Personnel Management

Search

Understanding personnel statuses

Overview

Secureframe uses personnel statuses for you to understand the state of the personnel you’ve onboarded onto the platform and any actions that you as the admin, or the personnel needs to take within the platform. 

Status Definition Action required by admin Action required by personnel
Uncategorized Before personnel can be invited to Secureframe, they must be categorized as employee or contractor Categorize personnel N/A
Not Invited This personnel has not been invited to the Secureframe employee dashboard to complete their tasks. Invite personnel  N/A
Incomplete tasks This status is displayed when the personnel has not completed one or more of the following tasks (as applicable):
  • Accepted all required policies
  • Completed necessary training
  • Background check
  • Secureframe agent
 Remind personnel Complete employee dashboard tasks
Overdue tasks This status is displayed when the personnel has not completed one or more of the following tasks before the required time(as applicable):
  • Accepted all required policies
  • Completed necessary training
  • Background check
  • Secureframe agent
 Remind personnel Complete employee dashboard tasks
All tasks completed All tasks completed by personnel and admin N/A N/A
Offboarded This personnel has been detected as terminated in the system in one or more integrations connected to Secureframe Mark as Inactive N/A
Active Account(s)

We detected this user has active accounts. Please ensure these accounts are deactivated.

 Review Associated Accounts N/A

Categorize personnel

Personnel must be categorized before they can be onboarded to Secureframe.

In order to categorize personnel:

  • Navigate to the personnel page
  • Click on “Categorize Personnel” under the column header “Type” for any uncategorized personnel
  • Choose a category for personnel:
    • In scope employee
    • In scope contractor
    • Out of scope contractor

  • Alternatively, you can also bulk categorize personnel by: 
    • Multi-select personnel 
    • Click “Property”
    • Clicking “edit type”
    • Choose employee or contractor
    • Click “Apply to personnel”

For more information on how to determine if the personnel is in or out of audit scope, please read this article

If the record in the personnel table is not an employee or contractor, you can categorize them as follows:

  • Non personnel - we recommend using the Non Personnel category for any email addresses used as aliases and for every email address that does not fall under the Employee and Contract types, such as service accounts.
  • Auditor - mark auditors who have access the platform

To categorize as non personnel for auditor, follow the steps below:

  • Click three dot menu on the right hand side of the record
  • Click mark as non personnel or mark as auditor

Invite Personnel

One the personnel is categorized, you can invite the personnel by following the steps below:

  • Navigate to the Personnel page
  • Click not invited status
  • Click invite

To bulk invite personnel:

  • Multi-select the personnel you want to invite
  • Click invite in the bulk action bar at the bottom

Remind Personnel

If the personnel has incomplete or overdue tasks, you can remind personnel by clicking on the status, e.g. either incomplete tasks or overdue tasks and clicking the bell icon.

Mark offboarded personnel as inactive

When a personnel is in the “offboarded” status, it means that this person has been detected as terminated in the system in one or more integrations.

Follow the steps below to address personnel with “offboarded” status:

  • Review the personnel by clicking on their name in personnel page
  • Click on the “Accounts” tab
  • Review the accounts that the user has access to, if there are any accounts that the offboarded personnel still has access to, ensure access is removed in source system

  • The next step is to mark this personnel as “Inactive” in Secureframe, to do so:
    • Click on the offboarded status
    • Click “Mark as Inactive”

    • Click “Mark as inactive” on the confirmation screen

    • You can also mark the personnel as Inactive by clicking on the three dot menu and then clicking “Mark as inactive”

Bulk change personnel to inactive

If you would like to bulk change personnel status for all offboarded personnel at once, follow the steps below:

  • Navigate to the Personnel page
  • Create a filter for Status is exactly offboarded
  • Click the check box to select all offboarded personnel
  • Click the three dot menu in the bulk action bar at the bottom of the screen
  • Click Mark as inactive

 

Preset filters - In Compliance, Medium Priority and High Priority

In order to assist you, Secureframe provides a list of preset filters on the personnel page to understand the state of compliance amongst your workforce. The three preset filter views can be found on the top of the personnel page next to the search bar.

Below is a description of each of these preset filters:

Preset filter State of Personnel Admin action required:
In Compliance Personnel under “In Compliance” includes all in scope personnel who have:
  • Completed all relevant training
  • MFA set-up for system(s)
  • Accepted all relevant policies 
  • Secureframe agent is enabled (if applicable)
 None
Medium Priority Personnel under medium priority includes all Active(e.g. current employed personnel) who are either:
  • Uncategorized
  • Not invited
  • Have Incomplete tasks (could include any of the following tasks being incomplete:
    • Completing all relevant training
    • Setting up MFA for system(s)
    • Accepting all relevant policies 
    • Enabling Secureframe agent (if applicable)

Categorize personnel

Invite Personnel

Remind Personnel
High Priority

Personnel under high priority includes Active (e.g. currently employed personnel) - who have overdue tasks e.g. a task that is past its due date, such as:

  • Completing all relevant training
  • Setting up MFA for system(s)
  • Accepting all relevant policies 
  • Enabling Secureframe agent (if applicable)

Personnel will change from Medium Priority flag to High Priority only if any of the specific tasks that the personnel has to complete is past its due date. Here is an example:


  • Jessica was onboarded on June 1 and has 30 days to complete new hire training
  • Jessica has completed all her tasks except for her new hire training which is due within 30 days of onboarding 
  • You view the personnel table on June 15 and Jessica has still not completed her new hire training, she will be flagged under “Medium Priority”
  • You view the personnel table on July 1st and Jessica still has not completed new hire training, she will be flagged as high priority because the new hire training is past its due date
 Remind Personnel
High priority Personnel under high priority can also include - Inactive personnel who have an “offboarded” status Mark offboarded personnel as inactive

Frequently Asked Questions (FAQ)

I accidentally changed a user to be an auditor and need them to be an employee instead, but now I can't find them?

  • Any users that are marked as non-employee or auditor are placed in the Non-Personnel tab of the Personnel page. 
  • To mark them as an employee again, simply find the user, click the 3-dot menu on the right, and select Mark as Employee.

If a employee is detected as Offboarded in Secureframe, is there anything specific I need to do?

  • If an employee is detected as Offboarded in Secureframe, it's suggested that the admin reviews the user's connected services to ensure access to other tools and accounts is deprovisioned. Once this is confirmed, the admin can mark the user as inactive.
  •  Secureframe will also provide a Active account(s) status, which means we detected this user has active accounts. Please ensure these accounts are deactivated.

What does non-personnel mean? What is the difference between non-personnel an inactive personnel?

  • Non-personnel typically refer to service accounts, like fax@domain.com or contact@domain.com. These are not real people, but emails attached to applications. 
  • Other types of non-personnel might be an Auditor who has access to your instance for the purpose of an audit. They are not subject to employee or contract tasks, so they are another good example of non-personnel.
  • The difference between inactive and non-personnel is that inactive employees are real personnel who may not longer work for your organization, non-personnel are typically service accounts.  Depending on your look back period, or framework objective, you may still required to account for compliance against employees who are no longer employed. 

 

 

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.