The business policies and procedures of VMware support the security processes. From the hiring process to ongoing personnel training, these procedures guide the development and operation of
VMware Cloud services.
Background Screening Employment candidates, contractors, and third parties are subject to background verification in accordance with the local laws, regulations, ethics, and contractual constraints. The pre-employment screening begins with the employee’s position and level of access to the service. The screening process also involves criminal background checks, as permitted by applicable law. Independent audit reports provide additional details regarding the controls applied for background verifications.
Employment Agreements, Training, and Termination According to the ISO 27001 standard, all VMware personnel must complete the annual security awareness training. Personnel supporting VMware managed services must complete additional role-based security training to perform their job functions securely. Compliance audits are periodically performed to ensure that employees understand and follow the established policies. All VMware employees must sign the confidentiality agreements at the time of onboarding. Also, after the candidates are hired, they must read and accept the Acceptable Use Policy and VMware Business Conduct Guidelines.
Workspace A formal security awareness training program guides personnel on maintaining appropriate security for VMware services. Access control, separation of duties, and other policies define which users are provided access to VMware Cloud services management systems, and serve as an integrity function for unauthorized access to tenant data.
Policy The policies and procedures of VMware establish and maintain a safe and secure working environment. VMware personnel and the third parties involved receive VMware Business Conduct Guidelines and Security Awareness training on the policies, standards, and procedures.
Asset Management VMware maintains inventories of critical assets including asset ownership and critical supplier relationships.