Personnel Security Policy

This Rules/Policy document is provided to you and your organization as a starting point or maturity checkpoint for existing rules/policies. It is brought to you on behalf of Jim McConnell, Principal Owner, and Ask McConnell, LLC — A Converged Security Services Provider. The content is not meant to cover every circumstance, industry, law, regulation, contractual requirement, threat, environment, or risk, but it provides an easy, defendable, highly accountable starting point for any organization. Please consult with your legal counsel and insurance provider about added requirements. If you know of peers that you think would find value in these resources, please have them contact us. These will be updated on our website regularly. We are not legally protecting these documents; we just ask for credit, shout-outs, and referrals if you find them helpful. If you have recommended updates, we are all ears. And if you need Converged Security Consulting and Training, please reach out, we would be honored to serve you and your organization.

Jim McConnell  |  info@askmcconnell.com  |  askmcconnell.com

Personnel Security Policy

Updated: 20 March 2025

Protecting human lives is the highest requirement of our entire organization, whether they are employees, customers, volunteers, visitors, or part of our supply chain while under some nexus to our organization.

  • I am responsible for my personal safety and security while on the organization’s property or performing the organization’s duties.
  • I will report personnel security concerns, vulnerabilities, and threats to my supervisor or the organization’s Ethics Hotline.
  • I will not introduce any security vulnerabilities that would jeopardize myself or other personnel.
  • I will not disable or knowingly not implement a security control.
  • I will make sure all my visitors/suppliers/customers that need to be escorted will either be escorted at all times while on the organization’s property or monitored by organizational personnel to make sure they remain only in areas they are authorized and only perform the duties they are authorized to perform.
  • I will make sure my role is classified to the level of risk the role places on the organization and be under that level of risk’s controls that would limit the individual(s) filling that role, were they to act in a malicious way.
  • Background checks:
    • I will verify that all personnel reporting to me will have a completed background check before starting work.
    • I will verify that, every 24 months, all personnel reporting to me will have their background check rerun.
    • I will verify that, every 12 months, all personnel reporting to me that are handling financial transactions or other high-risk roles, will have their background check rerun.
    • I will verify yearly that any supplier personnel supporting my operation who will have access to the organization’s facilities or non-public information, either directly by our organization or through contractual agreement, have an up-to-date background check completed.
  • Due diligence checks (on suppliers):
    • I will complete or verify as complete a comprehensive due diligence, before engagement, with any company that will be a supplier/partner/reseller (“3rd Party” and flowdown) to include, at a minimum, OFAC Screening checks on the company and principals.
    • I will verify this due diligence is rerun every 12 months, or as required by law/regulation (e.g. OFAC).
  • I will not carry or use any method or instrument to carry out harm, bodily injury, or damage to other personnel or other organization assets, unless it is for the personal safety of myself or a close person being harmed or threatened with harm.
  • I will manage or support a State of Personnel Security Report and Presentation, under Executive Session, at least yearly, that covers incidents, vulnerabilities, improvements, and metrics across all domains of Security.

Signature Note: I am a huge fan of wet signatures on these types of documents for accountability and investigation reasons. You can add the signature lines below to each rule/policy document, or have a collective wet signature with references in the Security Commitment Agreement document available on the One-Pager library page. Organizational preference.

________________________
Print Full Legal Name

________________________
(Blue Ink) Full Legal Signature
Style of signature must closely match Driver’s License

________________________
Date

🖶 To save or print this policy, use your browser’s Print function (Ctrl+P / Cmd+P) and select “Save as PDF” if needed.