Human Resources Security Policy

Updated today

โ€ข

2 min read

Purpose

Define security requirements for personnel โ€” employees and contractors โ€” before, during, and after engagement with Perfect Wiki.

Scope

All Perfect Wiki personnel and contractors who may access customer data, production systems, or confidential company information.

Before engagement

  • Identity verification of every candidate before access is provisioned.
  • Background check (criminal record check, identity verification, and reference checks where lawful in the candidate's jurisdiction) for any personnel granted production access. Checks are proportional to the sensitivity of the role.
  • Signed employment or contractor agreement that includes confidentiality, intellectual-property assignment, acceptable use, and obligation to comply with Perfect Wiki's information-security policies.
  • Signed non-disclosure agreement covering customer data and trade secrets.

During engagement

  • Access provisioned per the Access Control & Identity Management Policy on a least-privilege basis.
  • Security-awareness onboarding covering this Trust Center, the Acceptable Use Policy, the Incident Response Plan, phishing recognition, and secure handling of customer data.
  • Annual security-awareness refresher.
  • Role changes trigger a re-evaluation of access rights within 5 business days.
  • Disciplinary action up to and including termination for material policy violations.

Termination & offboarding

  • All production and SaaS access (Google Workspace, GCP, Sentry, vendor consoles, code repositories) revoked within 24 hours of effective termination.
  • Return of company assets (where applicable); secure-delete of company data on personal devices.
  • Continuing obligations under confidentiality and IP assignment survive termination.

Remote work

Perfect Wiki personnel work remotely. Personnel are required to:

  • Use full-disk encryption on any device with company data (macOS FileVault, Windows BitLocker, or equivalent).
  • Lock the device automatically after inactivity.
  • Use a personal/business-owned device with current OS updates and reputable endpoint security.
  • Avoid storing customer data on personal devices; rely on company-managed SaaS instead.
  • Use trusted networks; treat public Wi-Fi as untrusted (TLS-only access is enforced by the application).

Roles & responsibilities

  • CEO/CTO: Owns hiring, background checks, onboarding, offboarding.

Review cadence

Reviewed annually.

Last reviewed: 2026-05-21. Next review: 2027-05-21. Approved by: Ilia Pirozhenko, CEO/CTO.

Related Articles

Was this page helpful?