Professional Documents
Culture Documents
PHRI Mod 6
PHRI Mod 6
2016 Edition
Skills & Knowledge: 05. Health and safety practices (for example, emergency evacuation
procedures, ergonomic evaluations, safety-related behaviors)
Introduction
Human resource (HR) professionals deal with issues such as health workforce
information, research, planning and management. In recent years, there has been a
raised awareness of the critical role HR has in strengthening health system
performance and improving health outcomes. Human resources functions are
identified as one of the core building blocks of a health system. The World Health
Organization defines human resources in health as ―all people engaged in actions
whose primary intent is to enhance health‖ (World Health Organization 2006).
3
Module 6: Health, Safety and Security Section 6.1: Employee Health
You can reduce your organization’s health risks by understanding potential risks
and working with the leaders in your organization to identify preventive policies
and programs.
Infectious Diseases
Infectious diseases, also known as communicable diseases, are caused by
pathogenic microorganisms, such as bacteria, viruses, parasites or fungi; the
diseases can be spread directly or indirectly from one person to another.
An epidemic can take an economic toll through lost workforce productivity and
can strain health services. With many employees traveling internationally,
monitoring and controlling infectious diseases has become a crucial health issue.
Let’s look closely at four infectious diseases and discuss ways in which
organizations can reduce risks (see Figure 2-1):
Influenza
Hepatitis B
4
Module 6: Health, Safety and Security Section 6.1: Employee Health
Malaria
Acquired Immune Deficiency Syndrome (AIDS)
Disease Description
Hepatitis B Hepatitis B is a viral infection that attacks the liver and can
cause both acute and chronic disease. The virus is transmitted
through contact with the blood or other body fluids of an
infected person—not through casual contact.
5
Module 6: Health, Safety and Security Section 6.1: Employee Health
Disease Description
6
Module 6: Health, Safety and Security Section 6.1: Employee Health
Disease Description
7
Module 6: Health, Safety and Security Section 6.1: Employee Health
8
Module 6: Health, Safety and Security Section 6.1: Employee Health
The World Health Organization (WHO) has several resources you can access to
help monitor disease outbreaks and other health issues across the globe. Figures
2-2, 2-3 and 2-4 describe some of the resources available on the WHO’s website
at http://www.who.int.
9
Module 6: Health, Safety and Security Section 6.1: Employee Health
10
Module 6: Health, Safety and Security Section 6.1: Employee Health
Global Warming
You may be wondering, ―What does global warming have to do with HR?‖ Well,
when organizations offer concern for the health of the environment, they are
contributing to the well-being of their employees. This situation is especially true
for those workers who have to cope with increasing fuel prices and dense traffic
while commuting.
Chemical Agents
11
Module 6: Health, Safety and Security Section 6.1: Employee Health
Figure 2-5. Chemicals of Public Health Concern (World Health Organization, Preventing
Disease through Healthy Environments: Action Is Needed on Chemicals of Major Public Health
Concern 2010)
Dust, fumes, gases, toxic materials, carcinogens and smoke are all ways in which
chemicals can directly affect humans. If your workforce is at risk, your
organization needs to take action. Let’s look more closely at the use of pesticides
and tactical ways in which an organization can reduce harmful risks.
Overview of Pesticides
Not all pesticides are safe. Impurities formed during the manufacture of a
pesticide or by interaction in unstable formulations can increase product toxicity
to humans and the environment.
Effects from pesticides can range from simple irritation of the skin and eyes to
more severe effects such as affecting the nervous system or causing reproductive
problems or cancer.
12
Module 6: Health, Safety and Security Section 6.1: Employee Health
If you are questioning the safety of pesticide exposure or use, be sure to research
associated risks.
In 2009, the Pesticide Data Sheets were prepared by the World Health
Organization (WHO) along with the Food and Agriculture Organization of the
United Nations (FAO) and give basic toxicological information on individual
pesticides.
The Pesticide Data Sheets can be accessed from the World Health
Organization’s website at http://www.who.int/ipcs/publications/pds/en/.
Physical Agents
In his book, The Manager’s Guide to Health & Safety at Work, Jeremy
Stranks identifies important physical agents and associated risks. Figure 2-6
provides several examples.
Heat stroke
Temperature Heat cataracts
Miner’s nystagmus
Lighting
Radiation sickness
Decompression sickness
Pressure
13
Module 6: Health, Safety and Security Section 6.1: Employee Health
Writer’s cramp
Repetitive movements
Biological Agents
Biological agents have the ability to threaten human health in a variety of ways,
ranging from relatively allergic reactions to serious medical conditions, even
death. These organisms are present in nature and can be found in water, soil,
plants and animals. Biological agents are a potential danger because many
reproduce rapidly and require minimal resources for preservation. Figure 2-7
provides examples of biological agents and associated risks.
14
Module 6: Health, Safety and Security Section 6.1: Employee Health
Natural Disasters
The powerful earthquake that hit off the northeastern coast of Japan in March
2011 offered an unfortunate reminder that disaster awareness and emergency
preparedness is critical for organizations around the world.
The threats of natural disasters are often determined by geographic location and
populations at risk. Many resources are available that categorize and identify risk
profiles for specific regions. Figure 2-8 is taken from the Annual Disaster
Statistical Review 2009 and summarizes the number of natural disasters that
occurred by region from 2000 through 2009.
Figure 2-8. Number of Natural Disasters per Region (Vos, et al. 2010)
The Annual Disaster Statistical Review 2009 report may be accessed from the
following web link:
http://reliefweb.int/sites/reliefweb.int/files/resources/7C4BB2DD1D0F292AC125
774D004254C5-CRED_Jun2010.pdf
15
Module 6: Health, Safety and Security Section 6.1: Employee Health
For HR, risk assessment is essential for planning purposes. Human health risk can
be mitigated by the level of preparedness or capacity of the community and
organization at risk. Figure 2-9 provides a calculation for evaluating proportional
risk levels.
In the Employee Security section, we will discuss HR’s role with emergency
preparedness and response.
16
Module 6: Health, Safety and Security Section 6.1: Employee Health
Cost Benefits
The trend toward increasing health and wellness programs coincides with growing
evidence that these programs are providing a return on investment (ROI) and
driving down costs. Organizations are recognizing that preventing illnesses is less
expensive than treating them and that they can help reduce costs by increasing
their program offerings.
17
Module 6: Health, Safety and Security Section 6.1: Employee Health
There are a number of ways you can incorporate wellness programs within your
organization.
There are many ways you can incorporate nutrition and fitness programs in the
workplace. Here are several ideas for workplace nutrition and fitness programs:
If your building has stairs, you may suggest using the stairs instead of
taking the elevator.
Try a Walk to Work Day for employees who live nearby.
Suggest a lunchtime group walk.
Bring in a fitness professional to help devise a program for the group
and/or individuals. Perhaps the fitness professional can measure progress
over a period of time.
Subsidize memberships at a fitness club near the office.
Offer yoga classes as a healthy, therapeutic and team-building form of
exercise.
Provide storage for bicycles.
Sponsor a company team or arrange regular activity nights.
18
Module 6: Health, Safety and Security Section 6.1: Employee Health
Allow flexible working hours to let personnel fit in exercise time before or
after work.
Provide handbooks for employees to find out more about the various
options open to them.
Install showers in the office.
Implement a fitness challenge to promote sustainable improvement.
(Natural Healthcare Canada n.d.)
Health Screenings
Workplace screenings offer employees a chance to test for overall health risks
while at work. Some of the more popular screenings include the following:
Cholesterol screenings
Glucose screenings
Blood pressure screenings
Body composition analysis
Pulmonary function screenings
Prostate cancer screenings
Hepatitis vaccinations
Vaccinations
Tuberculosis skin tests
Hearing
Vision screenings
Vision Screenings
Let’s explore vision screenings in more detail and examine how a quick fifteen-
minute test can prevent blindness and other eye diseases.
An eye exam conducted by a licensed eye care professional can detect the early
signs of eye disease and uncover evidence of other diseases, including diabetes or
hypertension.
19
Module 6: Health, Safety and Security Section 6.1: Employee Health
Typically, the screener will ask for information about the employee’s medical
history, age and other questions to assess risk for eye problems. Next the screener
conducts the exam and checks problems seeing far and close and the ability to
focus. If a certified vision screener detects a possible problem, the screener will
advise you to make an appointment with an eye doctor for a full eye exam.
Considering that good eyesight and visual health leads to increased productivity at
work, the return on investment for this screening can be significant.
There are three major considerations for workplace screenings: safety, privacy
and budget.
20
Module 6: Health, Safety and Security Section 6.1: Employee Health
In his book, The Manager’s Guide Health & Safety at Work, Jeremy Stranks
concludes that:
The biggest challenge for making wellness programs work is getting employees to
participate. Often employees think involvement can get in the way of job
opportunities and even promotions. Employees may think, ―If I sign up for the
Heart Health seminar, my boss won’t think I have the stamina for a management
position.‖ Employees may also be discouraged to participate if they are fearful
that personal information will be made public.
You may also think about offering incentives for participation, from decreasing
employees' co-pays to giving gifts and bonuses. Communicate that your
organization values good health and that good health can also reduce health care
21
Module 6: Health, Safety and Security Section 6.1: Employee Health
costs. Posters, social media platforms, e-mail, and meetings are several ways in
which you can promote nutrition and health initiatives.
If you poll employees across organizations, you’ll likely find there is never a
complete balance between work and life because of conflicting responsibilities
and commitments. However, organizations that provide flexible and supportive
programs to assist employees find they can better maintain employee morale,
which directly ties to better productivity.
In some countries, legislation may impose guidelines for some work/life balance
programs. An example is child care programs. Some governments are setting the
policy framework for child care that meets diverse needs, including those of
workers and employers. Benefits of such programs can include the following:
An increase in resources for child care
Encouragement of partnerships and innovation
Improved responsiveness to parents’ needs
Support for woman’s labor force participation (International Labour
Organization 2011)
22
Module 6: Health, Safety and Security Section 6.1: Employee Health
Telecommuting
Many organizations are concerned about productivity when employees work from
home, yet some studies show that employees can be more productive when
working remotely. With telecommuting, employees can avoid office distractions
and add to productivity hours without the commute.
Telecommuting doesn’t work for everyone, and certain employees perform better
in the well-structured office environment. For this reason, when hiring employees
who will work remotely, it is important to find candidates capable of creating
their own structure.
When supervisors cannot see employees, they may need to change their
management style. Agreeing on clear and structured goals can help manage the
relationship (Society for Human Resource Management 2011).
Flexible Schedules
There are many alternatives to a traditional workweek. Many of them have been
in practice for some time but are now being recognized as flexible or alternative.
Examples of flexible work hours are as follows.
23
Module 6: Health, Safety and Security Section 6.1: Employee Health
employee’s productivity and fit within the organization before hiring or to meet
long-term staffing needs.
Compressed workweeks are more common in the health care, production and
manufacturing industries. Some employers offer compressed workweeks to
employees during the summer (Dressler 2008).
24
Module 6: Health, Safety and Security Section 6.1: Employee Health
Practice Questions
4. Your manager is considering sponsoring a vision screening for all employees. Who should
conduct the screening?
a. A CPR-certified professional
b. Managers who have completed the necessary training
c. HR professional
d. Qualified and licensed professional
25
Module 6: Health, Safety and Security Section 6.1: Employee Health
26
6.2: Employee Safety
04. Complete tasks for employees who are returning to work after a
long absence (for example, after giving birth, after an injury,
returning with medical issues)
Skills & Knowledge: 02. Policies and programs for paying workers who take a leave of
absence (for example, medical leave, maternity leave, injury
leave, or leave due to a death in the family)
Introduction
Workplace safety is no longer an advantage of working for a compassionate
employer. In today’s organization, safety policies are mandated and recognized by
employers as a way to sustain profitability, provide competitive advantages and
stay out of the courtroom. In fact, safety initiatives and events such as the World
Day for Safety and Health at Work sponsored by the International Labour
Organization (ILO) are becoming more widespread and demonstrate that our
cultures, communities and employers value the safety of our workers.
Since 2003, the ILO has observed on April 28 the World Day for Safety
and Health at Work, which promotes the prevention of accidents and
diseases at work, capitalizing on its traditional strengths of tripartism and
social dialogue.
Safety refers to freedom from hazard, risk or injury for employees on the job. As
discussed in Section 6-1, laws and regulations help create safety and health
standards, yet how an organization interprets and enforces those is often part of
HR’s responsibilities. In this section, we will explore safety risks, suggestions for
preventive measures and best practices for maintaining and managing a safe
workplace environment.
29
Module 6: Health, Safety and Security Section 6.2: Employee Safety
Workplace Accidents
In 2010, thirty-three Chilean workers were trapped in a mine for sixty-nine days.
Fortunately, this catastrophe ended well, and all the miners were saved. As a
result of the incident, Chilean President Sebastian Pinera ordered an overhaul of
Chile’s mine safety regulations and a renewed call to shut down decrepit mines.
This miraculous incident has become a symbol of survival and also a reminder to
consider the safety of employees within our own workplace environments.
Catastrophes such as the one in Chile and accidents on a smaller scale can lead to
the demise of an organization and loss of life. Figure 3-1 categorizes influencing
risk factors for workplace accidents.
30
Module 6: Health, Safety and Security Section 6.2: Employee Safety
Influencing
Description
Risk Factors
Internal Internal influences refer to the nature of the task, the work
influences group, management goals, organizational style, leader’s style
and experience, employee orientation and new or antiquated
machinery.
31
Module 6: Health, Safety and Security Section 6.2: Employee Safety
Classifying Accidents
Applicable laws, regulations and your organization’s policies will determine how
to classify accidents. For example, in some organizations, an accident can result
from unsafe acts or unsafe conditions or a combination of both. Figure 3-2
further compares unsafe acts verses unsafe conditions.
Musculoskeletal Disorders
32
Module 6: Health, Safety and Security Section 6.2: Employee Safety
Ergonomics
Ergonomics is the proper design of the work environment to address the physical
demands experienced by employees. An ergonomist assesses three factors to
identify ways to reduce or eliminate accidents:
Physiological factors such as lighting and ventilation
Psychological factors such as fatigue and stress
Engineering design such as layout and tools
Lifting is an activity frequently done incorrectly, placing strain on the lower back
area and leading to potential workers’ compensation (remuneration) claims. Back
injuries are often painful and expensive cases, and to compound the problem, at
least half of the population will suffer from back pain during their working
careers.
An effective program to reduce and control back injuries can lead to a reduced
number of workers’ compensation claims as well as improve employee relations
and help reduce stress in the workplace.
Road Accidents
According to the European Transport Safety Council (ETSC), it is estimated that
in Europe six out of ten work-related fatalities result from road crashes, including
crashes while driving for work and while commuting to work.
33
Module 6: Health, Safety and Security Section 6.2: Employee Safety
The PRAISE project is making a difference in how the workplace addresses road
safety. The PRAISE project suggests organizations identify risk factors before
instituting a safety program. The following considerations can help determine an
organization’s level of risk and also identify action needed to keep employees safe
on the road:
Commuting mode: Employees may spend hours every day commuting to
and from work. Evaluate how employees commute to work and if there are
associated risk factors with cars, bicycles, ferries, walking, road conditions
and other considerations.
Working hours: Working and commuting during darkness and early
morning can double the risks of accidents. Besides fatigue, drivers can
misinterpret road conditions due to the darkness.
Traveling routes: Commuters and workers typically seek the quickest
traveling route that is not always the safest. This risk can be addressed by
providing information on safer alternatives.
Operating skills and behaviors: Consider what skills and behaviors are
needed to safely operate vehicles. Safety education programs on topics
such as traffic rules, speed, mobile phone use, braking distances, impact of
weather conditions and preparing for long journeys can reduce the risks of
accidents. (European Transport Safety Council 2010)
34
Module 6: Health, Safety and Security Section 6.2: Employee Safety
Workplace Violence
Stressors often lead to workplace violence. In today’s organization, stressors may
include reductions in workforce, hiring moratoriums, salary reductions, increased
workloads and longer hours.
Violent acts can occur in all industries and are perpetrated by workers who bully
other workers, customers who write menacing notes or refuse to leave the office
or discharged workers who return to the office. Having a zero-tolerance policy for
threats, harassment, intimidation and weapons possession provides employers
with legal support for future terminations and helps employees understand the
unacceptable behavior and its consequences.
35
Module 6: Health, Safety and Security Section 6.2: Employee Safety
The article encourages the start of social dialogues and strategies that can promote
awareness and build understanding among health personnel and others. When
people are conscious about the magnitude of this problem, they are more likely to
participate in programs that can make health care environments a safer place to
work (International Labour Organization n.d.).
Domestic Violence
In the case of domestic violence or stalking, the potential liability for the
employer is often greater because the organization is usually unaware of the
conflict between the employee and the person intent on revenge. Once on notice,
the employer should take reasonable precautions to protect the employee and
coworkers.
Figure 3-3. Strategies for Preventing Workplace Violence (continued to next page)
36
Module 6: Health, Safety and Security Section 6.2: Employee Safety
In the event of workplace violence, HR should respond quickly and in the best
interest of the safety of the employees. The first concern is to ensure the safety of
the employees and company property. Once the situation is under control, the
organization will need to review the situation to prevent a recurrence of violence
and to address the effect the violent act has had on company and employee
morale.
37
Module 6: Health, Safety and Security Section 6.2: Employee Safety
Terrorism
Terrorism is the use of force or violence against persons or property in violation
of the criminal laws for purposes of intimidation, coercion, or ransom. There are
two types of terrorism:
In-country terrorism involves groups or individuals whose terrorist
activities are without foreign direction.
International terrorism involves groups or individuals whose terrorist
activities are foreign based or whose activities transcend national
boundaries.
Kidnapping
Many business travelers are more careless about personal security than they are
about corporate security. As a result, terrorism and kidnapping have become a
major corporate concern, especially for executives. To prevent kidnapping,
executives should constantly be aware of their surroundings. If a risk exists for
family members, they should be appropriately advised.
Employers may take protective measures and retain crisis management teams. In
the event that a suspected kidnapping has occurred, the organization should
immediately establish contact with the appropriate government and law
enforcement agencies.
38
Module 6: Health, Safety and Security Section 6.2: Employee Safety
Accident Investigations
If an actual accident occurs, the employer must act. An accident is an undesired
event that results in physical harm to a person or in damage to property. It is an
unwanted interruption of a desired course of action.
39
Module 6: Health, Safety and Security Section 6.2: Employee Safety
Priorities at the Arrive safely and take Care for the injured.
incident scene charge. Protect others from
Observe the overall scene injury.
for safety upon arrival Remove onlookers
and evaluate the from the immediate
situation. area.
40
Module 6: Health, Safety and Security Section 6.2: Employee Safety
The process for an investigation should go beyond the unsafe act or condition and
look at system and management errors. It is important to follow a disciplined
process such as the approach outlined in the following four steps:
1. Learn why the accident happened.
2. Make changes that will prevent a repeat accident.
3. Document findings according to policy and applicable laws.
4. Communicate with the employee.
Learning why the accident occurred is essential and includes the investigation
itself, interviews and documenting your findings.
41
Module 6: Health, Safety and Security Section 6.2: Employee Safety
One way to obtain an accurate view of the accident scene is with photographs or
videotapes. However, recognize these may be used against your organization in a
related civil or criminal litigation.
Another way to obtain information about the accident is to interview the injured
employee, his or her supervisor and witnesses to the accident. The interviewer
attempts to determine what happened and how the accident was caused. These
interviews may generate some suggestions on how to prevent similar accidents in
the future. Depending on the severity of the injury, such interviews may need to
be conducted by or at the direction of legal counsel to ensure that attorney-client
privilege and/or the work product doctrine protect them.
The accident investigation report forms should address the items required by
upper management and necessary authorities. Reports that contain subjective
impressions of management or counsel should be held confidential, and
distribution should be tightly controlled to preserve all possible legal privileges. A
separate report, limited to factual information, may be prepared where necessary
for use with employees, third parties or government agencies.
42
Module 6: Health, Safety and Security Section 6.2: Employee Safety
All corrective actions must be documented as to how the correction was made,
when it was made and by whom. If possible, proof of the correction should also
be documented; for example, a picture of a corrected guard rail could be included
in the documentation.
Extended Absence
Management Support
HR professionals must gain senior management support for safety programs and
include management in the development, administration and evaluation of those
programs. Management policies can create a culture that either emphasizes safety
43
Module 6: Health, Safety and Security Section 6.2: Employee Safety
as an uncompromised goal for the workplace or, on the other extreme, tolerates
unsafe conditions or work practices.
44
Module 6: Health, Safety and Security Section 6.2: Employee Safety
HR Line Management
45
Module 6: Health, Safety and Security Section 6.2: Employee Safety
Practice Questions
2. In the event an employee is kidnapped, what is the first step an organization should
take in response?
a. The organization should immediately establish contact with the appropriate
government and law enforcement agencies.
b. The organization should contact the next of kin.
c. The organization should attempt to contact the kidnappers.
d. The organization should establish an action plan for next steps.
3. Who is best suited for setting safety goals, holding managers accountable for safety
and insisting on safety recordkeeping across the organization?
a. HR managers
b. Line managers
c. Senior managers
d. Employees
4. How can you ensure that an emergency preparedness plan is appropriate and
understood by employees?
a. Involve upper management in creating the plan
b. Test the plan
c. Keep the plan current
d. Have the plan reviewed by a third party
46
Module 6: Health, Safety and Security Section 6.2: Employee Safety
47
6.3: Workplace Security
Behaviors: 02. Track reports about injuries and crimes (for example, accidents,
theft, vandalism)
Skills & Knowledge: 04. Security risks in the workplace (for example, data or materials
theft, equipment theft, damage or destruction)
Introduction
The purpose for workplace security is to protect employees and the organization
from internal and external security risks. Workplace security risks vary depending
on an organization’s location, industry and its hours of operation. For some
organizations, securing technology and data present the biggest security risks,
while in other organizations theft and building access may be potential threats.
Some organizations may have an in-house security function or may use a third-
party provider to assist in security measures. In either case, HR should determine
how its role can support workplace security and what actions it needs to take to
keep employees safe at work.
49
Module 6: Health, Safety and Security Section 6.3: Workplace Security
During a risk analysis, the organization looks at its security risk factors, also
known as vulnerabilities. These risks can be specific to the organization.
Examples may include computer viruses, union strikes or vandalism. Next, the
organization examines the probability of occurrence.
Once the probability of occurrence is determined, the organization can assess the
impact or cost if a loss were to occur, including the following:
Cost to permanently replace lost or damaged assets
Cost to temporarily replace lost or damaged assets
Cost of related losses caused by the inability to carry on normal activities
Cost of loss of investment income from short-term expenses incurred to
meet these costs
The risk level of a loss can be evaluated in terms of four levels of criticality:
Level 1: Fatal to the organization
Level 2: Very serious
50
Module 6: Health, Safety and Security Section 6.3: Workplace Security
Assessing risk levels can help determine if the organization should invest in
security protection measures. Organizations usually look for the cost of protection
to be substantially less than the costs incurred without the protection. Figure 4-1
demonstrates a simple calculation used to determine whether investing in a
security guard and video surveillance is a financially good decision.
Physical security risks are possible dangers against tangible items such as
property, facilities, computer equipment, materials and even personnel. These
risks occur from unauthorized entry, trespass, damage, sabotage or other illegal
acts.
Nonphysical security risks are potential dangers against nontangible items such
as corporate data, consumer data, personnel data and intellectual property. There
are many ways in which these assets are threatened, and they are especially
vulnerable since many people have access.
51
Module 6: Health, Safety and Security Section 6.3: Workplace Security
Taking a pen here or there seems innocent enough; however, if your organization
has strict policies on using workplace materials for personal purposes, this small
infraction can be considered theft. Theft can be costly to organizations, especially
when theft expands into larger problems such as stealing computer equipment or
inflating expense reports.
The source of theft can be internal employees or external offenders. In either case,
HR plays a role in prevention.
From an HR perspective, there are a number of actions you can take to minimize
and prevent workplace theft, fraud and vandalism. Here are specific ways HR can
help minimize workplace offenses:
Implement and support security measures. Security measures include
clearly identified and distributed policies and practices such as those listed
below:
o Track inventory through a system of checks and balances.
o Implement authorization controls to determine how financial
transactions are initiated, authorized, recorded and reviewed.
o Separate duties among employees for recording and processing
financial transactions (Buckhoff and Morris 2002).
Establish hiring practices that include background checks. Complete a
thorough investigation and background check when hiring employees
(Evans 2010).
Establish policies on theft and fraud. An effective policy should address
the most common forms of employee theft (Buckhoff and Morris 2002).
Educate employees about fraud . Inform your employees about policies
and procedures related to theft and fraud (Evans 2010).
52
Module 6: Health, Safety and Security Section 6.3: Workplace Security
Financial Auditing
As companies around the world trend toward wireless networking and the use of
smart phones, like Blackberries or iPhones, appropriate security methods must be
considered. Information technology managers and systems specialists already face
enormous challenges in providing security for Windows and Mac computer
environments. Now factor in the various mobile devices, and the potential for risk
escalates.
The issue of data security for HR professionals involves two relevant areas:
Protecting organization-wide information such as client lists and databases
Protecting personnel files and data
Both of these issues are at risk if appropriate safeguards and practices are not in
place. Figure 4-2 lists the technology-related components, potential risks and
influences these risks can have on an organization.
53
Module 6: Health, Safety and Security Section 6.3: Workplace Security
54
Module 6: Health, Safety and Security Section 6.3: Workplace Security
Cyber Criminals
Cyber criminals have created a number of tactics to break into systems to get the
information they want. In some cases, the criminal is not looking for information
but simply the ability to hack into as many systems as possible.
Cyber criminals are hard to catch because many organizations report that their
systems were hacked long before the issues was realized. If your systems are not
properly guarded, it is easy for cyber criminals to access your systems. A risk
assessment can help determine your systems’ vulnerabilities.
Identity Fraud
Some of the most sensitive and private information about an individual, from
health records to financial data, is one reason why identity fraud is becoming
more prevalent in the workplace. Personnel files, benefits information and payroll
and tax records all typically reside in the HR department and can be an ideal
target for identity thieves. Coupled with computerized storage of records, the
frequency and severity of incidents of identity fraud in the workplace have
increased.
HR professionals can help safeguard against identify fraud through the following
measures:
Monitor news and professional sources for fraudulent schemes.
Implement basic practices to minimize identity fraud.
Stay current on legislative and regulatory developments.
55
Module 6: Health, Safety and Security Section 6.3: Workplace Security
For those organizations that allow online shopping from workplace systems,
ISACA advises, ―…those shopping online not to allow sites to save their
username or password, to use separate browser sessions for online shopping vs.
work-related browsing and to delete cookies from the computer after shopping.‖
(Society for Human Resource Management, Online Shopping Poses Threats to
Employers 2008)
Social media networks present another channel for risk. Social media are defined
as any web-based applications that allow people to share information to an entire
network. The network can be user controlled, like Facebook, or open, like
YouTube. Social media differ from e-mail and websites. Examples include
LinkedIn, Facebook, Twitter, Hyves, YouTube and various web logs, or blogs.
Figure 4-4 summarizes the possible advantages and disadvantages with social
media from the Society for Human Resource Management.
56
Module 6: Health, Safety and Security Section 6.3: Workplace Security
57
Module 6: Health, Safety and Security Section 6.3: Workplace Security
Across the world, laws, regulations and guidelines are being enforced to protect
consumers and also employees. One example is the ISO/IEC 27000 series. This
information security standard was published by the International Organization for
Standardization (ISO) and by the International Electrotechnical Commission
(IEC) and entitled Information Technology - Security Techniques - Code of
Practice for Information Security Management.
You can access detailed information on the ISO/IEC 27000 standards from
http://www.iso.org/iso/home.html.
58
Module 6: Health, Safety and Security Section 6.3: Workplace Security
Discard the data responsibly once the need for it has expired.
Create a culture in which employees, including HR employees, understand
the importance of data security and abide by company policy.
Educate employees on policies regarding secure data. For example, if
encrypting data will offer a more secure data environment, provide training
on this process.
Ensure that laptop computers have current anti-virus subscriptions.
Have an active personal firewall to protect laptops from clients’ networks.
Use company laptop computers for business purposes only.
(Society for Human Resource Management, By Protecting Client Data,
Consultants Protect Themselves 2008)
When employees are traveling or working remotely, risks for stolen data and
equipment greatly increase. HR should work with systems and technology
professionals to establish procedures for storing sensitive data on laptops and for
using public wireless networks. Additionally, HR should set up best practices for
transporting equipment from location to location, especially at airports. It is often
best practice to carry a laptop onto an airplane rather than to check it with
luggage.
Intellectual Property
59
Module 6: Health, Safety and Security Section 6.3: Workplace Security
Beyond these steps, management at all levels must exert a positive influence on
the protection of a company’s proprietary information. This positive influence
must come from the top, with a strong statement from the CEO or president
supporting a proprietary information policy. This policy should identify the types
of corporate proprietary information that are protected and the steps to be
followed in preserving confidentiality.
60
Module 6: Health, Safety and Security Section 6.3: Workplace Security
Practice Questions
1. An accounting method used to detect fraud by looking for business practices that may
not be part of the norm is called which of the following?
a. Forensic accounting
b. Financial accounting
c. Fraud accounting
d. Isolation accounting
3. When investigating an accident, what should the investigator do when the reporter is
anonymous?
a. File the report until the reporter can be identified.
b. Make a good faith effort to substantiate the information.
c. Ask employees if they can help identify the reporter.
d. Take action only on facts based in the report.
61
Module 6: Health, Safety and Security Section 6.3: Workplace Security
62