Professional Documents
Culture Documents
HR Processes:
How is the segregation of duties in HR team? (Charu alone - how much support is
extended by Indira)
Did any incident happened where your mis place an employee file? (may be old
employee) - What is the security procedure set up there?
When was the last time HR policies are reviewed / updated? any new policies in
place as per current situation - leaves for Covid employees / monetary benefits?
How aware are the employees about the HR policies? (is there regular emails sent/
event conducted about policies& procedures)
How is the employee information labelled with its classification / files? (When
someone suddenly asks for a dco do you have to see all files in your laptop ? or do
you keep it segregated?)
How do you maintain authenticate information? (ex: hike letter, offer letters)
How is the process different in joining process for 1 employee and 10 employees at a
time?
Who has what kind of access to Keka/ HR portal? Is there a security code
system/otp?
How regular do you keep your back ups ready (,monthly, quarterly?)
Are the HR portal / Keka system admin activities logged and reviewed?
Is there a mobile Keka APP? (Are employees aware of it - any frauds can happen with
it by turning off location?)
How do you select personnel be trained on areas that improve performance and
product quality requirements
What type of training does the organization offer? How frequently is the training
conducted? Is the training evaluated before and after? Is the training documented?
Separation Process
What happens when an employee leaves? with respect to information security?
How is the access control policy implemented in KEka (ex logins / passwords)
Termination process?
On Boarding Process
What is the policy for On-boarding an employee?
How are employees and contractors made aware of and trained in, on information
security issues?
How are the documents of external origin handled (like certificates of employees
etc)
Are there any process outsourced like BGV? How are those handled/controlled?
NDA Compliance:
How are NDA's documented and shared with employees?
How are the changes made by suppliers managed and risk assessed?