Security Compliance

TRN.1.02 - Code of Conduct Training

Control Statement

All IllumiDesk team-members complete a code of business conduct training.

Context

The aim of this control is help ensure that all IllumiDesk team-members are aligned on the values of the organization. The purpose of this alignment is to demonstrate to any external auditors that we hold all IllumiDesk team-members to this same standard of conduct.

Scope

This control applies to all IllumiDesk team-members and contractors.

Ownership

Control owner:

  • People Operations

Process owner:

  • People Operations

Guidance

People Ops are responsible for deploying the process to ensure 100% of employee training and validating that every IllumiDesk team member has provided their signed acknowledgement of the code of conduct in the current year. All IllumiDesk team members are responsible for competing the training of the IllumiDesk Business Ethics and Code of Conduct.

Additional control information and project tracking

The security training is delivered by prompting team members to review the IllumiDesk Business Ethics and Code of Conduct and upload their signed acknowledgment upon completion. The training is linked from onboarding issue template as part of the new hire tasks. The 2020 Code of Conduct Training is in the planning stage to be rolled out and completed by the end of March 2020. Legal and Security is consulted for the content.

For audit evidence of compliance, we need to be able to demonstrate 100% completion of training by all team members.

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Code of Conduct Training control issue.

Policy Reference

  • IllumiDesk Handbook

Framework Mapping

  • SOC2 CC

    • CC1.1

    • CC1.4

    • CC1.5