{"id":28621,"date":"2024-07-24T18:49:29","date_gmt":"2024-07-24T10:49:29","guid":{"rendered":"https:\/\/www.xiazhi.co\/?page_id=28621"},"modified":"2024-07-24T19:50:26","modified_gmt":"2024-07-24T11:50:26","slug":"human-resources-security-policy","status":"publish","type":"page","link":"https:\/\/www.xiazhi.co\/en\/company\/legal\/human-resources-security-policy\/","title":{"rendered":"Human Resources Security Policy"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

\u4eba\u529b\u8d44\u6e90\u5b89\u5168\u653f\u7b56<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Human Resources Security Policy<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Last Updated Date \uff1a 2024-02-24<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\u76ee\u7684<\/h2>

\u786e\u4fdd\u5458\u5de5\u548c\u627f\u5305\u5546\u6ee1\u8db3\u5b89\u5168\u8981\u6c42\u3001\u4e86\u89e3\u5176\u804c\u8d23\u5e76\u9002\u5408\u5176\u89d2\u8272\u3002<\/p>

\u8303\u56f4<\/h2>

\u672c\u653f\u7b56\u9002\u7528\u4e8e Xiazhi \u7684\u6240\u6709\u5458\u5de5\u3001\u987e\u95ee\u3001\u627f\u5305\u5546\u548c\u5176\u4ed6\u6709\u6743\u8bbf\u95ee Xiazhi \u751f\u4ea7\u7f51\u7edc\u548c\u7cfb\u7edf\u8d44\u6e90\u7684\u7b2c\u4e09\u65b9\u5b9e\u4f53\u3002<\/p>

\u653f\u7b56<\/h2>

\u7b5b\u9009<\/h3>

\u5bf9 Xiazhi \u4eba\u5458\u7684\u80cc\u666f\u6838\u5b9e\u68c0\u67e5\u5e94\u6839\u636e\u76f8\u5173\u6cd5\u5f8b\u3001\u6cd5\u89c4\u8fdb\u884c\uff0c\u5e76\u5e94\u4e0e\u4e1a\u52a1\u8981\u6c42\u3001\u8981\u8bbf\u95ee\u7684\u4fe1\u606f\u7684\u5206\u7c7b\u548c\u611f\u77e5\u98ce\u9669\u6210\u6bd4\u4f8b\u3002<\/p>

\u6240\u6709\u5bf9 Xiazhi \u751f\u4ea7\u7cfb\u7edf\u6216\u7f51\u7edc\u5177\u6709\u6280\u672f\u7279\u6743\u6216\u7ba1\u7406\u8bbf\u95ee\u6743\u9650\u7684\u7b2c\u4e09\u65b9\u5747\u9700\u63a5\u53d7\u80cc\u666f\u8c03\u67e5\u6216\u8981\u6c42\u63d0\u4f9b\u53ef\u63a5\u53d7\u80cc\u666f\u7684\u8bc1\u636e\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u4ed6\u4eec\u7684\u8bbf\u95ee\u7ea7\u522b\u548c\u5bf9 Xiazhi \u7684\u611f\u77e5\u98ce\u9669\u3002<\/p>

\u80fd\u529b\u548c\u7ee9\u6548\u8bc4\u4f30<\/h3>

\u5458\u5de5\u548c\u627f\u5305\u5546\u7684\u6280\u80fd\u548c\u80fd\u529b\u5e94\u4f5c\u4e3a\u62db\u8058\u6d41\u7a0b\u7684\u4e00\u90e8\u5206\u8fdb\u884c\u8bc4\u4f30\u3002\u804c\u4f4d\u63cf\u8ff0\u548c\u804c\u4f4d\u8981\u6c42\u4e2d\u5e94\u5217\u51fa\u6240\u9700\u6280\u80fd\u548c\u80fd\u529b\uff0c\u548c\/\u6216\u4e0e\u4fe1\u606f\u5b89\u5168\u89d2\u8272\u548c\u804c\u8d23\u653f\u7b56\u4e2d\u6982\u8ff0\u7684\u804c\u8d23\u4fdd\u6301\u4e00\u81f4\u3002\u80fd\u529b\u8bc4\u4f30\u53ef\u80fd\u5305\u62ec\u53c2\u8003\u68c0\u67e5\u3001\u6559\u80b2\u548c\u8ba4\u8bc1\u9a8c\u8bc1\u3001\u6280\u672f\u6d4b\u8bd5\u548c\u9762\u8bd5\u3002<\/p>

\u6240\u6709 Xiazhi \u5458\u5de5\u90fd\u5c06\u63a5\u53d7\u5e74\u5ea6\u7ee9\u6548\u8bc4\u4f30\uff0c\u5176\u4e2d\u5305\u62ec\u5bf9\u5de5\u4f5c\u7ee9\u6548\u3001\u804c\u4f4d\u80fd\u529b\u3001\u9075\u5b88\u516c\u53f8\u653f\u7b56\u548c\u884c\u4e3a\u51c6\u5219\u4ee5\u53ca\u5b9e\u73b0\u7279\u5b9a\u89d2\u8272\u76ee\u6807\u7684\u8bc4\u4f30\u3002<\/p>

\u96c7\u4f63\u6761\u6b3e\u548c\u6761\u4ef6<\/h3>

\u516c\u53f8\u653f\u7b56\u548c\u4fe1\u606f\u5b89\u5168\u89d2\u8272\u548c\u804c\u8d23\u5e94\u5728\u96c7\u7528\u6216\u8058\u7528\u65f6\u4f20\u8fbe\u7ed9\u5458\u5de5\u548c\u7b2c\u4e09\u65b9\uff0c\u5458\u5de5\u548c\u627f\u5305\u5546\u5fc5\u987b\u6b63\u5f0f\u627f\u8ba4\u4ed6\u4eec\u7406\u89e3\u5e76\u63a5\u53d7\u5176\u5b89\u5168\u8d23\u4efb\u3002<\/p>

\u5458\u5de5\u548c\u76f8\u5173\u7b2c\u4e09\u65b9\u5e94\u9075\u5b88\u6240\u6709 Xiazhi \u4fe1\u606f\u5b89\u5168\u653f\u7b56\u3002<\/p>

\u7ba1\u7406\u804c\u8d23<\/h3>

\u6bcf\u4e2a\u653f\u7b56\u6240\u6709\u8005\u5e94\u8d1f\u8d23\u786e\u4fdd\u6bcf\u5e74\u5ba1\u67e5\u4fe1\u606f\u5b89\u5168\u653f\u7b56\u548c\u7a0b\u5e8f\uff08\u53ef\u5728\u516c\u53f8\u624b\u518c<\/a>\u4e2d\u627e\u5230\uff09\uff0c\u5e76\u786e\u4fdd\u5458\u5de5\u548c\u627f\u5305\u5546\u5728\u5176\u53d7\u96c7\u6216\u8058\u7528\u671f\u95f4\u9075\u5b88\u8fd9\u4e9b\u653f\u7b56\u548c\u7a0b\u5e8f\u3002<\/p>

\u653f\u7b56\u7684\u4e3b\u8981\u6765\u6e90\u662f\u516c\u53f8\u624b\u518c\u3002\u6bcf\u9879\u653f\u7b56\u7684\u5ba1\u67e5\u72b6\u6001\u5747\u5728 Leanx<\/a> \u4e2d\u8ddf\u8e2a\u3002<\/p>

\u5e74\u5ea6\u653f\u7b56\u5ba1\u67e5\u5e94\u5305\u62ec\u5bf9\u4efb\u4f55\u76f8\u5173\u6216\u53c2\u8003\u7684\u7a0b\u5e8f\u3001\u6807\u51c6\u6216\u6307\u5357\u7684\u5ba1\u67e5\u3002<\/p>

PeopleOps \u5e94\u786e\u4fdd\u901a\u8fc7\u4e66\u9762\u804c\u4f4d\u63cf\u8ff0\u3001\u653f\u7b56\u6216\u5176\u4ed6\u8bb0\u5f55\u5728\u6848\u7684\u65b9\u6cd5\u5411\u4e2a\u4eba\u4f20\u8fbe\u4fe1\u606f\u5b89\u5168\u8d23\u4efb\uff0c\u5e76\u51c6\u786e\u66f4\u65b0\u548c\u7ef4\u62a4\u8fd9\u4e9b\u8d23\u4efb\u3002<\/p>

\u5e94\u5728\u7ee9\u6548\u5ba1\u67e5\u8fc7\u7a0b\u4e2d\u8bc4\u4f30\u5bf9\u4fe1\u606f\u5b89\u5168\u653f\u7b56\u548c\u7a0b\u5e8f\u7684\u9075\u5b88\u60c5\u51b5\u4ee5\u53ca\u4fe1\u606f\u5b89\u5168\u8d23\u4efb\u7684\u5c65\u884c\u60c5\u51b5\u3002<\/p>

\u7ba1\u7406\u5c42\u5728\u5efa\u7acb\u6fc0\u52b1\u63aa\u65bd\u548c\u5212\u5206\u89d2\u8272\u3001\u804c\u8d23\u548c\u6743\u9650\u65f6\uff0c\u5e94\u8003\u8651\u8fc7\u5ea6\u538b\u529b\u548c\u6b3a\u8bc8\u673a\u4f1a\u3002<\/p>

\u4fe1\u606f\u5b89\u5168\u610f\u8bc6\u3001\u6559\u80b2\u548c\u57f9\u8bad<\/h3>

\u6240\u6709 Xiazhi \u5458\u5de5\u548c\u5bf9 Xiazhi \u751f\u4ea7\u7cfb\u7edf\u548c\u7f51\u7edc\u5177\u6709\u7ba1\u7406\u6216\u7279\u6743\u6280\u672f\u8bbf\u95ee\u6743\u9650\u7684\u7b2c\u4e09\u65b9\u5e94\u5728\u5165\u804c\u65f6\u4ee5\u53ca\u6b64\u540e\u6bcf\u5e74\u5b8c\u6210\u5b89\u5168\u610f\u8bc6\u57f9\u8bad\u3002<\/p>

\u8fd9\u901a\u8fc7 Leanx \u5e73\u53f0\u8fdb\u884c\u7ba1\u7406\u3002<\/p>

\u7ba1\u7406\u5c42\u5e94\u76d1\u7763\u57f9\u8bad\u5b8c\u6210\u60c5\u51b5\uff0c\u5e76\u91c7\u53d6\u9002\u5f53\u63aa\u65bd\u786e\u4fdd\u9075\u5b88\u672c\u653f\u7b56\u3002\u5458\u5de5\u548c\u627f\u5305\u5546\u5e94\u4e86\u89e3\u76f8\u5173\u7684\u4fe1\u606f\u5b89\u5168\u548c\u6570\u636e\u9690\u79c1\u653f\u7b56\u548c\u7a0b\u5e8f\u3002\u516c\u53f8\u5e94\u786e\u4fdd\u4eba\u5458\u63a5\u53d7\u9002\u5408\u5176\u89d2\u8272\u548c\u6570\u636e\u5904\u7406\u804c\u8d23\u7684\u5b89\u5168\u548c\u6570\u636e\u9690\u79c1\u57f9\u8bad\u3002<\/p>

\u4e3a\u4e86\u4fdd\u6301\u5f3a\u5927\u7684\u5b89\u5168\u610f\u8bc6\u6c34\u5e73\uff0c\u516c\u53f8\u5c06\u6839\u636e\u9700\u8981\u901a\u8fc7\u5e38\u89c4\u6c9f\u901a\u6e20\u9053\u6301\u7eed\u5411\u516c\u53f8\u4eba\u5458\u63d0\u4f9b\u4e0e\u5b89\u5168\u76f8\u5173\u7684\u66f4\u65b0\u548c\u6c9f\u901a\u3002<\/p>

\u7ec8\u6b62\u6d41\u7a0b<\/h3>

\u5458\u5de5\u548c\u627f\u5305\u5546\u7684\u7ec8\u6b62\u548c\u79bb\u804c\u6d41\u7a0b\u5e94\u786e\u4fdd\u6839\u636e\u516c\u53f8 SLA \u548c\u653f\u7b56\u53ca\u65f6\u64a4\u9500\u7269\u7406\u548c\u903b\u8f91\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u5f52\u8fd8\u516c\u53f8\u53d1\u653e\u7684\u6240\u6709\u8bbe\u5907\u3002<\/p>

\u5b8c\u6574\u7684\u79bb\u804c\u6d41\u7a0b\u53ef\u5728\u6b64\u5904\u67e5\u770b<\/p>

\u4f8b\u5916\u60c5\u51b5<\/h2>

\u6b64\u653f\u7b56\u4f8b\u5916\u60c5\u51b5\u7684\u7533\u8bf7\u5fc5\u987b\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u63d0\u4ea4\u7ed9 CEO \u6216 CTO \u5ba1\u6279\u3002<\/p>

\u8fdd\u89c4\u4e0e\u6267\u884c<\/h3>

\u4efb\u4f55\u5df2\u77e5\u7684\u8fdd\u53cd\u6b64\u653f\u7b56\u7684\u884c\u4e3a\u90fd\u5e94\u62a5\u544a\u7ed9 CEO<\/a>\uff08\u90ae\u7bb1\u662f \uff09 \u6216 CTO\u3002\u8fdd\u53cd\u6b64\u653f\u7b56\u53ef\u80fd\u4f1a\u5bfc\u81f4\u7acb\u5373\u64a4\u9500\u6216\u6682\u505c\u7cfb\u7edf\u8bbf\u95ee\u6743\u9650\u548c\/\u6216\u6839\u636e\u516c\u53f8\u7a0b\u5e8f\u91c7\u53d6\u7eaa\u5f8b\u5904\u5206\uff0c\u76f4\u81f3\u7ec8\u6b62\u96c7\u4f63\u5173\u7cfb\u3002<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Purpose<\/h2>

To ensure that employees and contractors meet security requirements, understand their responsibilities, and are suitable for their roles.<\/p>

Scope<\/h2>

This policy applies to all employees of Xiazhi, consultants, contractors and other third-party entities with access to Xiazhi production networks and system resources.<\/p>

Policy<\/h2>

Screening<\/h3>

Background verification checks on Xiazhi personnel shall be carried out in accordance with relevant laws, regulations, and shall be proportional to the business requirements, the classification of the information to be accessed, and the perceived risks.<\/p>

All third-parties with technical privileged or administrative access to Xiazhi production systems or networks are subject to a background check or requirement to provide evidence of an acceptable background, based on their level of access and the perceived risk to Xiazhi.<\/p>

Competence & Performance Assessment<\/h3>

The skills and competence of employees and contractors shall be assessed as part of the hiring process. Required skills and competencies shall be listed in job descriptions and requisitions, and\/or aligned with the responsibilities outlined in the Information Security Roles and Responsibilities Policy. Competency evaluations may include reference checks, education and certification verifications, technical testing, and interviews.<\/p>

All Xiazhi employees will undergo an annual performance review which will include an assessment of job performance, competence in the role, adherence to company policies and code of conduct, and achievement of role-specific objectives.<\/p>

Terms & Conditions of Employment<\/h3>

Company policies and information security roles and responsibilities shall be communicated to employees and third-parties at the time of hire or engagement, and employees and contractors are required to formally acknowledge their understanding and acceptance of their security responsibilities.<\/p>

Employees and relevant third-parties shall follow all Xiazhi information security policies.<\/p>

Management Responsibilities<\/h3>

Each policy owner shall be responsible for ensuring that information security policies and procedures are reviewed annually, available in the company handbook<\/a>, and that employees and contractors abide by those policies and procedures for the duration of their employment or engagement.<\/p>

The primary source for the policies is the company handbook. The review status of each policy is tracked in Leanx<\/a>.<\/p>

Annual policy reviews shall include a review of any linked or referenced procedures, standards or guidelines.<\/p>

PeopleOps shall ensure that information security responsibilities are communicated to individuals, through written job descriptions, policies or some other documented method which is accurately updated and maintained.<\/p>

Compliance with information security policies and procedures and fulfillment of information security responsibilities shall be evaluated as part of the performance review process wherever applicable.<\/p>

Management shall consider excessive pressures, and opportunities for fraud when establishing incentives and segregating roles, responsibilities, and authorities.<\/p>

Information Security Awareness, Education & Training<\/h3>

All Xiazhi employees and third-parties with administrative or privileged technical access to Xiazhi production systems and networks shall complete security awareness training at the time of hire and annually thereafter.<\/p>

This is managed via the Leanx platform.<\/p>

Management shall monitor training completion and shall take appropriate steps to ensure compliance with this policy. Employees and contractors shall be aware of relevant information security and data privacy policies and procedures. The company shall ensure that personnel receive security and data privacy training appropriate to their role and data handling responsibilities.<\/p>

In order to maintain a robust level of security awareness, the company will provide security-related updates and communications to company personnel on an on-going basis through the usual communication channels as needed.<\/p>

Termination Process<\/h3>

Employee and contractor termination and offboarding processes shall ensure that physical and logical access is promptly revoked in accordance with company SLAs and policies, and that all company issued equipment is returned.<\/p>

The full offboarding process is available here<\/p>

Exceptions<\/h2>

Requests for an exception to this policy must be submitted by email to the CEO or CTO for approval.<\/p>

Violations & Enforcement<\/h3>

Any known violations of this policy should be reported to the CEO<\/a> or CTO. Violations of this policy can result in immediate withdrawal or suspension of system access and\/or disciplinary action in accordance with company procedures up to and including termination of employment.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

A set of policies, standards and control procedures with mapping to HIPAA, NIST CSF, PCI DSS, SOC2, FedRAMP, CIS Controls.<\/p>","protected":false},"author":1,"featured_media":27248,"parent":19420,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-28621","page","type-page","status-publish","has-post-thumbnail","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/pages\/28621","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/comments?post=28621"}],"version-history":[{"count":29,"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/pages\/28621\/revisions"}],"predecessor-version":[{"id":28652,"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/pages\/28621\/revisions\/28652"}],"up":[{"embeddable":true,"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/pages\/19420"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/media\/27248"}],"wp:attachment":[{"href":"https:\/\/www.xiazhi.co\/en\/wp-json\/wp\/v2\/media?parent=28621"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}