Skip to main content

GoPerfect Human Resources Policy

Viola Di Veroli avatar
Written by Viola Di Veroli
Updated this week

1. Introduction

GoPerfect is committed to ensuring a secure, compliant, and ethical workplace by implementing robust data protection, training & awareness, personnel security, and information security measures. This policy aligns with applicable regulations, including GDPR, CCPA, and industry best practices, and applies to all employees, contractors, and third parties working with GoPerfect.

2. Data Protection Policy

GoPerfect prioritizes data privacy and security in compliance with global regulations such as GDPR and CCPA. The following measures ensure that personal and corporate data are safeguarded:

2.1 Data Collection & Processing

  • Data is collected only for legitimate business purposes and is limited to what is necessary.

  • Personally Identifiable Information (PII) is processed only with the necessary consent or under contractual obligations.

  • Bias-free data handling: No collection or processing of gender, age, ethnicity, or location of birth to ensure fair talent sourcing.

  • Data augmentation is performed in a compliant and ethical manner, without compromising privacy.

2.2 Data Security & Storage

  • Data is stored in Google Cloud Platform (GCP) with industry-standard encryption to ensure secure storage and transmission.

  • Employees must follow access control policies, including role-based access (RBAC) and multi-factor authentication (MFA).

  • Regular compliance audits are conducted to ensure adherence to privacy regulations.

2.3 Data Retention & Deletion

  • Data is retained only as long as necessary for operational or legal requirements.

  • Upon request or contract termination, data is securely deleted or anonymized using verified deletion protocols.

3. Training & Awareness Policy

GoPerfect provides ongoing security awareness training to employees, with a particular focus on phishing prevention, social engineering threats, and compliance awareness.

3.1 Security Training

  • All employees undergo mandatory security training during onboarding and annual refreshers.

  • Training includes:

    • Phishing simulations to educate employees on identifying fraudulent emails.

    • Password security and authentication best practices.

    • Incident response training to recognize and report security threats.

3.2 Phishing & Social Engineering Awareness

  • Employees receive real-time alerts on emerging phishing threats.

  • Regular internal phishing tests are conducted to measure awareness and improve response rates.

  • Employees must report any suspected phishing attempts to the security team.

3.3 Policy Compliance

  • Employees are required to acknowledge security policies annually.

  • Non-compliance or failure to complete training may result in disciplinary action.

4. Personnel Security Policy

To maintain a secure workforce, GoPerfect enforces stringent personnel security measures from hiring through employment termination.

4.1 Hiring & Onboarding

  • Background checks are performed for all employees before onboarding.

  • Employees must sign a confidentiality agreement before accessing company systems.

4.2 Access Controls & User Management

  • Employees are granted only the access required for their role.

  • Role-based access (RBAC) ensures that sensitive data is restricted to authorized personnel.

  • Multi-Factor Authentication (MFA) is required for all employee accounts.

4.3 Employee Offboarding

  • When an employee exits, all system access is revoked immediately.

  • Data related to former employees is securely deleted following retention policies.

5. Information Security Policy

GoPerfect implements a multi-layered security approach to protect systems, data, and infrastructure.

5.1 Network Security

  • Web Application Firewall (WAF) is used to filter and monitor HTTP traffic.

  • Intrusion Detection & Prevention Systems (IDS/IPS) are in place to prevent cyber threats.

  • Encryption of communications and storage is enforced.

5.2 Endpoint Security

  • Anti-malware and antivirus solutions are installed and regularly updated on all company devices.

  • Employees must follow secure device usage policies, including no personal device access to sensitive systems.

5.3 System Vulnerability & Patch Management

  • Regular vulnerability scans are conducted to identify security gaps.

  • Security patches are deployed immediately for critical vulnerabilities.

  • Static Application Security Testing (SAST) is integrated into the development lifecycle.

5.4 Incident Response & Business Continuity

  • A dedicated Security Incident Response Team (SIRT) handles cybersecurity threats.

  • Business Continuity Plans (BCP) and Disaster Recovery (DR) procedures are tested annually.

  • Employees must report security incidents immediately to the IT security team.

6. Compliance & Audit

  • GoPerfect undergoes regular security assessments to ensure compliance with GDPR, CCPA, and industry standards.

  • Data Protection Audits are conducted periodically to review security and privacy compliance.

  • Third-party vendors must meet security assessment requirements before integration.

7. Enforcement & Disciplinary Actions

  • Violations of data security, information security, or compliance policies may result in warnings, suspension, or termination.

  • Security incidents due to negligence may lead to corrective training or disciplinary action.

Need more guidance? πŸ™‹ Our LIVE support team (at the bottom right corner of your screen) replies to ANY question.

Did this answer your question?