Firm Foundation HR Newsletter - August Edition
As we navigate through the summer heat, it's crucial to stay informed about new regulations and best practices to ensure a safe and productive workplace. This month, we focus on critical updates from Cal/OSHA, lessons learned from the recent CrowdStrike outage, and the importance of protecting employee sensitive information.
Regulatory Update: Indoor Heat Illness Prevention
The California Division of Occupational Safety and Health (Cal/OSHA) has issued new regulations requiring employers to protect workers from heat illness in indoor workplaces where the temperature reaches or exceeds 82° F. These regulations are effective immediately.
Key Requirements:
Access to Potable Water: Fresh, cool, and free of charge, located close to work and cool-down areas.
Cool-Down Areas: Temperature below 82° F, shielded from the sun, large enough to accommodate resting workers, and close to work areas.
Preventative Cool-Down Rest Periods: Encourage and monitor workers, especially during heat waves.
First Aid and Emergency Response: Immediate action for workers showing heat illness symptoms, including contacting emergency medical services.
Observation During Acclimatization: Close monitoring of new workers and all workers during heat waves for a 14-day period.
Training: Comprehensive training for workers and supervisors on heat illness risk factors, prevention, and emergency procedures.
Employers must also establish an effective Indoor Heat Illness Prevention Plan (IHIPP), including tailored procedures for drinking water, cool-down areas, rest periods, emergency response, and training.
Next Steps:
Review the full regulations and Cal/OSHA resources.
Ensure compliance to protect your workforce from heat illness.
An IHIPP must be specific and customized to the employer’s operations. Cal/OSHA has created a model plan that employers may use but must tailor to their operations.
Cyber Outage: Lessons for Payroll Professionals
Recently, a significant outage from a leading cybersecurity firm, highlighted the importance of preparedness and resilience in payroll operations. Here's what payroll professionals can learn from this event and steps to mitigate future issues:
Lessons Learned:
Dependence on Cloud Services: The outage underscored the risks of relying solely on cloud-based services for critical operations like payroll.
Incident Response Plans: It highlighted the need for robust incident response plans that include contingencies for service disruptions.
Preventive Measures:
Backup Systems: Implement on-premises backups or alternative cloud services to ensure payroll operations can continue smoothly during an outage.
Regular Testing: Conduct regular disaster recovery and business continuity tests to ensure all systems function as expected during a disruption.
Clear Communication Channels: Establish and maintain clear communication channels with employees about potential delays and alternative arrangements during outages.
Vendor SLAs: Review service level agreements (SLAs) with payroll service providers to understand their commitments and response times during incidents.
Future-Proofing Payroll Operations:
Diversify Vendors: Consider using multiple options/vendors for different aspects of payroll processing to reduce the risk of total service disruption.
Employee Training: Train payroll staff on manual processing methods and emergency protocols to ensure continuity during digital disruptions.
Regular Updates: Keep all systems and software updated to the latest versions to mitigate security risks and enhance functionality.
By implementing these strategies, payroll professionals can ensure resilience and continuity in their operations, even in the face of unexpected service outages.
Protecting Employee Sensitive Information
In today's digital age, safeguarding employee sensitive information is more critical than ever. Here are some best practices to enhance your data security:
Implement Strong Access Controls:
Role-Based Access: Ensure employees only have access to information necessary for their role.
Multi-Factor Authentication (MFA): Add an extra layer of security to your systems.
Regular Training and Awareness:
Data Protection Policies: Regularly update and communicate your data protection policies.
Phishing Awareness: Train employees to recognize and report phishing attempts.
Secure Data Storage and Transmission:
Encryption: Encrypt sensitive data both in transit and at rest.
Regular Backups: Perform regular backups and store them securely.
Monitor and Audit:
Regular Audits: Conduct regular audits to identify and address vulnerabilities.
Real-Time Monitoring: Implement monitoring tools to detect and respond to security incidents promptly.
By adopting these practices, you can significantly reduce the risk of data breaches and ensure the safety of your employees' sensitive information.
Stay Informed and Compliant
Keeping up with regulatory changes and best practices is essential for a safe and productive workplace. Make sure to stay informed and take proactive steps to comply with new regulations and protect your employees.
Thank you for reading this month's edition of the Firm Foundation HR Newsletter. Stay cool, stay safe, and stay compliant!
Firm Foundation HR
Helping You Build a Strong Workforce
For more information and resources, visit our website or contact us directly.
Disclaimer: This newsletter is for informational purposes only and does not constitute legal advice. Please consult with a legal professional for specific advice regarding your business.
Thank you,
Natalie Guillen
VP of HR
Email: [email protected]
iPhone (714) 675-2487 I e-Fax (949) 271-3688 I Office 1 (949) 900.6977
3 Polaris Way, 4th Floor, Aliso Viejo, CA 92656
“ Plans fail when there is no counsel, but with many advisers they succeed.” Proverbs 15:22
This communication including attachments is for the exclusive use of the addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient please notify the sender immediately by return email, delete this communication and destroy all copies. God Bless You.