Personnel Security

Aurelis Technology enforces rigorous personnel security controls to ensure that everyone with access to our systems and client data meets the highest standards of trustworthiness and security awareness.

Background Checks

  • Background verification conducted for all employees prior to start date
  • Verification includes identity confirmation, reference checks, and employment history
  • Contractors and third-party personnel undergo equivalent screening before accessing systems

Security Awareness Training

  • Mandatory security awareness training during employee onboarding
  • Annual refresher training covering current threat landscape and company policies
  • Role-specific training for engineers handling client data and infrastructure
  • Phishing awareness and social engineering recognition exercises

Confidentiality Agreements

  • Non-disclosure agreements (NDAs) signed by all employees before accessing company systems
  • Contractor and vendor NDAs required before granting any access to client environments
  • Confidentiality obligations extend beyond the term of employment

Access Controls & Least Privilege

  • Principle of least privilege applied to all internal system access
  • Access provisioned based on role requirements and approved by management
  • Quarterly access reviews to ensure permissions remain appropriate
  • Privileged access (admin, production) restricted to a minimal set of personnel with additional controls

Offboarding Procedures

  • Immediate revocation of all system access upon employment termination
  • Return of company equipment and credentials on the last day
  • Review and reassignment of any shared credentials or service accounts
  • Post-departure access audit to confirm complete deprovisioning

Acceptable Use Policies

  • Formal acceptable use policy governing the use of company systems and data
  • Prohibition of unauthorized software installation on company devices
  • Mandatory use of company-managed devices for accessing production systems
  • Clear guidelines on handling of confidential and client data