SW
Swedwise
[User Login]
← Back to IMS Documents
DraftInternalISO 9001ISO 14001ISO 27001

SW-IMS-ROLE-009

Employee IMS Responsibilities

Version

1.0

Owner

IMS Owner

Effective Date

TBD

Review Date

TBD

Role: Employee IMS Responsibilities

Document ID: SW-IMS-ROLE-009-v1.0
Effective Date: [TBD]
Review Date: [TBD]
Applies to: All Swedwise employees, contractors, and consultants

Role Summary

This document defines the Integrated Management System (IMS) responsibilities that apply to all employees at Swedwise AB, regardless of position or department. Every employee plays a vital role in maintaining Swedwise's commitments to quality (ISO 9001), environmental management (ISO 14001), and information security (ISO 27001).

These responsibilities support Swedwise's brand promise: "Make Time For The Good" - by working efficiently, responsibly, and securely, we create time for what matters most.

Who This Applies To

This role description applies to:

  • All permanent employees (full-time and part-time)
  • Consultants (working at customer sites or internally)
  • Contract staff (temporary employees, contractors)
  • Interns and trainees
  • Remote and office-based workers

These responsibilities apply from day one of employment and continue throughout employment at Swedwise.

Core IMS Principles for All Employees

Every Swedwise employee is expected to:

  1. Understand your responsibilities under the IMS
  2. Comply with IMS policies and procedures
  3. Report issues, incidents, and improvement opportunities
  4. Participate in training and awareness activities
  5. Support audits and improvement initiatives
  6. Act responsibly in quality, environmental, and security matters
  7. Ask questions when unsure about requirements or procedures

General IMS Responsibilities

1. Policy Awareness and Compliance

Responsibility:

  • Read and understand Swedwise's IMS policies
  • Comply with all applicable IMS policies and procedures
  • Follow work instructions and guidelines relevant to your role
  • Ask your manager or IMS Owner if you don't understand a policy
  • Report difficulties in complying with policies (to help improve them)

Key Policies (minimum awareness required):

  • Integrated Management System Policy
  • Information Security Policy
  • Quality Policy
  • Environmental Policy
  • Acceptable Use Policy
  • Data Protection Policy

What this means in practice:

  • You know where to find Swedwise's policies
  • You read policies relevant to your work
  • You follow procedures even when it's inconvenient
  • You raise concerns if policies are unclear or impractical

2. Training Completion

Responsibility:

  • Complete all mandatory training within required timescales
  • Participate actively in training sessions
  • Apply learning from training in your daily work
  • Request additional training if you need it
  • Maintain required competencies for your role

Mandatory Training (all employees):

  • IMS Awareness (during onboarding)
  • Information Security Awareness (annual)
  • Environmental Awareness (annual)
  • Quality Awareness (during onboarding)
  • Data Protection / GDPR Awareness (annual)
  • Role-specific training (as assigned)

Typical Timeframes:

  • Onboarding training: Within 2 weeks of starting
  • Annual refresher training: Within 1 month of due date
  • Role-specific training: Within 3 months of role change

What this means in practice:

  • You complete training courses when assigned
  • You don't skip through training without reading/watching
  • You ask questions if training content is unclear
  • You apply what you learned in your daily work

3. Incident Reporting

Responsibility:

  • Report incidents immediately to your manager and/or relevant IMS role
  • Report near-misses (incidents that almost happened)
  • Provide accurate information about incidents
  • Cooperate with incident investigations
  • Implement lessons learned from incidents

Types of Incidents to Report:

  • Quality Incidents: Customer complaints, service delivery issues, errors, defects
  • Security Incidents: Data breaches, lost devices, suspicious emails, unauthorized access, malware
  • Environmental Incidents: Spills, improper waste disposal, environmental non-compliance
  • Health & Safety: Injuries, near-misses, unsafe conditions
  • Policy Violations: Observed violations of IMS policies

When to Report:

  • Immediately: Security incidents, data breaches, serious quality/environmental issues
  • Same day: Customer complaints, policy violations
  • As soon as practical: Near-misses, minor issues, improvement suggestions

How to Report:

  • Security incidents: Email CISO or use incident reporting form (urgent: call CISO)
  • Quality issues: Inform your manager or Quality Lead
  • Environmental issues: Inform your manager or Environmental Lead
  • General incidents: Inform your manager

What this means in practice:

  • If you see something wrong, you say something
  • You report incidents honestly, even if uncomfortable
  • You don't try to hide mistakes or problems
  • You help prevent future incidents by sharing what happened

4. Information Security Responsibilities

Responsibility:

  • Protect information assets (data, documents, systems)
  • Follow information security policies and procedures
  • Handle confidential information appropriately
  • Report security incidents and suspicious activity
  • Maintain security awareness and vigilance

Specific Security Responsibilities:

Passwords and Authentication:

  • Use strong, unique passwords for all systems
  • Never share passwords with anyone (including colleagues, IT support)
  • Enable multi-factor authentication (MFA) where required
  • Lock your device when stepping away from your desk

Device Security:

  • Keep devices (laptops, phones, tablets) physically secure
  • Don't leave devices unattended in public places
  • Report lost or stolen devices immediately to CISO
  • Install security updates and patches promptly
  • Only use Swedwise-approved devices for work

Information Handling:

  • Classify information correctly (Public, Internal, Confidential, Restricted)
  • Handle confidential information according to classification policy
  • Don't send confidential information to personal email
  • Encrypt sensitive data when required
  • Properly dispose of confidential documents (shred or secure bin)

Email and Phishing:

  • Be cautious with unsolicited emails, especially with attachments or links
  • Verify sender identity before clicking links or opening attachments
  • Report suspicious emails to CISO immediately
  • Don't respond to requests for passwords or sensitive information via email

Remote Working:

  • Follow remote working security guidelines
  • Use secure networks (avoid public Wi-Fi without VPN)
  • Ensure privacy when discussing confidential matters
  • Keep work and personal activities separate on work devices

Customer Data and GDPR:

  • Only access personal data when necessary for your job
  • Don't share personal data without authorization
  • Respect data subject rights (access, deletion, correction)
  • Report data breaches immediately (within 1 hour of discovery)
  • Follow data retention and disposal procedures

What this means in practice:

  • You think before you click
  • You protect Swedwise's and customers' information
  • You lock your laptop when you leave your desk
  • You report suspicious emails immediately
  • You don't take shortcuts with security

5. Quality Responsibilities

Responsibility:

  • Deliver quality work that meets customer and Swedwise standards
  • Understand customer requirements for your work
  • Follow quality procedures and work instructions
  • Check your work before delivery/submission
  • Report quality issues and errors promptly

Specific Quality Responsibilities:

Customer Focus:

  • Understand who your customers are (external or internal)
  • Know what quality means for your work outputs
  • Meet customer requirements and expectations
  • Communicate proactively with customers
  • Represent Swedwise professionally at all times

Work Quality:

  • Perform work according to documented procedures
  • Double-check work, especially critical deliverables
  • Ask for help or clarification when unsure
  • Don't rush work at the expense of quality
  • Take pride in delivering quality outputs

Customer Interactions (customer-facing roles):

  • Be professional, courteous, and helpful
  • Listen actively to customer needs and concerns
  • Follow up on commitments made to customers
  • Escalate customer issues that you cannot resolve
  • Maintain positive customer relationships

Consultants Working at Customer Sites:

  • Represent Swedwise professionally and competently
  • Follow customer site policies and procedures
  • Report customer feedback (positive and negative) to Swedwise
  • Maintain Swedwise quality standards even at customer sites
  • Coordinate with Swedwise management on project issues

Error Handling:

  • Report errors honestly and promptly
  • Don't try to cover up mistakes
  • Help identify root causes of errors
  • Implement corrective actions to prevent recurrence
  • Learn from mistakes (yours and others')

What this means in practice:

  • You take pride in your work
  • You understand what "quality" means for your role
  • You check your work before submitting/delivering
  • You tell customers honestly if you can't meet expectations
  • You treat internal colleagues as customers too

6. Environmental Responsibilities

Responsibility:

  • Minimize environmental impact of your work activities
  • Follow environmental procedures and guidelines
  • Participate in environmental initiatives
  • Report environmental incidents and improvement opportunities
  • Promote environmental awareness

Specific Environmental Responsibilities:

Business Travel:

  • Choose environmentally friendly travel options when practical:
    • Prefer train over airplane for domestic/regional travel
    • Use video conferencing instead of travel when feasible
    • Combine trips to reduce overall travel
  • Book eco-friendly accommodations when possible
  • Car-share when traveling to the same destination
  • Report travel in expense system for environmental tracking

Office Environmental Practices:

  • Turn off lights, computers, and equipment when not in use
  • Use energy-saving modes on devices
  • Print only when necessary (prefer digital documents)
  • Print double-sided when printing is required
  • Properly sort waste (recycling, compost, general waste)
  • Minimize single-use plastics (use reusable bottles, cups)
  • Report energy waste or environmental concerns

IT Equipment and E-Waste:

  • Take care of IT equipment to extend lifespan
  • Report equipment issues promptly (don't let problems worsen)
  • Return old equipment to Swedwise for proper recycling
  • Don't dispose of electronics in general waste
  • Consider environmental impact when requesting new equipment

Remote Working Environmental Practices:

  • Optimize home office energy use (lighting, heating/cooling)
  • Consider environmental impact in home office setup
  • Follow same digital practices (minimize printing, energy saving)

Procurement (when purchasing on behalf of Swedwise):

  • Consider environmental criteria in purchasing decisions
  • Choose suppliers with environmental certifications when possible
  • Prefer durable, repairable, recyclable products
  • Minimize packaging waste

What this means in practice:

  • You take the train instead of flying within Sweden when feasible
  • You turn off your monitor when you leave for the day
  • You don't print emails unless necessary
  • You sort your waste properly
  • You think about environmental impact in your decisions

7. Audit Participation

Responsibility:

  • Participate in internal audits when requested
  • Provide honest and accurate information to auditors
  • Support external (certification) audits
  • Implement audit findings relevant to your work
  • Don't view audits as "checking up" but as improvement opportunities

What You May Be Asked to Do:

  • Answer questions about your work and IMS responsibilities
  • Demonstrate how you follow procedures
  • Show evidence of compliance (e.g., training records, work outputs)
  • Explain how you handle specific situations
  • Provide feedback on effectiveness of IMS

Audit Interview Tips:

  • Be honest and straightforward
  • It's okay to say "I don't know" or "I need to check"
  • Describe what you actually do, not what you think you should say
  • Provide examples from your real work
  • Ask for clarification if you don't understand a question

What this means in practice:

  • You make time for audit interviews when scheduled
  • You prepare by reviewing relevant procedures
  • You answer questions honestly
  • You don't panic or feel defensive
  • You view audits as opportunities to improve

8. Improvement Participation

Responsibility:

  • Suggest improvements to processes, tools, or ways of working
  • Participate in improvement initiatives
  • Support change initiatives even if initially uncomfortable
  • Share lessons learned and best practices
  • Contribute to Swedwise's continual improvement culture

How to Contribute:

  • Suggest improvements to your manager or IMS Owner
  • Participate in improvement workshops or working groups
  • Provide feedback on proposed changes
  • Share what works well (so it can be replicated)
  • Be open to trying new approaches

What Makes a Good Improvement Suggestion:

  • Identifies a real problem or opportunity
  • Is practical and feasible
  • Benefits customers, Swedwise, or the environment
  • Is specific enough to be actionable
  • Considers potential side effects

What this means in practice:

  • If you see a better way to do something, you speak up
  • You participate constructively in change initiatives
  • You share what works well, not just problems
  • You support your colleagues' improvement ideas
  • You embrace "test and learn" mindset

9. Escalation and Questions

Responsibility:

  • Ask questions when unsure about IMS requirements
  • Escalate issues that you cannot resolve
  • Seek clarification on policies or procedures
  • Report situations where compliance is difficult or impossible
  • Don't make assumptions - ask!

When to Escalate:

  • You're unsure how to handle a situation
  • A customer is asking for something that violates policy
  • You observe a serious policy violation
  • You cannot meet a commitment or deadline
  • You identify a significant risk

Who to Contact:

  • Your manager: First point of contact for most questions
  • IMS Owner: General IMS questions, policy clarifications
  • CISO: Information security questions or incidents
  • Quality Lead: Quality or customer satisfaction issues
  • Environmental Lead: Environmental questions or incidents
  • DPO: Personal data or GDPR questions
  • HR: Personnel or employment-related questions

What this means in practice:

  • You ask when you don't know
  • You don't assume "it's probably fine"
  • You escalate issues promptly, not when they become crises
  • You use good judgment about urgency and severity
  • You follow up to ensure issues are resolved

Responsibilities by Employee Type

Consultants Working at Customer Sites

Additional Responsibilities:

  • Represent Swedwise professionally at all times
  • Follow both Swedwise and customer policies (when stricter, follow customer policy)
  • Protect Swedwise and customer confidential information
  • Report customer feedback and market intelligence to Swedwise
  • Maintain connection with Swedwise despite being off-site
  • Complete Swedwise training and compliance activities
  • Separate Swedwise and customer information appropriately
  • Be aware of conflicts of interest

Remote Workers

Additional Responsibilities:

  • Maintain secure home office environment
  • Protect confidential information at home
  • Use secure network connections (VPN when required)
  • Ensure privacy during confidential calls/meetings
  • Maintain communication with team despite distance
  • Complete training and compliance activities remotely
  • Report home office security concerns

Managers and Team Leads

Additional Responsibilities:

  • Role-model IMS compliance for your team
  • Support team members in meeting IMS responsibilities
  • Ensure team understands and completes IMS requirements
  • Address non-compliance constructively
  • Foster improvement culture within your team
  • Communicate IMS changes to your team
  • See Department Manager role description (SW-IMS-ROLE-008) for full managerial responsibilities

Consequences of Non-Compliance

Swedwise expects all employees to take IMS responsibilities seriously. Non-compliance may result in:

  • Minor non-compliance: Coaching, training, corrective discussion
  • Repeated non-compliance: Formal feedback, performance management
  • Serious violations: Disciplinary action up to and including termination
  • Legal violations: Potential legal consequences (e.g., GDPR violations, security breaches)

Important Note: Swedwise encourages a "no-blame" culture for honest mistakes and incident reporting. You will not be penalized for:

  • Reporting your own mistakes
  • Reporting near-misses
  • Asking for help when unsure
  • Identifying problems or risks

Resources and Support

Where to Find Information

  • IMS Policies and Procedures: [Document repository location - TBD]
  • Training Materials: [Learning management system - TBD]
  • Incident Reporting: [Incident reporting form/system - TBD]
  • Contact Information: [IMS roles contact list - TBD]

Getting Help

If you're unsure about any IMS responsibility:

  1. Check the relevant policy or procedure
  2. Ask your manager
  3. Contact the IMS Owner or relevant IMS role
  4. It's always better to ask than to guess

If you need support to comply:

  • Discuss with your manager (time, resources, training needs)
  • Contact IMS Owner if systemic barriers exist
  • Suggest improvements to make compliance easier

Success Indicators

You are successfully fulfilling your IMS responsibilities when:

  1. Awareness: You know your IMS responsibilities and where to find information
  2. Training: You complete all training on time and apply it in your work
  3. Compliance: You consistently follow IMS policies and procedures
  4. Reporting: You promptly report incidents, issues, and improvements
  5. Quality: Your work consistently meets quality standards
  6. Security: You protect information and follow security practices
  7. Environment: You minimize environmental impact in your activities
  8. Engagement: You actively participate in IMS activities and improvements
  9. Communication: You ask questions and escalate appropriately
  10. Culture: You contribute to a positive IMS culture at Swedwise

Acknowledgment

Upon receiving this role description during onboarding or following updates, employees are expected to:

  • Read this document thoroughly
  • Ask questions about anything unclear
  • Acknowledge understanding (via training system or signed acknowledgment)
  • Fulfill responsibilities from day one

Document Control

Version Date Author Changes
1.0 [TBD] [Author] Initial release

Approval

Role Name Signature Date
CEO
IMS Owner

Quick Reference Card

Every Swedwise Employee Should:

Complete all mandatory training on time
Follow IMS policies and procedures
Report incidents immediately
Protect confidential information
Deliver quality work
Minimize environmental impact
Ask questions when unsure
Suggest improvements
Participate in audits
Support the IMS culture

Key Contacts:

  • Your Manager: First point of contact
  • IMS Owner: [TBD]
  • CISO: [TBD]
  • Quality Lead: [TBD]
  • Environmental Lead: [TBD]
  • DPO: [TBD]

Emergency Security Incidents: Call CISO immediately at [TBD]

Related Documents