Free Human Resources Policy Builder

1. Purpose

This policy establishes human resources requirements and procedures to ensure the organization maintains a qualified, ethical, and accountable workforce. The goal is to implement consistent HR practices for hiring, onboarding, performance management, conduct expectations, and offboarding that support the organization's objectives and meet SOC 2 compliance requirements.

2. Scope

Applies to all employees (full-time, part-time), contractors, interns, and temporary workers engaged by the organization. Covers the entire employment lifecycle from pre-hire screening through termination. Includes HR processes related to recruitment, onboarding, performance management, training, ethics, discipline, and offboarding.

3. Roles

• Chief People Officer (CPO) – owns this policy, oversees HR program, ensures compliance with employment laws
• HR Team – executes HR procedures, conducts background checks, manages onboarding/offboarding, maintains employee records
• Hiring Managers – define role requirements, interview candidates, approve hiring decisions, manage team performance
• Managers – conduct performance reviews, provide feedback, enforce policies, initiate disciplinary actions
• IT Team – provisions and de-provisions access, returns equipment, maintains access records
• All Employees – comply with policies, complete required training, report policy violations, maintain ethical conduct

4. Core Principles

• Screen before hiring – all new hires undergo background checks appropriate to their role
• Set clear expectations – employees understand roles, responsibilities, and conduct standards
• Provide ongoing feedback – regular performance conversations and annual reviews
• Maintain ethical standards – zero tolerance for fraud, harassment, or policy violations
• Protect whistleblowers – safe channels for reporting misconduct without retaliation

5. Pre-Employment Screening

5.1 Background Check Requirements

All new hires must pass a background check as a condition of employment before their start date.

Standard Background Check (All Employees):

• Identity verification (SSN verification, right to work)
• Criminal history check (county, state, federal records)
• Employment verification (previous 2 employers, minimum)
• Education verification (highest degree claimed)
• Professional license verification (if applicable to role)

Enhanced Background Check (Security-Sensitive Roles):

Required for roles with access to production systems, sensitive data, or financial systems:

• All standard checks PLUS:
• Credit history check (for financial roles)
• Extended employment history (7 years)
• Additional reference checks (3+ professional references)
• Social media screening (optional, with consent)

Background Check Process:

• Candidate signs consent form authorizing background check
• HR initiates background check with approved vendor (Checkr, Sterling, HireRight)
• Results reviewed by HR within 5 business days
• If adverse findings, provide candidate with pre-adverse action notice and opportunity to dispute
• Final hiring decision made after background check clears
• Background check results retained in secure employee file for 7 years
• No start date scheduled until background check passes

Disqualifying Factors:

• Felony conviction related to fraud, theft, violence, or computer crimes (past 7 years)
• Falsification of application or resume information
• Failed drug screening (if applicable to role)
• Unable to verify identity or right to work

5.2 Drug Screening

• Required for safety-sensitive positions, roles operating vehicles or machinery
• Optional for other roles based on business need and state law
• Conducted after conditional offer is extended
• Test for standard drug panel (5-panel or 10-panel)

6. Onboarding Process

6.1 New Hire Onboarding Checklist

Before Start Date:

• Background check completed and cleared
• Offer letter signed and returned
• I-9 employment eligibility verification completed
• W-4 and state tax forms submitted
• Benefits enrollment completed
• IT equipment ordered (laptop, phone, accessories)
• System access requests submitted

Day 1:

• Welcome email sent with first day instructions
• Employee signs acknowledgment of policies (Employee Handbook, Code of Conduct, Security Policy, Acceptable Use Policy)
• IT provisions accounts (email, Slack, VPN, SSO)
• Equipment distributed (laptop, badge if applicable)
• Manager conducts welcome meeting and reviews role expectations

Week 1:

• Complete mandatory training: Security Awareness, Code of Conduct, Harassment Prevention, Data Handling
• Review organizational structure and key contacts
• Introduction to team and cross-functional partners
• Setup development environment (for technical roles)
• Manager assigns onboarding buddy or mentor

30-60-90 Day Plan:

• Manager and new hire create 30-60-90 day goals
• Check-in meetings at 30, 60, and 90 days to review progress
• Complete role-specific training
• Feedback session with manager at end of 90 days

6.2 Onboarding Documentation

HR maintains onboarding records including:

• Signed offer letter
• Background check results
• I-9 form with supporting documents
• Policy acknowledgment forms
• Training completion certificates
• NDA and confidentiality agreements
• Equipment assignment records

7. Code of Business Conduct

7.1 Core Values and Expected Behavior

All employees are expected to:

• Act with Integrity: Be honest, ethical, and transparent in all business dealings
• Respect Others: Treat colleagues, customers, and partners with respect and dignity
• Protect Company Assets: Safeguard physical property, data, intellectual property, and confidential information
• Avoid Conflicts of Interest: Disclose any situations where personal interests may conflict with company interests
• Comply with Laws: Follow all applicable laws, regulations, and company policies
• Report Violations: Speak up when you observe policy violations or ethical concerns

7.2 Prohibited Conduct

The following behaviors are strictly prohibited:

• Fraud and Theft: Misappropriation of company funds, assets, or data; falsifying records or reports
• Harassment and Discrimination: Harassment, discrimination, or retaliation based on protected characteristics
• Violence and Threats: Physical violence, threats of violence, or intimidating behavior
• Substance Abuse: Working under the influence of drugs or alcohol
• Data Misuse: Unauthorized access, disclosure, or modification of confidential data
• Conflicts of Interest: Engaging in activities that compete with or harm the company
• Bribery and Corruption: Offering or accepting bribes, kickbacks, or improper payments
• Intellectual Property Theft: Misusing company IP or using unlicensed software

7.3 Code of Conduct Training

• All employees complete Code of Conduct training during onboarding
• Annual refresher training required for all employees
• Employees sign annual acknowledgment that they have read and understand the Code of Conduct
• Training records maintained by HR

8. Performance Management

8.1 Performance Review Cycle

The organization uses a continuous performance management approach:

Ongoing Check-ins (Weekly or Bi-weekly):

• Regular 1-on-1 meetings between manager and employee
• Discuss priorities, progress on goals, challenges, and feedback
• Quarterly reminders sent to managers to ensure check-ins are happening

Mid-Year Review (June):

• Formal check-in on goal progress and performance
• Opportunity to adjust goals based on business changes
• Identify development opportunities and training needs

Annual Performance Review (December):

• Comprehensive review of performance against goals
• Assessment of competencies and behaviors
• Feedback from manager, peers (360 review optional)
• Performance rating assigned (Exceeds Expectations, Meets Expectations, Needs Improvement, Does Not Meet)
• Compensation decisions tied to performance
• Goal setting for upcoming year

8.2 Performance Improvement Plans (PIP)

For employees not meeting performance expectations:

• Manager documents specific performance deficiencies
• HR consulted before initiating PIP
• PIP includes: clear expectations, measurable goals, timeline (typically 30-90 days), support and resources, consequences of not improving
• Weekly check-ins with manager during PIP period
• Final evaluation at end of PIP to determine: improvement achieved (continue employment), insufficient improvement (termination), or extension needed
• PIP documentation retained in employee file

9. Ethics Reporting

9.1 Business Ethics Hotline

The organization provides multiple channels for reporting ethical concerns:

Reporting Channels:

• Ethics Hotline: 1-800-XXX-XXXX (anonymous, 24/7, third-party operated)
• Ethics Email: ethics@yourcompany.com (monitored by Chief Compliance Officer)
• Direct Manager: Report to immediate supervisor if comfortable
• HR: Report to HR Business Partner or CPO
• Anonymous Web Form: Available on company intranet

What to Report:

• Fraud, theft, or financial misconduct
• Harassment, discrimination, or retaliation
• Safety violations or workplace hazards
• Data breaches or security incidents
• Conflicts of interest
• Violations of company policies or laws
• Retaliation against whistleblowers

9.2 Investigation Process

• All ethics hotline reports reviewed by Chief Compliance Officer and CPO
• Investigation initiated within 5 business days of report
• Confidentiality maintained to extent possible (anonymous reports may limit ability to investigate)
• Witnesses interviewed, evidence collected, findings documented
• Investigation typically completed within 30 days
• Appropriate corrective action taken if violation confirmed
• Hotline reporter notified of outcome (if not anonymous)

9.3 Non-Retaliation Policy

• Retaliation against employees who report concerns in good faith is strictly prohibited
• Retaliation includes: termination, demotion, harassment, threats, negative performance reviews, exclusion from meetings/projects
• Employees who believe they experienced retaliation should report immediately to HR or ethics hotline
• Retaliation violations result in disciplinary action up to termination

9.4 Audit Committee Reporting

• Hotline reports summarized and reported to Audit Committee quarterly
• Report includes: number of reports received, categories of concerns, investigation status, corrective actions taken
• Audit Committee reviews trends and recommends policy or process improvements

10. Disciplinary Process

10.1 Progressive Discipline

For policy violations or performance issues, the organization generally follows progressive discipline:

Step 1: Verbal Warning

• Manager discusses issue with employee
• Clear expectations set for improvement
• Manager documents conversation in notes

Step 2: Written Warning

• Formal written warning issued for continued issues
• Document describes violation, expected improvement, timeline, consequences
• Employee signs acknowledgment
• HR consulted and documentation retained in employee file

Step 3: Final Written Warning or Suspension

• Final opportunity to correct behavior or performance
• May include unpaid suspension (1-5 days) depending on severity
• Clear statement that termination will result if no improvement
• CPO approval required

Step 4: Termination

• Employment terminated if issues continue or for serious violations
• Termination requires manager and CPO approval
• Documentation of all previous steps required (except for serious misconduct)

10.2 Immediate Termination

The following violations may result in immediate termination without progressive discipline:

• Theft, fraud, or embezzlement
• Violence or threats of violence
• Serious harassment or discrimination
• Willful destruction of company property
• Breach of confidentiality or data theft
• Working under influence of drugs/alcohol
• Falsification of company records
• Serious violation of security policies

10.3 Documentation Requirements

• All disciplinary actions documented in writing
• Documentation includes: date, description of violation, previous warnings, action taken, employee acknowledgment
• HR reviews and approves all written warnings and terminations
• Disciplinary records retained in secure employee file
• Access to disciplinary records limited to HR, manager, and CPO

11. Termination and Offboarding

11.1 Termination Types

• Voluntary Resignation: Employee provides 2 weeks notice (standard)
• Involuntary Termination: For performance or policy violations
• Layoff/Reduction in Force: Business-driven, not performance-related
• Retirement: Employee leaves at retirement age or meets retirement criteria

11.2 Offboarding Process

Upon Notice or Termination Decision:

• HR creates offboarding ticket in HRIS
• Manager notifies HR of termination date
• IT and Security notified for access revocation planning
• Final paycheck and benefits information prepared

Last Day of Employment:

• Exit interview conducted by HR (voluntary departures)
• Knowledge transfer completed with team
• Return all company property: laptop, phone, badge, keys, documents
• IT revokes all system access (reference: Access Management Policy - access de-provisioning procedures)
• Corporate accounts disabled: email, Slack, VPN, AWS, GitHub, databases, SaaS applications
• Final paycheck issued with accrued PTO payout
• COBRA benefits information provided (if eligible)
• Reminder of ongoing confidentiality obligations

11.3 Access Revocation Requirements

• Voluntary Resignations: Access revoked at end of last working day
• Involuntary Terminations: Access revoked immediately upon notification
• Layoffs: Access revoked at end of last working day
• IT confirms access revocation complete within 24 hours
• Offboarding ticket closed only after access revocation confirmed
• Quarterly access reviews verify terminated employees no longer have access

11.4 Exit Interview

For voluntary departures, HR conducts exit interview to gather feedback:

• Reasons for leaving
• Feedback on role, manager, and company culture
• Suggestions for improvement
• Likelihood to recommend company to others
• Exit interview data analyzed quarterly for trends

12. Employee Records Management

12.1 Personnel Files

HR maintains secure personnel files including:

• Job application and resume
• Offer letter and employment agreement
• Background check results
• I-9 form and supporting documents
• Policy acknowledgment forms
• Training records
• Performance reviews
• Disciplinary actions
• Compensation changes
• Termination documentation

12.2 Record Retention

• Active Employee Records: Retained while employed
• Terminated Employee Records: Retained for 7 years after termination
• I-9 Forms: 3 years after hire date or 1 year after termination, whichever is later
• Background Checks: 7 years after termination
• Payroll Records: 7 years (IRS requirement)
• Benefits Records: 6 years after plan termination

12.3 Access Controls

• Personnel files stored in HRIS (BambooHR, Workday, etc.) with encryption
• Access restricted to HR team and CPO
• Employees can request access to their own personnel file
• Managers have access only to records for their direct reports (performance reviews, training)
• Access logs maintained for audit purposes

13. Training Requirements

Mandatory Training for All Employees:

• Onboarding: Security Awareness (must complete within first week)
• Onboarding: Code of Business Conduct (must complete within first week)
• Onboarding: Harassment Prevention (must complete within 30 days)
• Onboarding: Data Handling and Classification (must complete within 30 days)
• Annual: Security Awareness refresher
• Annual: Code of Conduct acknowledgment

Role-Specific Training:

• Engineering: Secure development practices, change management procedures
• Managers: Performance management, conducting difficult conversations, recognizing harassment
• IT/Security: Incident response, access management, security tools

14. Exceptions

Exceptions to this policy require Chief People Officer approval with documented business justification and risk assessment. Background check exceptions require additional CEO approval and documented compensating controls.

15. Enforcement

Violations of this policy, including failure to complete background checks, not reporting ethics violations, or policy non-compliance, may result in disciplinary action up to and including termination.

16. References

• SOC 2 – Human Resources and Personnel Controls
• EEOC Guidelines on Employment Practices
• FCRA (Fair Credit Reporting Act) – Background Check Requirements
• [Your Company] Code of Business Conduct
• [Your Company] Employee Handbook
• [Your Company] Information Security Policy
• [Your Company] Access Management Policy

17. Revision History

Date	Version	Author	Description
[Date]	1.0	Chief People Officer	Initial release