Everything You Need to Know About Employee Handbooks

Everything You Need to Know About Employee Handbooks

by | Apr 19, 2022 | Articles

Employee handbooks are a great way for a company to communicate to new and existing employees of their rights and responsibilities. But what exactly are they?

An employee handbook is a document which provides guidance and information related to a company’s mission, vision, values, policies and procedures. They are usually provided to new hires so that they know everything they need to know to get started at their job. These employees will feel more comfortable in their day-to-day activities and work as efficiently as possible right off the bat. 

Additionally, all employees will have a better sense of the company’s culture through the employee handbook. It is imperative that companies develop an effective employee handbook to ensure a positive work environment. 

This blog will explore how to write an employee handbook, what to include in it, and some examples from some of the largest companies in the world.

One important thing to note is that employee handbooks are not a form of an employee agreement. 

 

How to Write an Employee Handbook

Here are some tips to keep in mind when writing your employee handbook:

    • Structure your sections. Before even writing your handbook, you should plan what sections you will include and in what order they will be in. Consider using the sections that we will discuss later in this blog or have a look online for some templates. 
    • Make it easy to read and understand. This means using shorter sentences, simpler language, and avoiding using jargon.
    • Avoid large blocks of text. Consider including pictures and illustrations to explain concepts. You should also be using plenty of headings, sub-headings, bullet points, and paragraph breaks. This will increase the readability of the document. 
    • Give it to employees for feedback. Once you have completed the first draft of the handbook, it’s a good idea to hand it over to a group of employees for feedback. They are in the best position to tell you if it is readable and whether improvements need to be made.
    • Set a date to review it. Your job isn’t done when you finish writing the handbook. Things change all the time both in your internal and external environment. It is important that you set a date to review the handbook and make the alterations necessary to reflect these changes. 

What to Include

There are a lot of bases to cover when it comes to employee handbooks. Since all companies are different, some sections that we discuss will be more relevant to your company than others. This is also not an exhaustive list. You should think about what information your employees need to know to be effective workers in your organisation. 

 

Company Profile

You should give an overview of the company in this section. Some points to discuss include your:

  • Mission: What your company does, who it serves, and why it exists.
  • Vision: What are the long-term plans for your company?
  • Values: What are the beliefs that guide your actions.
  • Culture: What is your company’s structure, leadership style, goals etc.

Employment Basics

This section will give new employees a good idea of what the terms of their contract and job classification are. 

  • Employment contract types: Define all your employment contract types, such as part-time, full-time, casual, intern and apprentices. 
  • Equal opportunity employment: This will promote your workplace as one free of discrimination and harrassment
  • Recruitment and selection process: It is typical to include your hiring process, including pre-employment checks and referral programs
  • Attendance: Outline the procedures regarding what employees should do if they cannot make it to work

Workplace Policies

In this section, you should communicate what your workplace should be like and the policies that govern employees in that environment. The policies should cover areas such as:

  • Confidentiality
  • Data protection
  • Anti-discrimination and anti-harassment
  • Workplace health and safety
  • Dress code
Dress Code

Code of Conduct

This section covers how employees are expected to treat other stakeholders of the business. Specific points that should be addressed here include:

  • Cyber security
  • Conflict of interest
  • Employee relationships and fraternisation
  • Employment of relatives 
  • Workplace visitors 
  • Solicitors and distribution

Compensation and Development

Employees should be made aware of how they are paid to show that your company values its employees and to act as motivation. 

You should include information like the pay-grade structure, when employees should expect to be paid, and overtime rules. In terms of performance management, you should explain the objectives of performance reviews, how they will be performed, and how you would expect managers to lead a team. Finally, you should highlight any opportunities for further training and development within the company. 

Compensation

Employee Resignation and Termination

Employees should also have an idea of how an employment relationship may come to an end. This section should discuss topics such as:

  • Steps of progressive discipline
  • Notice period
  • Resignation process
  • Laws regarding termination
  • Policies regarding references

 

Examples of Employee Handbooks

Below are examples of companies that have taken the time and effort to construct employee handbooks that are both engaging to read and contain all the information required for a new or even existing employee.

 

Valve

Valve is an American video game developer, publisher, and digital distribution company. Ever since being leaked in 2012, Valve’s employee handbook has received high praise online for its use of funny illustrations and off-beat sense of humour. Check it out here.

Valve Employee Handbook

Zappos

Zappos is an American online shoe and clothing retailer which develops a new employee handbook annually. In one edition, the handbook was written in a comic-book style

Zappos Employee Handbook

Netflix

As one of the largest streaming services in the world with its own production company, Netflix’s employee handbook embodies the phrase “simple yet effective.” Netflix goes straight to the point with a 129-slide slideshow full of short and simple sentences.

Netflix logo

Conclusion

Employees are the most important asset to a business. Ensuring that they are properly informed on the culture and policies of a company is essential in creating an effective workplace. As such, managers need to know how to write an employee handbook and what sections to include in it. Companies like Valve, Zappos and Netflix prove that these handbooks can be both informative and engaging to the reader.

Book a Demo Now

Learn more about how Polonious can help you

Click Here
5 Steps for Conducting a Workplace Safety Risk Assessment

5 Steps for Conducting a Workplace Safety Risk Assessment

by | Mar 31, 2022 | Articles, Workplace Management

As we discussed in an earlier blog, workplace risk assessments are powerful tools in identifying and improving workplace safety weaknesses. As such, it is important that managers know exactly how to conduct a risk assessment to create the safest possible environment for their employees. This blog will discuss 5 steps that managers should undertake to do so. 

An important distinction should first be made between a hazard and a risk.

A hazard is anything that has the potential to cause harm, for example chemicals, working at heights, or noise.

A risk is the likelihood that harm (death, injury or illness) might occur when exposed to a hazard.

Step 1: Identify the Hazards

The first step in conducting a risk assessment should be identifying the hazards present in your workplace. This may involve taking a walk around your workplace and looking at how activities are performed, the tools used, the work procedures and the environment. 

You should also be observing your employees as they complete their daily tasks to identify additional risks and to see if there are better ways of completing these tasks. Communicating with your employees is vital at this stage as they are the most knowledgeable on issues that you may not be aware of. 

You can also consult other professionals outside of your business, such as health and workplace safety experts and machinists, to gain more insights into any other hazards that may be present in your workplace.

Another source of information regarding potential hazards is manufacturer’s instructions or data sheets. These can be used to identify specific chemicals and equipment, putting hazards in their true perspective.

 

Step 2: Decide Who Might be Harmed and How

For each hazard identified above, you should make it clear who might be harmed. You don’t have to list individual names in the risk assessment, but you should identify groups of people like ‘people working in the storeroom’ or ‘passer-bys.’

Some considerations:

  • Some workers have particular requirements. New and young workers, migrant workers, new or expectant mothers and people with disabilities are more prone to hazards.
  • Cleaners, visitors, maintenance workers, etc, are not present at your workplace all the time.
  • Members of the public can be harmed by your activities.
  • Ask others if they can think of anyone you may have missed.  

 

Step 3: Evaluate the Risks and Decide on Precautions 

Next up is deciding on what to do in response to the hazards. An easy way of doing so involves comparing what you are doing with good practice.

Look at what controls you currently have in place and how they are organised and then compare this to good practice and see if there is more that you could be doing to bring yourself up to this standard. This may involve asking yourself the following questions:

  • Can I get rid of the hazard altogether?
  • If not, how can I control the risks so that harm is unlikely?

The following are the steps that should be undertaken to control the hazards. They are in order of when they should be undertaken, if possible:

  1. Try a less risky option (e.g. switching to a less hazardous chemical)
  2. Prevent access to the hazard 
  3. Organise work to reduce exposure to the hazard (e.g. putting barriers between pedestrians and traffic)
  4. Issue personal protective equipment (e.g. clothing, footwear, goggles)
  5. Provide welfare facilities (e.g. first aid kits and washing facilities)

The financial cost of implementing these controls are minimal in comparison to the costs that occur if an accident does happen. 

Fostering a culture that emphasises workplace safety will save on costs associated with sick pay, training staff and hiring new staff if an employee gets injured. Additionally, you will avoid fines, lawsuits, and penalties from non-compliance with occupational workplace safety laws. 

 

Step 4: Record your Findings and Implement Them

It is now time to put all your findings together in a report and share it with your employees. This will encourage you to actually put the results of your risk assessment into practice. 

This is also the time to provide additional training for changes to procedures, updates to your workplace safety policy and to remind your employees of their responsibilities in creating a safe work environment.

A timeline can be used in your risk assessment to chart your course of action, since some hazards can be fixed immediately while others may take some time. This timeline can also be used to indicate the temporary solutions in place for hazards that will take time to fully correct. You should identify, assign, and put a date on the responsibilities of those who are carrying out any changes. 

Sample templates of risk assessments are available here.

 

Step 5: Regularly Review and Update Your Risk Assessment

It is likely that things will change within your business and your environment over time. There may be changes in the products or services you provide or changes to workplace safety regulation. It is therefore imperative you also update your risk assessment to keep pace with these changes.

Questions that you should periodically ask yourself are:

  • What areas have these changes occurred?
  • Are there improvements you still need to make?
  • Have other people spotted a problem?
  • Have you learnt anything from accidents or near misses?

You should be keeping up to date with all incidents that take place in your workplace. Handle these incidents immediately and record the actions that were taken to reduce the risk of it occurring again. 

Setting a date to review and update your risk assessment every year will make it easier to place it as a priority, and demonstrate your commitment to workplace safety. 

 

Conclusion

Although different businesses will have different methods of formulating their risk assessments, there are a few basic steps that all managers should follow. These include identifying all hazards, deciding who might be harmed and how, evaluating the risks and deciding precautions, recording findings and implementing them, and regularly reviewing and updating the risk assessment. By following these steps, managers will ensure that they are creating an environment that prioritises workplace safety. 

 

Hazard Sign

A hazard is anything that has the potential to cause harm.

Safety Equipment

Protective equipment is one way to control hazards.

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

Click Here
Using Social Media in Investigations

Using Social Media in Investigations

by | Mar 23, 2022 | Articles, Uncategorized, Workplace Investigations

Just about everyone has some form of social media these days. At the end of Q4 2021, Facebook reported 1.9 billion active daily users, and 2.9 billion active monthly users. Add to that Instagram’s 500 million active daily users and Snapchat’s 319 million active daily users, and you have a valuable pool of information and evidence for private investigators. 

There are broadly two types of information that can captured from social media, which are:

Incriminating content that subjects inadvertently upload themselves

People often post so much of their lives on social media that they may accidentally share something that incriminates them or contradicts their legal claim. 

For example, a woman made an insurance claim stating that she had suffered serious injuries due to a motor vehicle accident. However, her insurance company found posts on the woman’s social media accounts of her snowboarding and scuba diving during the time she was supposed to be injured. The insurance company was then able to prove that her claim was fraudulent.

Incriminating content uploaded by third parties

Social media can still be a useful tool in investigating those who are not very active on these platforms or have a private profile. In the case of major car accidents, it is possible that a bystander will capture footage of the crash and upload it onto Facebook, Twitter or Youtube.

In 2015, a man in the US claimed that he had crashed his $60,000 Corvette whilst driving on the Interstate. It was later discovered by investigators from Youtube footage that he had actually crashed the sportscar into a barrier during a drag-race. 

 

Tips for Using Social Media in Investigations

Consider all platforms

There are so many different platforms out there when it comes to social media. Some of the more common ones include:

Facebook

As the most popular social media site, Facebook provides investigators access to an extensive range of information. Investigators can view years of posts and photos to see:

  • Photos the user has posted
  • What cities they have travelled to 
  • What cities they have lived in
  • What events they have attended
  • What pages they like
  • What content they post on their page
  • Who they interact with on their profile most frequently
  • Who they are friends with

In 2012, a Burger King employee was fired after posting a picture of himself on Facebook standing in lettuce containers. Internet sleuths were able to determine the location of the photo using GPS data in the image, who then forwarded it to news outlets in the area. 

Twitter

This platform is very public and is more impersonal than Facebook. Users usually follow celebrities as well as their friends, and post tweets that are unflattering or things they wouldn’t want their Facebook friends to see (such as family members and professional connections). Investigators will be able to see someone’s interests, hobbies, and connections.

Instagram

This platform emphasises sharing high quality, edited photos with a user’s followers. The types of information that investigators can find through a person’s Instagram includes where they have been (via geographical tagging), what they are interested in, and who they spend time with.

Other Platforms

Although the platforms mentioned above are the most common social media platforms that people use, there are many others out there. In fact, there are around 200 widely used social media sites at the moment, and limiting your investigation to only the top 2 or 3 could mean you are missing out on a lot of valuable evidence.

In 2019, a claim of serious physical injury was proven false when posts were discovered – on the fitness-oriented social media platform Strava – of runs and bike rides during the time the claimant was supposed to be injured 

 

Obtain Evidence Legally and Ethically

As alluded to above, a person with a private profile will make it difficult for an investigator to find information on them through their social media. As a result, investigators may be tempted to engage in pretexting.

Pretexting occurs when someone tries to convince their victim to give up valuable information by using a story to fool the victim. The investigator may pretend to be an acquaintance or friend to get inside the person’s network and access information not available to the public.

However, this practice does raise legal and ethical questions. There are some states in the US that have found that “the admissibility of evidence is not affected by the means through which it is obtained,” meaning that pretexting has been deemed admissible in these states. In California though, it is illegal to “knowingly and without consent credibly impersonate another actual person through or on an Internet Website.” 

To be on the safe side, it is best that your investigation only focuses on publicly available information to avoid doing the wrong thing.

 

Preserve all Evidence

Given the ever-changing nature of social media, posts available one day may be deleted or made private the next day. Investigators need to ensure that they properly capture and preserve all evidence they find.

This is particularly important during workplace harassment or bullying investigations. Employees who are subject to cyber bullying may bring messages or posts to their employer’s attention. If proper steps aren’t taken to preserve this evidence, these messages and posts may be deleted by the other party and it will be a case of he said she said. 

Screencasts can be used to digital record a computer screen and capture words, images and the interactivity between pages. A webcast narration can also be used by the investigator to record themselves talking about what they are seeing. 

Facebook has a feature which allows users to download a copy of their entire history. This is particularly useful when investigating matters months or years in the past. While some subjects may willingly hand over their Facebook histories, investigators may need to compel the subject to hand over the information in some situations. 

 

Act Quickly

For similar reasons as above, investigators need to act quickly when gathering evidence from their subject’s social media. Once someone becomes aware that they are being investigated, it is likely that they will start deleting incriminating evidence from their social media accounts, or even delete their accounts completely. Hence, investigators should immediately capture any piece of relevant evidence that appears on their subject’s social media accounts. 

 

Authentication

Investigators need to ensure that all evidence they collect from social media is authentic. Doing so can be as easy as asking the subject if they, in fact, made the post. However, investigators should also be wary that judges have, in the past, ruled evidence from Facebook inadmissible due to an attorney’s suggestion that their client’s account had been hacked.

Other methods of authentication include recording the IP addresses responsible for social media posts to verify who actually posted it. Investigators could also look into internet browsing history and witness testimonies to authenticate evidence. Finally, emailing posts to others or yourself can validate the time at which it was posted as well as act as a way of preserving the post.

 

How Polonious Can Help

Polonious has integrations with numerous OSINT sources, including Social Discovery, which focuses on social media.

Social Discovery will allow you to access comprehensive social media analytics. With one click you can generate reports that load back onto the case automatically. These reports are easy-to-consume, accurate, and can be customised to your investigation needs. You will need a Social Discovery account, paid separately from Polonious, to access this service. 

To learn more about other integrations that Polonious currently offers or is working on, check out this link.

Conclusion

Social media is quickly becoming one of the most effective sources of information for investigations. However, there are a number of considerations that companies should keep in mind when conducting investigations using social media, which include using all available platforms, obtaining evidence legally and ethically, acting quickly, and preserving and authenticating all evidence. Doing so will ensure that investigations run as smoothly as possible. 

 

 

 

social media

Investigators should avoid using pretexting to obtain evidence.

Facebook

Facebook has a feature which allows users to download a copy of their entire history.

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

Click Here
Writing an External Privacy Policy

Writing an External Privacy Policy

by | Mar 11, 2022 | Articles, Customers

In Part 1 in our 2 part series on privacy policies, we discussed how to write a privacy policy to be used internally by employees. In Part 2, we will explore how to formulate a privacy policy that can be used by customers and suppliers.

 

Why is an External Privacy Policy Needed?

 

You may be wondering why an external privacy policy is even necessary, especially given most customers won’t even read it. 

Firstly, privacy policy is often required by law if you collect personal data from your clients. Some of these regulations around the world include:

Secondly, a company that proudly displays their privacy policy will promote an environment of transparency and honesty between the company and its customers. This will build consumer trust and confidence leading to a positive brand image. 

Finally, a company can use their privacy policy to protect itself against potential disputes about the way they collect information from their customers. 

What to Include

Before any writing is put on paper, you should make sure that you have a clear overview of what personal information is held by your company, and your personal information handling procedures. Some of this information you may already have, but for others you may need to investigate or conduct audits for.

In your privacy policy, you should first describe your company’s main functions and activities, and identify those that involve personal information handling. Activities may include:

  • Providing specified services
  • Conducting publicity campaigns
  • Handling complaints
  • Running a website
  • Sending out a newsletter

For each activity you should also describe:

  • The personal information that you collect and hold, and how you collect and hold it. 
  • The reasons or purposes for which you will collect, hold, use and disclose that personal information.
  • Whether you disclose personal information to overseas entities.

The types of information your company may collect include:

  • Names
  • Addresses
  • Phone numbers
  • Email addresses
  • IP addresses
  • Access dates and times

The means by which information is collected include:

  • Cookies
  • Weblogs
  • Surveys
  • Web forms
  • Registration for an event or course
  • Newsletter sign-up
  • Placing an order

In terms of personal information handling procedures there are a few items to be on top of:

  • Specific approaches, principles or commitments your company has decided to adopt for handling specific personal information. An example of this is:
    • “In relation to X process, the company will link personal information across business processes, or never do so, or only do so if the individual would expect it, or only with the individual’s consent, or only if not sensitive information, or only for X purpose.”
  • Processes for identifying, assessing and managing privacy and security risk, as well as developing and monitoring controls for those risks
  • Approaches to identifying and handling personal information your company no longer needs
  • Processes for providing access to and correction of personal information
  • Complaints handling procedures
  • Policies for managing contractors when personal information may be disclosed.

Structure

Below is an example structure that can be used to set out the information contained within the privacy policy in a layered approach. Headings should be used to clearly separate each section of this structure. A table of contents may also be useful in helping your customers navigate the privacy policy.

Scope: Describe what the policy applies to

Collection of personal information: Provide key information on what personal information is collected and why. 

Disclosure: Describe the key disclosures and conditions around those disclosures. 

Rights and choices: Describe any rights and choices that individuals have, including the right to request access and correct personal information held about them.

How to make a complaint: Describe how to make a complaint about privacy and what to do if they are not satisfied with the outcome.

Contact details: Include at least a phone number and email address that won’t change with personnel. This will add another level of transparency to your privacy policy. 

Other Considerations

 

Regularly Review and Update Your Privacy Policy

You should regularly review and update your privacy policy to reflect changes to your current personal information handling practices. Your policies surrounding changes to the privacy policy should even be incorporated within the privacy policy itself. You should also notify your current clients of any changes at the time the changes occur via an appropriate communication level, such as email or your website.

Make Your Privacy Policy Easily Available

There’s no point in having a privacy policy that promotes transparency if no one is able to see it or know where to find it. 

Your privacy policy should be free of charge and in an appropriate form. This means that if your company has a website, your privacy policy should be easily accessible from it. It is common to have a privacy policy in clear, legible text within the footer of a website, and appear on every page of your site. 

Conclusion

Privacy policies are a great way of showing off your transparency regarding the collection and use of personal information to current and prospective clients. The key information that should be included in this privacy policy are what information is being collected, how it is being collected, and why it is being collected. Your privacy policy should be clearly structured, regularly updated, and made easily available so that clients feel more safe doing business with your company.

Survey

Include all methods of collecting personal information in your privacy policy

contact details

Ensure that you include ways customers can contact your business

Book a Demo Now

Learn more about how Polonious can help your company.

Click Here
Writing an Internal Privacy Policy

Writing an Internal Privacy Policy

by | Mar 4, 2022 | Articles, Uncategorized

What is an Internal Privacy Policy?

According to the Office of the Australian Information Commissioner, a privacy policy is a statement that explains in simple language how an organisation or agency handles personal information. All organisations and agencies as defined by the Privacy Act 1988 are required to have a privacy policy.

You may have heard of a similar term known as a privacy statement. While a privacy statement is used for external purposes such as informing customers or suppliers, privacy policies are intended for internal use, formulating policies and informing employees. 

The areas that privacy policies usually cover include:

  • Employee records: Personal information, medical history, etc.
  • Email and internet usage guidelines
  • Handling customer information
  • Internal systems: Permission, responsibilities, access to files, etc.
  • Mobile devices: company phones, laptops, etc.
  • Established laws and regulations
  • Consequences for policy violation
  • Reporting a security breach

Why is it Needed?

Companies often need to collect and house personal information about their employees and customers, as well as confidential information about the company itself. If a rival firm were able to access this information, it could mean that your company would lose its competitive advantage, as well as breach customer trust for having their information leaked. There would also be serious consequences if an employee were able to look at another employee’s files. 

To mitigate against these threats to your company, an internal privacy policy is required so that all employees know what policies are in place regarding personal information. All employees will be on the same page on what they can and cannot do, the penalties for breaching policies, and what to do if they spot a breach themselves. 

 

How to Write an Internal Privacy Policy

General Tips

The following tips should be integrated throughout your private policy:

  • Use the active tense (you, we, I) and simple language. 
  • Avoid using legal jargon, acronyms, and in-house terms
  • Use short sentences and break up large blocks of text into paragraphs or dot points
  • Use headings to help readers easily locate information relevant to them
  • Only include relevant information by focusing on what is likely to be important to the reader. This will help avoid unnecessary length.

Be Specific

Your privacy policy should not leave any room for employees to speculate or assume. You should delve into specific details so that your employees know what to do in every situation. This may mean using real-world examples of situations that may occur in the workplace. Some specific questions that your privacy policy should answer include:

  • What strict password and virus protection procedures are in place?
  • How often should employees change their passwords?
  • Is encryption used to protect sensitive information?
  • How often are system-penetration tests conducted to verify if your systems are hacker proof?
  • What regular training programs are in place that allow employees to keep up-to-date on technical and legal issues?
  • What is the response plan in the event of a security breach?
  • What are the procedures that prevent former employees from accessing computers and paper files?
  • Are sensitive files separated in secure areas/computer systems and available only to specific individuals?

Another way of being more specific is including a list of definitions for terms that may need more clarification. As an example, the meaning of ‘personal data’ is often misunderstood, as some employees think that if information can be found in the public domain, it isn’t personal data. Personal data is any information that relates to an identified or identifiable individual, and can be as simple as name, number, IP address, or cookie identifier. The definition of personal data should be set out in a business context so that employees have a clear understanding of how to handle this information. 

Determine what Structure to Use

Due to the breadth of information that needs to be included in a privacy policy, it is vital that you have a clear structure. Information should be arranged in a way which makes sense in terms of your company’s functions, activities and audience. For example, you could separate the different groups from which you collect information from and have different privacy policies for, such as customers, employees, and businesses.

You should also ensure that the privacy policy is contained within a singular document. This will avoid the fragmentation of information and allow employees to easily find out where the policy is. 

Outline How to Report Security Breaches

One topic which is often neglected in privacy policies is what employees should do in the event of a security breach. Whether an email has been accidentally sent to the wrong recipient, or an employee has overheard another employee selling sensitive company information, all incidents involving security breaches need to be reported. 

Your privacy policy should include phone numbers, email addresses and other contact details so that employees can report any security breaches they observe. Besides the privacy policy, you should end all emails containing sensitive information with instructions to contact your company and delete the email if it was sent in error. 

Test Your Privacy Policy

An essential step in formulating your privacy policy is testing it on your target audience. If possible, a sample of employees from different departments and levels should be chosen to review the policy. 

The readers will be able to provide feedback, pointing out areas which will likely cause confusion within the target audience and which need more clarification. They can also provide a unique perspective and offer improvements that can be made to the privacy policy that you may have missed.

Regularly Update Your Privacy Policy

Finally, your privacy policy should be regularly reviewed and updated to reflect changes in the law, your business, or your protocols. You should also let your employees know that these changes have occurred in a timely manner. A number of methods are available for this, which include brief introduction videos by executives, presentations during department meetings, and as follow-up communications. 

Conclusion

Internal privacy policies are important tools for employees to raise their awareness on how to handle personal information. Some important points that companies should consider when drafting this document include being specific, having a clear structure, outlining how employees should report security breaches, testing the privacy policy, and regularly reviewing it. Given the detrimental impacts a breach in information security can have on the company’s functioning and reputation, companies should treat privacy incredibly seriously and ensure all employees are aware of their policies. 

Hacker

System penetration tests can verify if your systems are hacker proof

Private Policy used for Security Breach

Private policies should outline what employees should do in the event of a security breach

Book a Demo Now

Learn more about how Polonious can help you implement an effective and confidential whistleblower hotline.

Click Here
SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.