People Security

People-related processes (e.g. onboarding, assignment of responsibilities, disciplinary processes, remote working, and offboarding, etc.) must also integrate corporate security controls, in accordance with applicable legislation, as defined in the HR Security Standard.

Security responsibilities set out in corporate security policies and standards, are communicated by Corporate Security to the target audience. Contractual agreements must also include responsibilities related to confidentiality, non-disclosure, and intellectual property rights. Security responsibilities that remain after work hours, during remote working, and after the end of collaboration must also be communicated and acknowledged.

Security training courses and awareness campaigns are planned with the aim of informing the staff about the requirements and expectations related to security, the main threats and risks, while indicating the best ways to avoid, mitigate and report them to preserve the organization’s security posture.

Security courses are mandatory for all employees, with a renewal cycle of 3 years. This training is hosted on the organization’s corporate Learning Management System, managed by a dedicated team. Awareness campaigns are launched through a dedicated platform, on a bimonthly-basis, covering various interactive activities that deal with the main threats and risks (phishing, social media, secure passwords, remote working, etc.), helping staff stay alert, and providing them with ways to deal with such situations.

Completion rates are monitored by Corporate Security, striving to achieve set objectives, and following-up whenever necessary to engage staff in fulfilling the activities.