Workforce & HR Security Policy

1. Purpose

Ensure that employees and contractors entrusted with Clerk.io information assets meet security standards throughout the employment lifecycle.

2. Scope

Applies to all full-time, part-time, temporary and contract workers, including interns.

3. Pre-Employment Screening

Results are reviewed by HR and the Hiring Manager; adverse findings trigger risk assessment and possible withdrawal of offer.

4. Employment Agreements

All workers sign: * Confidentiality & intellectual property clauses * Acceptable Use Policy acknowledgement * Data protection agreement (GDPR Article 28 processor terms for contractors)

5. Security Awareness & Training

• Mandatory training during onboarding (phishing, secure coding, data protection)
• Annual refresher quiz (≥ 90 % pass required)
• Role-based training for engineers, SRE, support staff

6. Disciplinary Process

Policy violations are investigated jointly by HR and the Information Security Manager; corrective actions range from warning to termination.

7. Termination & Off-boarding

1. HR notifies IT & ISM of termination date.
2. SSO account disabled within 24 h (Google Workspace workflow).
3. Physical assets returned; inventory updated.
4. Access review confirms removal from privileged groups.

8. Remote Work Rules

Remote employees must: * Use company-managed, encrypted devices. * Connect via VPN or zero-trust gateways when accessing internal resources. * Not share workspace with unauthorised individuals during working hours.

9. Responsibilities

Evidence IDs: HR-01, HR-02, HR-03 (see Controls Matrix).