetting policy?Yes. We have a Recruitment policy.
Have all staff undergone State and/or National Police Checks?Yes. We conduct background verification of all the employees before onboarding.
Each individual working on the application shall undergo security awareness training (including but not limited to : Developers, Business Analysts, Testers, Managers, Hosting, Network, Infra teams, senior executives, and contractors). Role-based security training to personnel with assigned security roles and responsibilities, Before authorizing access to the information system or performing assigned duties; a. As part of initial training for new users; b. When required by information system changes; and c. Before authorizing access to the information system or performing assigned duties d. Annually thereafter.Each employee, when inducted, signs a confidentiality agreement and acceptable use policy, after which they undergo training in information security, privacy, and compliance. Furthermore, we evaluate their understanding through tests and quizzes to determine which topics they need further training in. We provide training on specific aspects of security that they may require based on their roles. We also conduct the annual training for all the employees thereafter.
Has management actively informed employees of their responsibility, to report incidents or suspected incidents involving Personal Data?Yes. We have communicated to all the employees and conducting periodical Awareness training to spread awareness and the employees are well aware of Incident reporting system.