Internal HR processes in a startup are necessary at a specific point in your lifecycle. A lot of people discuss the numbers, but that differs from one person to another. At the end of the day, we want to save as much money as possible.
HR processes are needed once you have people that you do not manage, but other people do.
I am not saying that you would not trust other people, but sometimes, having a clear-cut policy will help everyone know what the do's and don'ts are.
Internal HR processes can be defined into three main categories
- On-boarding and Off-boarding team members;
- Employee lifecycle;
- Security compliance;
For every single one of these categories, there should be one person that is responsible, which makes clear-cut decisions and is aware of how to handle everything. If that person will be you for all three categories, then I would say that you will need to delegate it, because alternatively, you do not need these processes.
On-boarding and Off-boarding team members
On-boarding = new hires coming in; Off-boarding = people leaving
Document the processes when people join the company:
- Someone should explain to them how everything works,
- someone should be in charge to give them all the accesses that they need and most especially
- someone should make sure that they have shared with you all the necessary information that you are legally compliant to get (think here TaxID, IBAN for the bank transfer, pension information)
Also document the processes when people are leaving the company:
- Someone should be in charge to remove all the accesses as they will not be an employee anymore.
- someone should clearly take over their duties, so a handover is needed and most importantly
- someone should make sure that they are provided all the necessary paperwork and sign off that they are good to leave.
This is HR talk for how employees behave in the workplace or remote during their working hours. The core components to take care of are:
- Working hours, location, and flexibility
- What happens when they are sick, can’t make it to work, or out of a sudden need to leave
- IF remote, from where they can work and for how long (not to control them, but usually if they work remote for more than 6 months in another country, they will be tax compliant with that other country and you might have to make adjustments as well)
- How they can take vacations and the required notice and most importantly
- what happens when there is an issue and they are not comfortable with something
I can't stress this enough! Sometimes you may not need it, but the more people you hire, the more diverse their security know-how is. From their favorite password is "password" to storing somewhat non-important looking ID's which end up being API keys.
Unfortunately, on a young startup, a lot of corners are cut, as sometimes you are creating a PoC or an MVP with the least amount of resources. More often than not, security is last on the to-do list (which is completely reasonable).
At least try to patch some of the holes by minimizing human error:
- Introduce two-factor authentication in most of the systems that you work with - and most of the services that you will store information, offer that to you.
- Appoint a security officer - fancy terms for someone that takes special attention to security and users and most importantly
- BACKUP the most important information
It looks easy and common sense, but are you really doing all these?