OWASP Employee Manual

Version 2019-11-01 - Final

This handbook was developed to provide you with guidelines to our company policies and to outline programs and benefits available to you. You should familiarize yourself with the contents as soon as possible so you will know what is expected of you and what you can expect from our organization.

This Employee Handbook replaces all previous The OWASP Foundation handbooks, policies and memoranda. Failure to follow any of the policies in this handbook may result in disciplinary action, up to and including, termination of employment.

The OWASP Foundation and Insperity are in a co-employment work relationship. This means that The OWASP Foundation handles the day-to-day activities related to its core business. Insperity handles the administrative responsibilities such as payroll processing and benefits, and supports the company in many human resources issues.

You should have already signed an Employment Agreement outlining your employment relationship with Insperity. Contact your supervisor or an Insperity payroll or human resource specialist if you have any questions.

We hope that your experience with us will be challenging, enjoyable and rewarding. Again, welcome!



The company relies on the accuracy of the information you provide during the employment hiring process. We also expect that you and your references give accurate and true information during the hiring process and employment. If we find that any information is misleading, false, or was left out on purpose, we may reject an applicant from further consideration. If the person was already hired, it could result in termination of employment.

When we process an employment application, we may obtain a background report. If we take an adverse employment action based in whole or in part on the background report, a copy of the report will be given to you so that you can take appropriate steps.


As part of our hiring processes, your offer of employment was made through an offer letter. This letter fully and wholly outlines your employment offer with the company. The conditions of your offer are confidential. If you ever change positions with the company you will be presented with an offer letter.

Offer letters have an expiration date and if left not accepted by the expiration date, the company withdraws it’s offer of employment. If accepted, a copy should be signed and will be placed in your Personnel file. Conditions of employment are confidential and may not be disclosed to third parties, except for disclosures in accordance with applicable law.


The company has a salary administration program which helps us have consistent pay practices, comply with federal and state laws, support our commitment to Equal Employment Opportunity, and offer competitive salaries within our labor market. We are committed to paying equitable wages that are based on the requirements and responsibilities of each job.

Compensation for each job is based on several factors. The factors include job analysis and evaluation, the essential duties and responsibilities of the job, and salary survey data (how other employers pay their employees). We periodically review our salary administration program and change it as necessary.

We may give merit-based pay adjustments to some employees to recognize superior employee performance. These adjustments are based on a number of factors including the information documented by the formal performance evaluations. We may give incentive bonuses depending on each employee’s individual contributions to the organization.

If you have a question about compensation in your area or for your job, talk with your supervisor.


We encourage you and your supervisor to discuss job performance and goals on an informal, day-to-day basis. You and your supervisor will have formal performance evaluations to discuss your work and goals, to identify and correct weaknesses, and to encourage and recognize your strengths.

Performance evaluations will be done at the beginning of each calendar year and will be completed by the end of each January. Adjustments to compensation or merit increases, if any, will be applied to the February payroll.


This policy describes the policy for administering fair and consistent discipline for unsatisfactory conduct at the company.

We believe it is important to make sure that all employees are treated fairly and that disciplinary actions are prompt, consistent, and impartial. The major purpose of a disciplinary action is to correct the problem, prevent it from happening again, and prepare the employee for satisfactory performance in the future.

Although your employment is based on mutual consent and both you and the company have the right to terminate employment at will, with or without cause or advance notice, company may use progressive discipline at it discretion.

Disciplinary action may be any of the following four steps: 1) verbal warning, 2) written warning, 3) suspension with or without pay, or 4) termination of employment. We will look at how severe the problem is and how often it has happened when deciding which step to take. There may be circumstances when one or more steps are bypassed.

In most cases, progressive discipline means that we will normally take these steps in the following order: 1) a first offense may call for a verbal warning; 2) a next offense may be followed by a written warning; 3) another offense may lead to a suspension; and, 4) still another offense may then lead to termination of employment.

In very serious situations, some types of employee problems may justify either a suspension, or, in extreme situations, termination of employment, without going through the usual progressive discipline steps.

You should also look at the Employee Conduct in this handbook. That policy lists examples of unacceptable conduct that might result in immediate suspension or termination of employment. However, some of the examples of unsatisfactory conduct listed may result in the progressive discipline process described above instead of immediate suspension or termination.

By using progressive discipline, we hope that most employee problems can be corrected at an early stage, benefiting both the employee and the company.


Your employment with The OWASP Foundation is at-will which means that you or The OWASP Foundation may terminate your employment at any time for any lawful reason unless a written employment agreement exists with The OWASP Foundation that provides otherwise. Your employment with Insperity is at-will regardless of whether you have a written employment agreement with The OWASP Foundation.

The OWASP Foundation has the right to transfer, demote, or otherwise discipline an employee at any time for any lawful reason. Insperity does not have the authority to change your at-will status with The OWASP Foundation, enter into any agreement for employment for any specified period or make any promises or commitments to the contrary. Likewise, The OWASP Foundation does not have the authority to change your at-will status with Insperity, enter into any agreements on behalf of Insperity for employment for any specified period or make any promises or commitments to the contrary. The OWASP Foundation however, maintains the ability to enter into employment agreements, independent of Insperity, which is not binding on Insperity and does not alter the at-will nature of your employment with Insperity. For an employment agreement with The OWASP Foundation to be considered valid, it must be signed by the Managing Member.

This handbook is not a contract guaranteeing employment for any specific duration. As provided in the Handbook Acknowledgment, nothing in this handbook creates or is intended to create a promise or representation of continued employment. This handbook replaces any and all prior handbooks, written documents (with the exception of authorized employment agreements) or oral or implied representations that might otherwise contradict the at-will nature of your employment.


You may hold an outside job as long as you can satisfactorily perform your OWASP job and the job is not in a related competitive field or company. The job also must not interfere with our scheduling demands.

We hold all employees to the same performance standards and scheduling expectations regardless if they have other jobs. In order to remain employed at the company, we will ask you to terminate an outside job if we determine that it is impacting your performance or your ability to meet our requirements, which may change over time.

If your outside employment has an undesirable impact on the company, we will consider that it is a conflict of interest.


The company may change, revoke or supplement the policies in this handbook at any time without notice. The company will determine the effective date of any changes and every effort will be made to notify you in advance. However, failure to give advance notice will not void any policy’s application in the workplace.

Supervisors do not have the authority to change the policies in this handbook on their own. If you are uncertain about any policy or procedure, contact your supervisor for clarification.


The OWASP Foundation and Insperity each maintain a personnel file on each employee. Contact your supervisor to request a review of your company personnel file, or contact your Insperity payroll or human resource specialist to view your Insperity personnel file.

To ensure that your personnel file is up-to-date at all times, notify your supervisor or your payroll specialist of any changes in your name, telephone number, home address, withholding instructions, number of dependents, beneficiary designations, or the individuals to notify in case of an emergency. Additionally, complete and forward an Employee Change of Personal Information form to your Insperity payroll specialist or you may update your file through the Insperity PremierTM at http://portal.insperity.com. Assistance may also be provided through the Insperity Contact Center at 866-715-3552, 7AM-7PM CT Monday-Friday.


Requests for employment verifications for current or former employees, should be directed to Insperity’s Contact Center at 866-715-3552, option 5. Insperity will only release your last title and dates of employment, unless you have authorized in writing certain additional information to be provided.


The OWASP Foundation and Insperity provide equal employment opportunities to all employees and applicants in all company facilities without regard to race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, (or related medical conditions, including, but not limited to lactation), physical disability, mental and/or intellectual disability, age, military status or status as a Vietnam-era or special disabled veteran, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws.

This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.


For our domestic United States operations, the company is committed to employing only people who are United States citizens or who are aliens legally authorized to work in the United States. We do not illegally discriminate because of a person’s citizenship or national origin.

Because we comply with the Immigration Reform and Control Act of 1986, every new employee at OWASP is required to complete the Employment Eligibility Verification Form I-9 and show documents that prove identity and employment eligibility.

If you leave the company and are rehired to our domestic U.S. operations, you must complete another Form I-9 if the previous I-9 with company is more than three years old, or if the original I-9 is not accurate anymore, or if we no longer have the original I-9.

If you ask questions or want to discuss our Immigration Compliance policy you may do so without fear of reprisal or retaliation or be punished in any way.


It is very important to the company that we protect our confidential business information and trade secrets. Confidential information includes, but is not limited to, the following examples:

  • compensation data
  • computer processes
  • customer lists
  • membership lists
  • customer preferences
  • financial information
  • pending projects and proposals
  • other confidential information shared with staff or contractors

As part of your employment agreement you signed a non-disclosure agreement as a condition of your employment.

If you improperly use or disclose a trade secret or confidential business information, you will be subject to disciplinary action, up to and including termination of employment and legal action. This applies even if you do not get any benefit from releasing the information.


The OWASP Foundation is committed to making every reasonable effort to accommodate an employee’s disability. An accommodation may be provided as long as the employee can perform the essential duties of the job, and it does not create an undue hardship for the company. A reasonable accommodation may include changes in the work environment or in the way a job is performed, so a person with a disability may enjoy equal employment opportunities.

Under this policy, if you are pregnant and request a reasonable accommodation for the duration of or any part of your pregnancy, we will explore all possible means of providing the reasonable accommodation including, but is not limited to, the following:

  • More frequent or longer bathroom breaks;
  • Breaks for increased water intake;
  • Breaks for periodic rest;
  • Seating;
  • Assistance with manual labor;
  • Light duty;
  • Temporary transfer to a less strenuous or hazardous position;
  • Acquisition or modification of equipment;
  • Changing the employee’s job duties;
  • Changing the employee’s work hours;
  • Relocating the employee’s work area; or
  • Providing leave necessitated by pregnancy, childbirth, or medical or common conditions relating to pregnancy or childbirth.

Accommodations depend upon the employee’s job qualifications and the specific facts and circumstances of each individual situation. Please inform your supervisor if you require an accommodation, so the company can have an interactive discussion with you. Your supervisor will work with you to determine if there is a need for an adjustment or change at work to accommodate your disability.


There can be many reasons why employment may terminate. We will usually schedule an exit interview if you terminate. At the exit interview, we can go over such topics as your benefits, benefits conversion rights, repayment of any outstanding debt to OWASP or return of company-owned property. You may also make suggestions or complaints and ask questions at the exit interview.

Your benefits are affected by termination in several ways. All accrued, vested benefits that are due and payable at termination will be paid out. You may be allowed to continue some benefits by paying for them yourself. You will be notified in writing about which benefits you can continue and the limitations and details of how to continue them.



The OWASP Foundation is committed to providing a work environment governed by the highest ethical and legal standards. In all situations you are expected to conduct your activities with integrity, ethically and in accordance with applicable laws and regulations. As an employee you are expected to model the OWASP Foundation Code of Ethics in your interactions with our community.

Part of maintaining an ethical workplace is providing employees the opportunity to provide honest feedback. The company will not tolerate retaliation of any kind against an employee who reports in good faith a violation of law or of this policy.

The OWASP Foundation encourages you to report any actual or potential violations of applicable laws or regulations and any unethical, dishonest or improper conduct to your supervisor, the president/CEO or The OWASP Foundation’s Human Resources Department. If you are uncertain as to whether there are any laws or regulations that may impact your work, you are responsible for requesting guidance from your supervisor or The OWASP Foundation’s Human Resources Department.


In order to conduct the operations of The OWASP Foundation efficiently and professionally, all employees are to follow the rules of conduct that will protect the interests and safety of all employees and the company. All employees are expected to act in a professional manner with customers, and the general public.

Although it is not possible to list all forms of inappropriate behavior and conduct, the following are examples that are considered inappropriate and may result in disciplinary action up to and including termination of employment:

  • Falsifying employment or other company records;
  • Violating the Anti-Harassment policy;
  • Violating certain state, federal or local laws and regulations;
  • Violating security or safety rules or failing to observe safety rules or safety practices; failing to wear required safety equipment; tampering with equipment or safety equipment;
  • Soliciting gratuities from customers or clients;
  • Displaying excessive or unexcused absenteeism or tardiness;
  • Possessing firearms, weapons or explosives on company property without authorization, in violation of policy or while on duty;
  • Using the company’s property and supplies, particularly for personal purposes in an excessive, unnecessary or unauthorized way;
  • Negligent damage of property;
  • Violating the Violence in the Workplace policy;
  • Violating the Drug-Free Workplace policy;
  • Committing theft or unauthorized possession of company property or the property of fellow employees; possessing or removing any company property, including documents, from the premises without prior permission from management; using company equipment or property for personal reasons without proper authorization; using company equipment for profit;
  • Giving confidential or proprietary information to competitors; working for a competing business while an employee of the company; breaking confidentiality of information such as, Social Security Numbers, including any part of Social Security Numbers. Personal information also includes driver’s license numbers, state-issued identification card numbers, date of birth, credit or debit or other account numbers, passport numbers, alien registration numbers or health insurance identification numbers;
  • Engaging in abusive conduct, or bullying, such as using obscene, abusive or threatening language or gestures or other verbal or physical conduct a reasonable person would find threatening, intimidating, or humiliating;
  • Soliciting, selling, or collecting funds for any purpose while on working time (not including meals and authorized breaks). Employees who are not on working time shall not interfere with the work of employees who are on working time.
  • Violation of personnel policies
  • Unsatisfactory performance or conduct

Depending on the specific circumstances, the company may suspend or terminate an employee without prior discipline, or without following a particular order of discipline.



All employees are paid Monthly on the last business day of each month. Each paycheck includes pay for all work performed through the current pay period. If a payday falls on a holiday, you will be paid on the last work day before that payday.

The company has a direct deposit program. If you provide written authorization, we will deposit your pay directly into your bank account. On paydays, instead a check, you will get a statement of earnings and deductions. Your first paycheck will be a live check mailed to your home address. This is a security procedure for new hires implemented by Insperity. Please note, while we will make our best efforts to expedite your payroll to you as soon as possible, your first paycheck may be delayed until the 10th day of your second month of employment.

If your position qualifies for Incentive Compensation or Commissions, please see your supervisor for additional information about those programs.

If your employment ends, you will be paid your final wages in accordance with applicable state law.


The OWASP Foundation and Insperity make every effort to ensure that you receive the correct amount of pay in each paycheck and that you are paid on the scheduled payday.

You should review your paycheck when received and, if you believe an error has been made, contact your supervisor and Insperity human resource specialist immediately. All necessary steps will be taken to research the problem and to assure that any necessary correction is promptly made.


Exempt employees are paid on a salary basis and, in general, must be paid their full salary for any week they perform work. Their weekly salary may be reduced only in the following circumstances:

Employees who work less than 40 hours during their first and/or last week of employment will be paid a proportionate part of their full salary for the time actually worked.

Employees may be suspended without pay for other types of workplace misconduct, but only in full day increments. This refers to suspensions imposed according to a written policy applicable to all employees regarding serious misconduct, including, but not limited to, workplace harassment, violence, drug and alcohol violations, legal violations, etc. The possibility of unpaid suspensions is included into all similar policies.

This policy is subject to applicable state law regarding reduction of exempt employees’ salaries if the state law is more favorable to employees.

Prohibited Reductions/Complaint Procedure

Any salaried exempt employee whose salary is reduced, and the reduction itself is in violation of this policy, will be reimbursed. If you feel your salary has been improperly reduced, please notify your Insperity human resource specialist. No employee will be penalized in any way for making a complaint.
This policy is intended solely to implement Fair Labor Standards Act (FLSA) regulatory requirements, and applicable state law will be applied and modified as necessary in accordance with the requirements, and is not to be considered any type of contract.


Normal operating hours for The OWASP Foundation are from 8:00 AM to 5:00 PM, Monday through Friday in the employees location. These hours may vary depending upon your position and work requirements. All exempt and non-exempt, full-time regular employees are expected to work a standard forty (40) hour work week.

Give your supervisor as much advance notice as possible for any schedule changes.


The OWASP Foundation will provide a reasonable amount of break time, or amount of time required by state law, to accommodate a female employee’s need to express breast milk for the employee’s infant child for up to one year following the child’s birth, or as required by law. The break time should, if possible, be taken concurrently with other break periods already provided. Employees should clock out for time taken for 30 minutes or more that does not run concurrently with normally scheduled break periods. The OWASP Foundation will also make a reasonable effort to provide the employee with the use of a room or other location in close proximity to the employee’s work area, other than a restroom, where the employee may express milk in private. Speak with your supervisor should arrangements for a refrigerator be required. You should notify your immediate supervisor if you are requesting time to express breast milk under this policy.


Depending on the company work needs, employees will be required to work overtime when requested to do so. Nonexempt employees will be paid overtime premiums at the applicable federal or state wage rate, whichever is higher. You are responsible for clearly noting all hours worked, including any overtime hours, on your timesheet.

It is our policy that no overtime can be worked without the advance approval of your supervisor. Failure to obtain approval in advance of working the overtime is a violation of company policy and you may be subject to disciplinary action.

If, during a workweek, you are away from the job because of an injury, paid holiday, jury or witness duty, sick day or vacation day, those hours not worked will not be counted as hours worked for the purpose of computing overtime pay, even if you receive pay such as sick or vacation pay for such time missed.

Prohibited “Off the Clock” Work

Employees are not to work “off the clock” and are required to ensure that all time worked is properly recorded. If you are given directions to perform work “off the clock,” you should promptly notify your supervisor. If your supervisor has given you directions to work “off the clock” and/or has told you not to properly record all hours worked, notify your Insperity human resource specialist. You will not be penalized in any way for making such a complaint.


Regular attendance is important to the smooth operation of The OWASP Foundation. If you are late or absent, it places a burden on other employees and may impact productivity, customer satisfaction and team morale.

You are expected to be reliable and punctual by working a regular and set weekly schedule that is suitable for your job function. If you know that you will be absent or not available during regular timely working hours, notify your supervisor directly as soon as possible. In most circumstances, you should notify your supervisor within the first 30 minutes of your work shift each day of your absence, unless you have been granted a leave of absence. In the event of a sickness or accident while performing your duties, notify your supervisor immediately.

If you are absent for three or more consecutive workdays due to personal illness, you may be required to provide a statement from your healthcare provider, unless state or local law provides otherwise, before you will be permitted to return to work. Failure to properly report your absences may be considered a voluntary resignation of your position.


The OWASP Foundation and Insperity are committed to a work environment in which all individuals are treated with respect and dignity and are free from all forms of harassment and discrimination. Any form of harassment, even when not unlawful or directed at a protected category, is prohibited and will not be tolerated. All employees, including supervisors, co-workers, vendors, contractors, customers or other third parties, are expected to adhere to this policy.

Reported or suspected occurrences of harassment or discrimination will be promptly and thoroughly investigated. Following an investigation, The OWASP Foundation and Insperity will promptly take any necessary and appropriate disciplinary action.

The OWASP Foundation and Insperity will not permit or condone any acts of retaliation against anyone who files or cooperates in the investigation of harassment or discrimination complaints. The term “harassment” includes harassment based on any category protected by federal, state or local law, which may include, but is not limited to, unwelcome slurs, jokes, or verbal, graphic or physical conduct relating to an individual’s race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental and/or intellectual disability, age, military status or status as a Vietnam-era or special disabled veteran, marital status, registered domestic partner or civil union status, familial status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation.

Sexual harassment consists of unwelcome sexual advances, requests for sexual favors, or other verbal or physical conduct of a sexual nature where:

  • Submission to such conduct is an explicit or implicit term or condition of employment;
  • Employment decisions are based on an employee’s submission to or rejection of such conduct; or
  • Such conduct unreasonably interferes with an individual’s work performance or creates an intimidating, hostile or offensive working environment.

Complaint Procedure

The OWASP Foundation and Insperity provide you with a convenient and reliable method for reporting incidents of alleged harassment, including sexual harassment, and discrimination. Any employee who feels harassed or discriminated against is encouraged to immediately inform the alleged offender that the behavior is unwelcome. In many instances, the person is unaware his or her conduct is offensive and this action alone may often resolve the problem. If the informal discussion with the alleged offender is unsuccessful in remedying the problem, or if you do not feel comfortable with such an approach, you should immediately report the conduct to your immediate supervisor, manager or company owner and the Insperity Anti-Harassment Hotline number at 844-677-3030. We cannot resolve a harassment or discrimination problem, unless we know about it. Therefore, it is your responsibility to bring those kinds of problems to our attention so we can take the necessary steps to correct any problems. The report should include all facts available to you regarding the alleged harassment, sexual harassment, or discrimination.

When you call the Insperity Anti-Harassment Hotline, please be sure to leave your name, Insperity employee identification number or the last four digits of your social security number, and the name of the client company for which you work. If you wish to make an anonymous complaint, you may do so. However, the scope of our investigation may be limited based on the information you provide.


All reports of alleged harassment, sexual harassment, or discrimination will be treated seriously. Confidentiality will be maintained to the extent possible. However, to conduct a thorough investigation, certain information may need to be disclosed to other individuals, including the alleged offender. Consequently, absolute confidentiality cannot be promised and cannot be guaranteed.

Investigative Procedure

Once a complaint of alleged harassment, sexual harassment, or discrimination is received, we will begin a prompt and thorough investigation. The investigation may include interviews with all involved employees, including the alleged harasser, and any employees who are aware of facts or incidents alleged to have occurred.

Following an investigation, The OWASP Foundation and Insperity will promptly take any necessary and appropriate disciplinary action. Disciplinary action will be taken if the investigation reveals that an employee has acted in a manner that is not in alignment with the goals of this policy. The OWASP Foundation and Insperity may address any workplace issue discovered during an investigation. This may include some or all of the following steps:

  • Restore any lost terms, conditions, or benefits of employment to the complaining employee.
  • Discipline the alleged harasser. This discipline may include written disciplinary warnings, transfer, demotion, suspension and/or termination of employment.
  • If the alleged harassment, sexual harassment, or discrimination is from a vendor, contractor, customer or other third party, The OWASP Foundation and Insperity will take appropriate action to stop the conduct.
  • If you have made a complaint but feel that the action taken in response has not remedied the situation, you should make an additional complaint following the complaint procedure outlined in this policy.

Duties of Employees and Supervisors

All employees of the company, both management and non-management, are responsible for assuring that a workplace free of harassment, sexual harassment, and discrimination is maintained. Any employee may file a complaint regarding incidents experienced personally or incidents observed in the workplace. The company strives to maintain a pleasant work environment where all employees are able to effectively perform their work without interference of any type and requests the assistance of all employees in this effort.

All managers and supervisors are responsible for doing all they can to prevent and discourage harassment, sexual harassment, and discrimination from occurring. If a complaint of harassment, sexual harassment or discrimination is raised, the individual to whom the complaint is made (i.e., supervisor, manager, company owner) should act promptly to notify the Insperity Anti-Harassment hotline number so an investigation may promptly proceed. The company and Insperity may discipline any managers or supervisors who fail to follow this policy, which discipline, may include termination.


The OWASP Foundation and Insperity are committed to providing a safe workplace for employees, customers, vendors, volunteers, independent contractors and others with whom we do business. The company has zero tolerance for violent acts or threats of violence. You are expected to conduct yourself in a non-threatening, non-abusive manner at all times. Any direct, conditional or veiled threat of harm to any employee, guest or company property will be considered unacceptable behavior. Acts of violence, intimidation or bullying of others will not be tolerated.

All employees share the responsibility in identifying and alleviating threatening or violent behaviors. Anyone who is subjected to or threatened with violence, or who is aware of another individual who has been subjected to or threatened with violence, is to immediately report this information to their supervisor, a management member or Insperity. You must assume that any threat is serious. The company will carefully investigate reports and maintain employee confidentiality to the fullest extent possible.

The OWASP Foundation will take disciplinary action, up to and including termination, and/or legal action as appropriate, against any employee who commits or threatens to commit a violent act against any person while on company premises or while engaged in company business off the premises.


The OWASP Foundation is committed to protecting the safety, health and well-being of all employees, customers, clients, and vendors in our workplace. “Workplace” includes company property, any company-sponsored activity or any other site where you are performing work or representing the company.

The term “drug” as used in this policy includes alcoholic beverages and prescription drugs, as well as illegal inhalants and illegal drugs and/or controlled substances including, but not limited to, marijuana, opiates (e.g., heroin, morphine), cocaine, phencyclidine (PCP), and amphetamines.

All employees are expected to contribute to maintaining a drug-free workplace. Prohibited activities under this policy include the possession, use, sale, attempted sale, distribution, manufacture, purchase, attempted purchase, transfer or cultivation of drugs in the workplace. Employees are also prohibited from being at the workplace with a detectable amount of drugs in their system. However, the use and/or possession of prescription drugs, when taken as directed and obtained with a valid prescription under federal law, is not a violation of this policy.

As a condition of continued employment, all employees must comply with this policy. An employee who engages in an activity prohibited by this policy shall be subject to disciplinary action, up to and including immediate termination of employment.

Contact the Employee Assistance Program (EAP) for information about the availability of treatment programs such as assistance provided by Insperity’s health care plan coverage or drug and alcohol abuse rehabilitation and education programs.

This policy is not intended to replace or otherwise alter applicable U.S. Department of Transportation obligations or any other federal, state or local agency drug testing regulations related to a particular industry.


The OWASP Foundation strives to provide a safe and secure workplace for employees, clients, customers and visitors. The company has zero tolerance for, and forbids the possession of any type of weapon, firearm, explosive and/or ammunition while on company property or conducting company business. For purposes of this policy, company property includes, but is not limited to, all company facilities, company-provided vehicles and equipment that are either leased or owned by the company or a company client.

Possession of firearms or other weapons may be cause for discipline, including, but not limited to, immediate termination of employment. In enforcing this policy, The OWASP Foundation reserves the right to request inspections of any employee and their personal effects while on company property, to the extent allowable under applicable law. Any employee who refuses to allow an inspection will be subject to the same disciplinary action as having been found in possession of firearms or other weapons.

In the event an employee lawfully possesses a firearm, the employee can store the firearm in the employee’s personal vehicle while on company-provided parking areas; however, the firearm must be stored in the employee’s locked vehicle, or locked to the vehicle, and hidden from plain view.

Employees share the responsibility of identifying violators of this policy. If you either witness or suspect another individual of violating this policy you should immediately report this information to their onsite supervisor.



A benefits package is provided to eligible employees through The OWASP Foundation’s co-employment relationship with Insperity. Details describing these benefits, including eligibility information, can be found in the Benefits Book provided to each employee when hired. Benefits begin on the first day of employment. Additionally, you can call the Insperity Contact Center at 1-866-715-3552, 7:00 a.m. – 7:00 p.m. CT, Monday through Friday for more information on the benefits available to you from Insperity.

The costs of these benefits for the employee and their dependents may be subsidized by the company. Insurance plans are renewed annually and subsidies may change from time to time.

Below is a list of the 2020 Plans, Terms, and rates.


Full-time employees are eligible for paid holidays during each calendar year. A paid holiday does not count as a day worked in calculating overtime for the week. The OWASP Foundation observes the following holidays each year:

  • New Year’s Day
  • Presidents Day
  • Memorial Day
  • Independence Day
  • Labor Day
  • Federal Election Day (typically the 1st Tuesday of November in even-numbered years)
  • Thanksgiving Day
  • Day after Thanksgiving
  • Christmas Eve
  • Christmas Day
  • New Year’s Eve

A recognized holiday that falls on a Saturday will be observed on the preceding Friday and a recognized Sunday holiday will be observed on the following Monday.


Unlimited Vacation

Exempt employees do not accrue Personal-time-off benefits but are given an indeterminate amount of personal time off at the sole discretion of the company as operational conditions permit. During such personal time taken off, employees will receive no additional fixed pay. Rather, they will continue to receive their regular salary during their scheduled Personal-time-off. For purposes of this policy, personal time off does not include absences covered by the company’s Sick Policy.

An employee taking personal time off is responsible for:

  • Notifying their direct supervisor two weeks prior to when they will be absent.
  • Documenting planned time off on the shared Staff Calendar
  • Meeting the expectations and requirements of the employee’s position including timely and satisfactorily completing all work assignments.
  • Arranging for time off on a schedule that is considerate of expected business needs.

Sick Policy

Flexible time off each year is provided by the company for employees to be away from work because of illness, injury, or to care for a family member or for responding or attending to a qualifying exigency. If more than five continuous days are taken as time off due to illness, the employee will cease to receive their regular salary and the company will consider a request for a leave of absence. Additionally, absences for three or more consecutive workdays due to personal illness may require a statement from your healthcare provider before you will be permitted to return to work.


The company will reimburse exempt full-time employees up to $1,500 per semester for continuing education. To qualify, education assistance requests must be degree-seeking in a field directly related to your work function, pre-approved by your supervisor, and through an accredited institution. You must maintain a “C” or higher grade point average.

Your profession may have certain third-party Certification programs.The company will reimburse exempt full-time employees up to $500 per year for obtaining and/or retaining an accredited certification in your profession. To qualify, Certification Program requests must be in a field directly related to your work function and be pre-approved by your supervisor.

Employees who voluntarily or involuntarily terminate employment must reimburse the company for any education assistance or certification program benefits reimbursed over the prior 24 months.

Termination and Flexible Time Off

Because no vacation accrues, employees who voluntarily or involuntarily terminate employment are not entitled to payment of vacation at time of termination.


Visit Insperity online to access training, secure personal information and work tools. Go to http://portal.insperity.com and click CREATE ACCOUNT. Follow the steps below to log in and begin using the Insperity PremierTM:

  • Step 1: Enter your last name and date of birth
  • Step 2: Enter one of the following to identify yourself: ** Your Social Security Number ** Your Individual Taxpayer Identification ** Your Insperity ID (this can be found on your paystub)
  • Step 3: Enter a username and password of your choice. Then follow the remaining prompts to create the account.

Your personal information is accessible only to you through multiple layers of security and industry-standard data encryption. Since payroll information and other sensitive data are accessible through your account, it is important you do not share your username and password with others.

Contact Insperity’s Contact Center toll free at 866-715-3552, Monday through Friday from 7:00 a.m. to 7:00 p.m. Central time for questions about the Insperity PremierTM and your Insperity benefits.


Additional leave of absence policies for the states of Florida, New Jersey, North Carolina, Texas, see addendum.


Full-time regular employees may take up to 3 days off work for the death of a spouse, registered domestic partner, civil union relationship, child, parent, sibling or comparable step-relation, and up to 1 days off work for the death of a grandparent, father-in-law, mother-in-law, son-in-law or daughter-in-law. You may take off one day of bereavement leave for the death of a relative who is not a member of your immediate family. The eligible time off will be paid. Contact your supervisor as soon as reasonable to request time off for bereavement leave.


You may be granted a leave of absence to attend to personal matters in situations in which the company determines that an extended period of time away from the job will be in your and the company’s best interest.

Requests for a leave of absence or any extension of a leave should be submitted in writing to your supervisor at least 30 days prior to commencement of the leave period or as soon as is practicable. Your supervisor will forward the request to the appropriate manager recommending approval or denial. Management will make the final decision concerning the request. While on approved leave, you are expected to report any change of status in your need for leave or your intention to return to work.

You may be required to use all accrued paid time off while on leave before going on unpaid leave. For information on health care coverage during a leave of absence, refer to the Continuation of Benefits policy. Benefits that accrue according to length of service, such as paid time off, holiday, and sick days, do not accrue during periods of leave.

Upon return from a personal leave due to an illness or injury, you must provide a release to return to work. Any restrictions must be noted on the release. The company will consider modifications or adjustments to help facilitate your return to work.

A personal leave of absence may not provide a guarantee of reinstatement to the same or similar position.


If you are summoned to jury duty or to appear in court as a witness, The OWASP Foundation will continue your pay in accordance with FLSA and applicable law. If you are summoned to jury duty, The OWASP Foundation will continue your pay for 5 days of jury service per calendar year. If you are required to serve more than 5 working days of jury service in a calendar year, you will be allowed additional time off without pay to complete the jury service. The OWASP Foundation will continue to pay for this extended period of service in accordance with FLSA and applicable law. You must notify your supervisor as soon as it is known your jury duty will be extended.

To qualify for either jury or witness duty leave, you must submit a copy of the summons to your supervisor as soon as it is received. In addition, you must also submit to your supervisor a related proof of service when the period of jury or witness duty is completed. No adverse employment action will be taken against employees due to their service as either a juror or witness in state or federal courts.


A leave of absence without pay for military or reserve duty or National Guard training will be granted to employees. The employee should submit copies of military orders to his or her supervisor as soon as possible. The employee may use any accrued but unused vacation time or paid time off. Exempt employees who perform any work in a week in which they also have military duty will be paid their full salary minus an offset for the military pay for the week. Eligibility for reinstatement following a military leave of absence will be determined in accordance with applicable federal and state laws.


All active, full-time employees covered by the Insperity Group Health Plan or the Insperity Health Care Flexible Spending Account (FSA) Plan may continue plan coverage for up to 12 weeks during an approved leave of absence, or for any longer period, as required by law.

While on leave, you must continue to pay any required contribution for health coverage, as well as make payments for any other applicable benefits which would otherwise be automatically deducted from your wages (e.g., supplemental life insurance, credit union loans, and 401(K) loans). Your failure to pay any required employee contributions does not relieve you of your obligation to pay such contributions. Contact the Insperity Contact Center at 866-715-3552 for details regarding employee contributions. For questions regarding 401(K) loan payments, contact Insperity Retirement Services at 888-401-5273.

If you do not return to work upon expiration of the applicable 12-week period (or such longer period as required by law), coverage will terminate and you will have the opportunity to continue coverage for a limited period of time under COBRA in accordance with applicable law.



The OWASP Foundation has a remote workforce. Your work schedule will be agreed upon by you and your supervisor in advance and should follow a normal set schedule convenient for your work function. Employees must be accessible by phone, e-mail or other means during the agreed-upon work schedule. Any changes to your schedule must be reviewed and approved by your supervisor.

It is the employee’s sole obligation to provide a quiet, distraction-free, ergonomically correct, and appropriate work environment during the employee’s workday. The company will not be responsible for costs associated with initial setup of an employee’s home office such as furniture, lighting and repairs or modifications to the home office space. The company will not reimburse employees for office-related expenses, such as but not limited to heating and cooling costs, internet service, and other home-related services.

Injuries sustained by an employee while at a home work location and in conjunction with regular work duties are normally covered by the company’s workers’ compensation policy. Employees who work remotely are responsible for notifying The OWASP Foundation of such injuries in accordance with the company’s workers’ compensation procedures. However, the company assumes no responsibility for injuries occurring in the employee’s at-home work space outside the agreed-upon work hours. Employees who work remotely are to maintain safe work conditions in their at-home work space and are to practice the same safety habits as those followed on typical corporate premises. The employee’s home location is mainly for the employee and should not be used for meeting with customers, vendors or other company-related guests.

Consistent with the company’s expectations of information security, even while working remotely employees are expected to ensure the protection of proprietary company and customer information accessible from their home office. Steps include, but are not limited to, the use of locked file cabinets, computers and desks; the regular maintenance of passwords; and any other steps appropriate for the job and the environment.


The company provides all employees access to G-Suite Cloud Services for email, office productivity tools, calendaring and contacts. Employees are expected to use these tools for their primary work function and are explicitly prohibited from saving critical business information locally on their computer. The lone exception to this policy are code libraries under development that are also backed up into our cloud accounts such as Github.

Additionally the company provides a shared password manager to conveniently share and manage passwords for corporate accounts. Employees are expected to use and maintain these systems to ensure business continuity during unexpected events.

It is the sole responsibility of the employee to insure the integrity and security of the data and files needed for their work function and should contact their supervisor with questions in complying with these policies.


Following the employee’s start date, you will be provided with a personal computer appropriate for your work function. Biennially, you will be eligible for a personal computer refresh. While employees may wish to use their own computer for their work, it is highly discouraged. The company accepts no responsibility for damage or repairs to employee-owned equipment.

The company will provide you a monthly Technology and Office Supplies taxable allowance of $125 to be included as part of your payroll. This allowance is to assist you in paying for your mobile phone, internet access, computer peripherals, paper, ink, and other items you regularly need for your work function.

You will be liable for company supplied equipment is to be used for business purposes only. Upon termination of employment or upon request, all company property costing more than $1,000 and less than one year old will be returned to the company.

Safety Concerns for Mobile Phone Usage While Driving

The company values its employees and the safety of others, and expects employees to put safety first while driving. Employees are prohibited from using wireless communication devices while driving unless using a hands-free device. Texting (including composing, sending, or reading) while driving is strictly prohibited. You are strongly encouraged to pull off to the side of the road and park the vehicle in a safe location before placing or accepting a call or before reading or writing e-mail or text messages. You should take special care in situations where there is heavy traffic, inclement weather or you are driving in an unfamiliar area. You are expected to know and follow all local and state laws related to using communication devices while driving. Employees are responsible for all traffic violations and consequences resulting from the use of communication devices while driving.


All accidents, injuries, potential safety hazards, safety suggestions and health and safety related issues must be reported immediately to your supervisor and/or Human Resources or Insperity. If you or another employee is seriously injured, contact outside emergency response agencies. No matter how insignificant an injury may seem at the time of occurrence, you are to notify a supervisor or The OWASP Foundation’s Human Resources Department or Insperity immediately of any workplace accident or injury.

The federal law, Occupational Safety and Health Administration (OSHA) requires that we keep records of all illnesses and accidents, which occur during the workday. Employees are required to report any workplace illness or injury, no matter how slight. OSHA also provides for your right to know about any health hazards that might be present on the job. Should you have any questions or concerns, contact your supervisor or The OWASP Foundation’s Human Resources

Department and/or Insperity for more information.

Workers’ compensation insurance coverage is provided by Insperity’s worker’s compensation carrier in most states, with the exception of Washington, Wyoming, and North Dakota where coverage is provided by a state fund. Questions regarding workers’ compensation insurance coverage should be directed to your supervisor or the Insperity Workers’ Compensation Department at 800-242-8893, ext. 4244.



The OWASP Foundation is committed to providing a comfortable and productive work environment for employees. It is important that your concerns are resolved in a timely manner in an atmosphere of open communication and mutual respect. You are encouraged to follow the process below for bringing concerns to management for resolution. Employees will not be penalized for taking advantage of this procedure.

First, discuss the problem with your supervisor. If you do not believe a discussion with your supervisor is appropriate, request a meeting with an Insperity human resource specialist. In an effort to resolve the problem, the Insperity human resource specialist will consider the facts and may conduct an investigation.

Additionally, the Anti-Harassment Policy in this handbook outlines procedures for employees to report complaints of harassment and discrimination.


Access to the internet has been provided to employees primarily for the benefit of the organization. The following guidelines have been established for using the Internet.

Acceptable Use of the Internet

You should use the Internet in an effective, ethical and lawful manner. You may use the Instant Messaging Systems and Internet Forums primarily to conduct official company business or to gain technical or analytical advice. Databases may be accessed for information as needed.

Unacceptable Use of the Internet

You should not use the internet during working time for non-productive reasons. Nonworking time includes the time before and after your scheduled shift, and the time when you are on a rest or lunch break. Use of the Internet while on company time must not interfere with your productivity or disrupt the operations of the company network or the network of other users.


You are responsible for the content of all text, audio or images that you place or send over the Internet including, but not limited to, any Web-based sites or programs utilized through the company. Employees should avoid posting statements, photographs, video or audio that reasonably could be viewed as malicious, obscene, and threatening or intimidating; that disparage clients, or vendors; or that might constitute harassment or bullying. Examples of this conduct might include offensive posts that could contribute to a hostile work environment on the basis of race, sex, disability, religion or any other status protected by law or company policy.

Except to the extent that you are discussing your wages, hours or terms and conditions of employment, the following guidelines apply: All messages communicated on the Internet should have your name attached to them if they mention or refer to The OWASP Foundation in any way. No messages regarding or relating to the company are to be transmitted under an assumed name. Employees may not transmit messages or other communication by means that either mask or hide their identity or indicate that they are sent by someone else if it contains information regarding the company’s business.

The OWASP Foundation intends to prevent computer viruses and unauthorized use of copyrighted materials belonging to entities other than the company. You should obtain prior approval before downloading any software. Users are not permitted to copy, transfer, rename, add or delete information or programs belonging to other users unless given express permission to do so by the owner. Failure to observe copyright or license agreements may result in disciplinary action from the company, up to and including immediate termination or legal action by the copyright owner.

Confidentiality and Passwords

While our systems may accommodate the use of passwords for company security, you should not expect confidentiality of your files at work. The OWASP Foundation reserves the right to access your Internet use and messages at any time, without notice.

Never disclose personal or system passwords to anyone other than authorized company representatives. You are not to attempt to gain access to another employee’s system, including email or voice mail messages.


All messages created, sent or retrieved over the Internet are the property of the company and are not private. The company may access and monitor all messages and files on the computer system at any time. All communications, including text and images, can be disclosed to law enforcement or other third parties without prior consent of the sender or the receiver.


Harassment of any kind is prohibited. Messages with derogatory or inflammatory remarks about an individual or group’s race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental and/or intellectual disability, age, military status or status as a Vietnam-era or special disabled veteran, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including but not limited to, cancer related or HIV/AIDS related), genetic information or sexual orientation will not be permitted.


Violations of any guidelines listed in this policy may result in disciplinary action, up to and including immediate termination. If necessary, the company will advise appropriate legal officials of any illegal violations.




An employee who is the victim of or who is the family member of a victim of domestic violence or sexual violence is eligible to take leave to appear at court or other legal or investigative proceedings associated with the crime or to obtain counseling associated with being a crime victim and/or make their homes more secure or seek new housing. An employee is considered eligible after 3 months of employment to take up to 3 workdays of unpaid crime victim leave in any 12 month period.

An employee taking leave must use all accrued paid time off, vacation and/or personal time before continuing leave on an unpaid basis. You must provide documentation supporting your need for leave. The OWASP Foundation will maintain the confidentiality, to the extent possible, of any written documents or records submitted and the fact that leave has been requested.



In accordance with applicable state law, employees who have entered into a civil union or a domestic partnership recognized in the jurisdiction under which the civil union or partnership was created have access to equal benefits as provided to employees with a spouse, when extended benefits are provided. This could include, but is not necessarily limited to, health insurance, leaves of absence and company discounts, if provided.


The OWASP Foundation provides unpaid leave for employees who perform emergency duty as a voluntary emergency responder defined as an active member in good standing of a volunteer fire company, a volunteer member of a duly incorporated first aid, rescue or ambulance squad, or a member of any county or municipal volunteer Office of Emergency Management. If you are participating as one of these emergency responders, notify your supervisor so the company may be aware of the fact that you may have to take time off for emergency duty. In the event that you need to take time off for emergency duty, inform your supervisor before doing so, when possible. Upon conclusion of emergency duty, you may be required to provide documentation to support your absence. The OWASP Foundation will comply with additional requirements under state law.

The Company recognizes that the inability to work because of illness, injury or safety needs may cause economic hardship. For this reason, The OWASP Foundation provides 40 hours of paid sick time upon hire and annually at the beginning of each calendar year to all employees who work in New Jersey. You are eligible to use the time immediately.

Sick time may be used for your own or your family member’s health needs, purposes relating to being a victim of domestic violence, sexual assault, or stalking, for purposes related to when your worksite or your child’s school or care facility is closed by order of public official due to a public health emergency, or to attend a school-related conference or event requested by or required by a school administrator, teacher or other professional staff member, as intended to comply with New Jersey Paid Sick Leave Act.

Suspected abuse of sick time may lead to disciplinary action. Indications of possible abuse include, but are not limited to, repeated usage of sick time to extend regularly scheduled days off, including weekends, holidays (before or after a holiday), excessive absenteeism on Mondays and Fridays, and usage of sick time on days previously requested and denied as vacation. If you are absent for three or more consecutive workdays due to personal illness, or other reasons as covered under the Act, you may be required to provide reasonable documentation, such as a statement from your health care provider. Please familiarize yourself with the Absenteeism and Tardiness Policy for the proper procedures to follow when an absence has or will occur.

Employees classified as exempt may take sick time in 4-hour increments. Nonexempt employees should record their absences in exact time increments to the quarter hour. Unused sick time up to 40 hours will carry over into the following year. Unused sick time is not paid in the event of separation from employment; however, unused sick time will be reinstated if reemployed by The OWASP Foundation within six months of separation. The OWASP Foundation prohibits retaliation against any employee for requesting or inquiring about sick time. While sick time is paid through Insperity, sick time is solely a The OWASP Foundation policy.



Since school events sometimes occur during working hours, The OWASP Foundation recognizes the challenge for working parents, legal guardians or custodians to fully participate in their children’s education and school activities. Therefore, you are permitted to take time off work up to a total of 4 hours per year to:

  • Attend parent teacher conferences;
  • Attend school-related activities;
  • Volunteer or otherwise be involved;
  • Attend school sponsored events; or
  • Respond to an emergency involving the child.

Where possible, you should give written notice at least 5 school days in advance. You may be required to provide written documentation from the school indicating your participation in the school event.

If you are a nonexempt employee taking school activity leave, you may choose to use accrued vacation or paid time off (PTO). However, if no paid leave is available, you may take the time without pay.



This policy applies to all employees of The OWASP Foundation who, in the course of performing their regular job responsibilities, are involved in the collection, use, handling, safeguarding, storage, retention, and destruction of Biometric Identifiers and Biometric Information (collectively, “Biometric Data”).

The OWASP Foundation offers the convenience of a biometric timekeeping system that can collect images and/or features of your fingerprint to facilitate accurate and efficient time records of your work hours. The collected images and/or features of your fingerprint are referred to as “biometric data.”

Upon your consent, your biometric data will be collected, stored and used by the company through your employment with The OWASP Foundation to: (1) identify you; (2) record your work start and end times; and (3) process your pay. You will be asked to sign a Biometric Collection Consent form upon hire for this purpose. The company will not disclose, sell, lease or trade your biometric data for any other purpose.

The Company will securely store your biometric data in the same manner as it stores other confidential or sensitive company information. The Company prohibits the sale, lease or trade of Biometric Data. The Company prohibits any disclosure of Biometric Data other than as permitted by this policy.

Your biometric data will be permanently destroyed after your employment with the company ends. Biometric Data in electronic form will be destroyed in a manner that renders the information irretrievable. The Company’s Human Resources and Information Technology departments shall be responsible for coordinating with the timeclock service provider.

Your consent to the collection, storage and use of Client Company’s biometric timekeeping system is voluntary and an alternate method of collecting your work time is available upon your request.

Violations of this policy or its procedures will result in disciplinary action up through and including termination of employment.


Employees are encouraged to fulfill their civic responsibility by voting in local, state and national elections. If you are unable to reach your polling place outside of work hours, you may take up to 2 hours of paid (unless the polls are open at least 2 hours outside of working hours) time off to vote. You are required to provide reasonable notice to your supervisor, and evidence of voting may be required.


I acknowledge receipt of The OWASP Foundation’s Employee Handbook (“Handbook”) as found in the Policies section of the OWASP website. I understand the Handbook is not a written employment contract for any specific term. My employment with Insperity is at-will. My employment with Company is at-will unless an authorized employment agreement with The OWASP Foundation provides otherwise.

I further understand that only the executive director, (or any other individual with similar authority as identified and determined by the company) of the company has any authority to change my at-will status or enter into any agreement guaranteeing employment with the Company for any specific period of time. I also understand that if any agreement is made, it will not be authorized and enforceable unless it is in writing and signed by both parties.

I also understand that an agreement made by executive director of The OWASP Foundation is not binding on Insperity unless it is agreed to in writing by either the president or senior vice president of Insperity.

I understand that if I have any questions about the interpretation or application of any policies contained in the Handbook, I should direct these questions to my supervisor.

I further understand the Company reserves the right to modify the policies and benefits in the Handbook at any time without notice.

My signature below acknowledges that I have received the Handbook and understand it Is my responsibility to read and comply with all policies contained in this Handbook, including state specific addendums (if any), and any revisions made to it.

Employee Signature and Date

Print Name

Insperity Employee ID Number

Please sign and return one acknowledgment to your supervisor and retain the other for your records. A copy of this signed acknowledgment should be sent to Insperity.