Recruiting and Onboarding Security Policy

This Rules/Policy document is provided to you and your organization as a starting point or maturity checkpoint for existing rules/policies. It is brought to you on behalf of Jim McConnell, Principal Owner, and Ask McConnell, LLC — A Converged Security Services Provider. The content is not meant to cover every circumstance, industry, law, regulation, contractual requirement, threat, environment, or risk, but it provides an easy, defendable, highly accountable starting point for any organization. Please consult with your legal counsel and insurance provider about added requirements. If you know of peers that you think would find value in these resources, please have them contact us. These will be updated on our website regularly. We are not legally protecting these documents; we just ask for credit, shout-outs, and referrals if you find them helpful. If you have recommended updates, we are all ears. And if you need Converged Security Consulting and Training, please reach out, we would be honored to serve you and your organization.

Jim McConnell  |  info@askmcconnell.com  |  askmcconnell.com

Recruiting and Onboarding Security Policy

Updated: 7 April 2025

Protecting human lives is the highest requirement of our entire organization, whether they are employees, customers, volunteers, visitors, or part of our supply chain while under some nexus to our organization. Many times things we do online will impact people’s lives physically, financially, and emotionally.

  • I will report security incidents, concerns, vulnerabilities, and threats to my supervisor or the organization’s Ethics Hotline as soon as possible and safe. If they are not available and I feel unsafe, I will contact law enforcement.
  • I will engage the organization’s safety and security leadership in all recruiting and onboarding processes, and in training development and improvement activities.
  • I will include safety and security leadership in all job description development and updates.
  • I will attend — and make sure my hiring personnel attend — an HR Recruiter and Job Seeker Security Training class at least once per year.
  • If I oversee HR Recruiting for the organization:
    • I will verify all members of my HR team attend an HR Recruiter and Job Seeker Security Training class at least once per year.
    • I will make sure our Applicant Tracking System (ATS) has strong fraud and scam protections in place.
    • I will implement and manage a brand breach management program.
    • I will make sure safety and security leadership is engaged in planning for all career fair–type events.
    • I will implement metrics to manage the security and safety aspects of recruiting and onboarding.
  • Background checks:
    • I will verify that all personnel reporting to me have a completed background check before starting work.
    • I will verify that every 24 months, all personnel reporting to me have their background check rerun.
    • I will verify that every 12 months, all personnel reporting to me who are handling financial transactions or other high-risk roles have their background check rerun.
  • I will verify all baseline training is completed for new employees before providing recurring building access or access to non-onboarding systems, applications, or data.
  • I will verify that all access — physical, information, and cyber — for my employees is implemented using the principle of least privilege (sometimes called Zero Trust).
  • I will manage or support a State of Recruiting and Onboarding Security Report and Presentation, under Executive Session, at least yearly — covering incidents, vulnerabilities, improvements, and metrics across all security domains.

Signature Note: I am a huge fan of wet signatures on these types of documents for accountability and investigation reasons. You can add the signature lines below to each rule/policy document, or have a collective wet signature with references in the Security Commitment Agreement document available on the One-Pager library page. Organizational preference.

________________________
Print Full Legal Name

________________________
(Blue Ink) Full Legal Signature
Style of signature must closely match Driver’s License

________________________
Date

🖶 To save or print this policy, use your browser’s Print function (Ctrl+P / Cmd+P) and select “Save as PDF” if needed.