People Security

People Security Policy

Employee Confidentiality Agreements

All employees of Screendesk are required to read and accept the terms of a confidentiality agreement upon hire. This agreement states that they are prohibited from disclosing any company data from the systems and system components to which they have access. Screendesk ensures that these agreements comply with all applicable laws. The organization will not grant an employee access to any Screendesk assets without obtaining the employee's verified acknowledgment of the agreement.

Background Check Policy

Screendesk uses either an approved background check vendor or defined reference checks to perform background checks on individuals prior to their start date.

Security Awareness Training

All employees within Screendesk must undergo security awareness training within thirty (30) days of hire and at least annually thereafter.

The training accomplishes the following:

• Ensure employees are aware of significant security issues that pose a credible threat to the organization, its network infrastructure, and its supporting system resources

• Establish a comprehensive framework that effectively addresses the core components of security awareness, training, and education

• Provide subject matter directly related to the safety and security of specific system components, especially those to which all users have access

• Communicate the necessary response and resolution measures if employees suspect a security event or incident

The CTO monitors completion of security awareness training and follows up with employees who have not complied with the above requirement.

Performance

As part of maintaining information security standards, the CEO is required to complete performance appraisals for the CTO, and vice versa, at least annually. These appraisals should include an assessment of adherence to security policies and practices.

Given Screendesk's small size (2 employees), it's crucial that both team members are fully aligned on security practices and consistently implement them in their daily operations. Regular, open communication about security matters should be maintained between the CEO and CTO.