Title: Human Resources Security Policy
Document ID: [POL-HRSEC-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CEO (Paul Hague)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]

# Human Resources Security Policy

## Purpose

This policy defines BlackDice's high-level requirements for managing information security responsibilities throughout the personnel lifecycle.

## Scope

This policy applies to employees, contractors, temporary workers, and other personnel with access to in-scope systems, information, or facilities.

## Objectives

- ensure personnel understand security responsibilities
- reduce risk during onboarding, role change, and offboarding
- support confidentiality, acceptable use, and awareness expectations

## Principles / Policy Statements

Personnel with access to in-scope information or systems must be subject to appropriate screening, onboarding, confidentiality, awareness, and offboarding controls where lawful and appropriate.

Access, responsibilities, and training requirements must reflect the role and level of privilege granted.

Joiner, mover, and leaver events must be managed promptly to reduce the risk of inappropriate access retention.

Personnel must understand how to report security incidents, policy concerns, and suspected weaknesses.

Additional measures may be required for privileged roles, security-sensitive functions, or access to customer-sensitive information.

## Roles and Responsibilities

- [Role] must define HR security expectations with relevant business stakeholders.
- Managers must ensure role changes and departures are communicated promptly.
- Personnel must comply with security obligations and complete required awareness activities.

## Compliance / Exceptions

Any departure from required lifecycle controls must be documented and approved according to risk.

## Monitoring and Review

This policy should be reviewed through access review, training records, incidents, audit, and management review.

## Related Documents

- Information Security Policy
- Joiner Mover Leaver Procedure
- Access Control Policy
- Training and Awareness Record Template

## Version Control

| Version | Date | Description of Change | Author |
| --- | --- | --- | --- |
| 0.1 Draft | [DD Month YYYY] | Initial draft. | [Name or Role] |