Nested Knowledge has a responsibility to educate our personnel on security practices and to comply with federal regulations related to Information Security awareness. This policy describes our plan to educate users on the importance of security.

This policy affects all employees, contractors, and consultants of Nested Knowledge.

Nested Knowledge distributes security policies to all employees and contractors as part of their training. When policies are updated, we ensure that all employees have ready access to the most recent version. All employees with roles in incident response, data protection, or data recovery must sign off on the corresponding policy. We require all remote employees to review the remote access policy.

Employee training requirements are based on the data classification system. All employees and contractors will be provided with our data protection policy. Those who deal with confidential data, restricted use data, or high-risk personal data will be required to demonstrate understanding of our data protection procedures.

Employees who fail to review and comply with our information security policies, including the access control and incident management policy, will be issued a warning and required to demonstrate comprehension of security rules and procedures. Continued failure may result in disciplinary action.