Hiring
- Acceptable Use Policy: Annotated Notes Drata Policy
- Information Security Policy: Annotated Notes Drata Policy
Storage of HR data
All information relevant to the hiring process should be saved in the HR Google Drive:
- Interview notes
- Reference emails and call notes
Onboarding
The following activities should be completed within 30 days of the employee being hired:
- Assign a Hiring Manager to the new hire
- Execute the employment contract
- Create a task in Shortcut and track it to completion:
- Create a story using the Hiring - Onboarding Shortcut Story Template
- Assign the Hiring Label to it
- Perform the tasks described below
- Check the tasks as they are completed, and mark the story as done when completed
Before Day 1
| Who | What | When |
|---|---|---|
| Hiring Manager | Provision laptop | As soon as a contract is signed and the hire is official to avoid any delays. |
| Hiring Manager | Assign a buddy/mentor to the new hire. | As early as possible so that the mentor has advance notice. |
| Hiring Manager | Kick-off the account provisioning process | A week before the new hire’s start date to avoid any surprises. |
| Hiring Manager | Schedule the security training session. | A week before the new hire’s start date so that everyone has advance notice. The security training should be scheduled on the new hire's first day. |
| Hiring Manager | Set up introductory, “coffee chats” with team members | A week before the new hire’s start date so that everyone has advance notice. |
| Hiring Manager | Set up system overview chats. | A week before the new hire’s start date so that everyone has advance notice. |
| Hiring Manager | Set up chat to welcome the new hire. | Before sending the welcome email as this session will be the first thing in the new hire’s calendar. |
| Hiring Manager | Send welcome email. | |
| Hiring Manager | Schedule recurring 1:1 |
Coffee Chat
Coffee chats are informal 15 minute chats to get a new hire introduced to everybody in the org. There are no rules here, the only topics that should be covered by tenured employees is some basics about roles, how long someone’s been at Narrative, where they’re based out of, etc.
At our size we should connect the new developer with everyone in Engineering and Product. Spread the meetings out over the first week.
- Schedule chats with Engineering.
- Schedule chats with Product.
System and Product Overviews
An opportunity for a new hire to get some face-to-face time with a subject-matter expert about our major systems and products.
The sessions are informal and the agenda is, but usually involves:
- Describing the problem the system solves and how it serves our customers.
- Presenting an overview of the system architecture and how it plugs into the larger platform architecture.
- Giving a brief history of how the system came to be.
- Articulating our vision for the system is: what we want it to be.
- An honest assessment of where we are relative to our vision: what works, what doesn’t.
- Going over relevant repos and spending briefly pointing out where any interesting code might be.
Which exact systems will need to be reviewed depends on the new hire’s role, the timing of each overview depends on what they will be working on in their first few weeks. Ideally the sessions build on top of each other.
An example checklist is below:
- Product Overview: a willing member of the Product team will give the new hire a whirlwind tour of the product from the customer’s perspective.
- Datasets and Ingestion
- Transaction
- Narrative API
- App Framework
- Connectors
Welcome Chat
A quick 1:1 between the new hire and the hiring manager at the start of the new hire’s first day to get them oriented. This should be the first thing the new hire opens their laptop to do on their first day.
- A quick summary of Narrative from 10,000 ft to contextualize our systems in our business. The new hire isn’t expected to absorb everything here, but it should help orient them they have questions over their first week.
- Review the Org Tree so that the new hire knows who is who and what they do.
- Go over relevant Processes, particularly the meeting in which they will be participating that day.
- Go over the onboarding checklist for the first day: set clear expectations and goals.
Security Training
Should be scheduled on the first day of the new hire.
Training performed by role: Security Officer
- Brief hires on their information security roles and responsibilities prior to being granted access to covered information or information systems
- Ensure that new hires complete the information security awareness in Drata1
- Brief them on their information security roles and responsibilities prior to being granted access to covered information or information systems
- Provide them with guidelines which state security expectations of their role within the organization;
- (Onboarding of developers only) Have the new developer complete the OWASP Top 10 training
- Create a ticket in Shortcut using the Security Training - OWASP Top 10 Story Template
- Assign the Training Sessions label to it
- Assigned the ticket to the developer
- Track to completion
- Create a ticket in Shortcut using the Security Training - OWASP Top 10 Story Template
Week 1
Our goal for any new hire is to have them commit something and deploy it to production in their first week while giving them the breathing room they need to learn, ask questions, and get up to speed with our product and systems.
Good first tasks are small in scope (e.g. simple bug fixes that touch exactly one system or product), mutate functionality that is well covered by tests, and are low stakes (there’s no pressure to deliver on a timeline and the blast radius of any failure is minimal).
| Who | What |
|---|---|
| Hiring Manager | Schedule first 1:1 |
| Hiring Manager | Reflect on first week sometime close to end-of-day on Friday. |
Reflect on First Week
Quick chat to reflect on the new hire’s first week and discuss:
- What’s went well?
- What didn’t go well?
- What would you change about onboarding?
- What would you change about our processes?
- How comfortable are you at the org?
Onboarding Required Info
Information that must be provided in the ticket:
| Information | Description |
|---|---|
| Name | ??? |
| Narrative Email | ??? |
Offboarding
The following activities should be completed within 30 days of the employee being hired:
- Assign a Hiring Manager to the new hire
- Execute the employment contract
- Create a task in Shortcut and track it to completion:
- Create a story using the Hiring - Offboarding Shortcut Story Template
- Assign the Hiring Label to it
- Kick-off the account deprovisioning process
- Kandji: Lock and erase device
- Arrange return of Narrative-owned devices and hardware
- Upon return of the devices, follow the Disposal of Sensitive Data on Hardware procedure
- Check the tasks as they are completed, and mark the story as done when completed
Offboarding Required Info
Information that must be provided in the ticket:
| Information | Description |
|---|---|
| Name | ??? |
| Narrative Email | ??? |
Footnotes
- The Information Security Policy states: "All new hires are required to complete information security awareness training as part of their new employee onboarding process and annually thereafter. New hire onboarding will be completed within 30 Days after the date the employee or contractor is hired. Ongoing training will include security and privacy requirements as well as training in the correct use of information assets and facilities." ↩