This handbook covers various aspects of work at Rapid River:
Welcome to Rapid River Software!
If you're reading this document, you've joined our team and we're happy to have you with us.
The mission of Rapid River is simple:
Solve hard problems for our clients while working with people you enjoy.
"We get things done."
Rapid River Software was founded in 2013 by Nick Marden. The company takes its name from the Rapid River where Nick learned to kayak as a teenager.
Fun fact: Nick's daughter Julia Marden learned to kayak on the Rapid River 25 years after Nick did. Nick and Julia have matching tattoos of the kayaking guy.
- Nick Marden (USA): Founder and CEO
- Adrienne Marden (USA): Human Resources Director
- Tochi Okorie (Nigeria): Country Manager; Technical Project Manager
Since its founding in 2013, Rapid River Software has provided software development and/or DevOps consulting services to:
- Dasheroo
- The General Services Administration of the United States Government
- Internet Brands
- Salesforce
- VerticalResponse
Working at Rapid River means working remotely.
Remote work is incredibly freeing and rewarding, but it carries additional responsibilities, too. Interacting with people all day through a screen and getting your work done when no one is there to watch over you requires professionalism, organization, and maturity. We trust our employees and contractors implicitly to exhibit all of these characteristics.
At the end of the day, the metric of success at Rapid River is: did you get the job done? And did you, your teammates, and our clients enjoy working with each other while we were getting the job done? If you can say yes to all of these things, your work at Rapid River is successful.
In general, the goal for full-time work at Rapid River is eight working hours per day, not counting breaks for meals, rest, etc. Some days it will be more than that; some days it will be less. If you find that you're consistently working a lot more than eight hours per day, you may be headed toward burn-out. Talk with your manager so that we can help you achieve a more balanced and sustainable schedule.
Rapid Riverers work worldwide, which means that your hours may need to start earlier or (in more cases) go later than a traditional office job. Accommodate this in your daily schedule as much as possible by taking time for yourself during slow periods to get up, stretch, go for a walk, get outside, etc. If you live with family or other loved ones, take time to be with them - they need you.
Vacation policy at Rapid River is handled by separate policies: one for full-time employees and one for contractors.
Full-time employees are granted a fixed amount of personal time off (PTO) each calendar year in addition to federal and local holidays. PTO may be taken by informing your manager, and receiving approval, in advance. You do not need to receive approval to take federal or local holidays approved by your local Employer of Record (EOR), but you are expected to inform your manager and your team ahead of time about your absence.
Contractors, on the other hand, are paid for the hours they work. They may take unpaid time off by informing their manager, and receiving approval, in advance. This includes federal and local holidays. In all cases, please inform your manager and your team ahead of time about your absence.
If you're sick, take time to get better. Simply let your manager know.
For employees, sick time will be handled under local labor regulations. For contractors, such time will count as unpaid time off.
Some positions at Rapid River may require carrying a software "pager" or generally being available to respond to emergent incidents. Your team is expected to carry this burden together, and accordingly, such on-call time will be partitioned between teammates on a known schedule.
When you are on-call, you will be expected to have a computer nearby, with reliable Internet access, in case you need to respond to an incident. Factor this into your planning for evenings and weekends if your on-call schedule includes either. If you are in an on-call rotation, we will assume these issues are sorted unless you raise your concern explicitly to your manager.
If you need to skip a previously-scheduled turn in an on-call rotation, talk with your manager and he or she will attempt to find an acceptable resolution to the issue. Please don't go offline when you're scheduled to be on-call without making sure that someone else has you covered.
If you have any questions about on-call, as with anything, talk to your manager.
Rapid River is 100% remote, so polite and effective communication is paramount. Please try to remember the following guidelines at all times:
- For scheduled events like video conferences or calls, be on time. Always treat the other person's/people's time as valuably as you would treat your own.
- Take calls from a location with minimal background noise or distractions.
- Computer-generated backgrounds and images are fun and sometimes whimsical, but please don't make them a distraction. The same goes for your clothing and appearance.
- The above rule doesn't count if the call in question is a social event, but please wear some sort of clothing :-)
- Actually, on second thought, always wear clothing on calls. Please.
- Whenever appropriate, turn on your camera so that people can see you. Communication is a very visual thing, and intent is a lot harder to misconstrue when you can see the other person. One exception to this rule is larger meetings: keep your camera off in larger meetings unless it will benefit people for them to see you when you are talking or listening.
- People may read a different tone or voice or meaning into your writing from what you intended. When writing, try to phrase what you are saying to minimize the chance of being misunderstood.
- Be especially careful when making jokes, since they are often not taken the way they are intended. Jokes that demean people are never OK at all.
- And always, be kind. Software development and DevOps may be fun, but sometimes they can be exhausting or stressful. Think about the person behind the screen and treat them the way you would want to be treated.
Full-time employees of Rapid River will receive an @rrsoft.co email address, as will contractors in specific situations. This is a Gmail account and its use is subject to the rules described in the Security section below.
If you have an @rrsoft.co address, please use it wisely. It carries the name of our company and as such, it is more than just "your email address"; it is you speaking as a representative of Rapid River Software. Never forward sensitive information received at an @rrsoft.co address to anyone other than those who need to see it.
All @rrsoft.co email is considered the company's property, and the company reserves the right to examine any such email at any time. That said, we never want to feel the need to exercise that right, so please keep your communications on company email appropriate, professional, legal, and secure at all times.
If you have any questions, please ask your manager for clarification.
Everyone at Rapid River is invited to join the Rapid River Slack, either as a single-channel guest or a regular user. Here are some tips to make life on Slack more enjoyable:
- Put messages in the correct channels
#general: Things that everyone at the company needs to know about#random: Random, fun, and goofy stuff. Cat videos, bizarre news headlines, happenings from your town that might be of interest to other Rapid Riverers#devops: Things of interest to practitioners of the dark DevOps magic.#farside: The best comic strip ever.
- Use Slack threading to stay on topic. This is a major thing! It's a lot easier to read a channel when discussions get moved into threads for a follow-up conversation.
- Emojis can be an effective way to express approval, surprise, joy, etc. instead of messages. Like threads, they reduce clutter in the channel and keep communication flowing.
- If you want to create a new channel (and you're not a single-channel guest), do it! But first check to make sure that it's not a duplicate of one of the existing channels, please.
Rapid River is in the business of building and maintaining systems that typically contain sensitive data. That sensitive data often belongs either to our clients or to their customers. As such, it is absolutely critical that all Rapid Riverers understand and follow proper security procedures when performing their work or when in possession of devices that can be used to access sensitive software, data, networks, or systems.
Rapid Riverers should always do their work in a secure physical space.
If you are working at home, you must be able to lock the space where you work when you are not there so that no unauthorized person has access to your computer or network devices.
If you work in an office, any space where you will leave behind computer or network devices must similarly be lockable and locked when you are not present.
If you are working for Rapid River on your own computing equipment, it must run one of the following operating systems:
- Windows 11 or later
- OS X 12.1 or later
- Ubuntu LTS 20.x or later
- Fedora Core 35 or later
You must configure your computer to apply critical patches from your operating system vendor within 30 days of their release.
Your computing devices should include software to automatically scan for viruses and malware using up-to-date virus and malware signatures. Your computing devices should also employ a software firewall in addition to any local hardware or enterprise firewalls you may have configured.
Your computer must also be configured to lock its screen when you stop working, close the laptop lid, or otherwise disengage from the computer. The screen lock should require a password set following the Passwords policies described below.
Rapid River reserves the right to audit your computing device(s) from time to time to ensure that these security requirements are being enforced. If your computer is not up-to-date, you will be asked to take unpaid time off until the issues in question are remedied.
All passwords used for your computing devices, Rapid River resources (such as email or Slack), as well as for any client systems to which you have been granted access, must meet the following requirements:
- be protected at all times
- be at least fourteen (14) characters in length
- be changed at least annually and not reuse any previous passwords
- may not contain the user’s account name or any part of their full name
We strongly suggest using a password locker such as LastPass or 1Password to simplify the management and rotation of passwords to comply with the requirements listed above.
Whether you work from home or in an office, we need the network on which you work to be secure. For that reason:
- WiFi shall be configured with a minimum of WPA2-PSK or WPA-2 Personal encryption standard.
- All default vendor passwords must be changed before connecting any devices for use at Rapid River.
- Router software shall be kept up to date and patched with vendor’s software.
- Routers shall have external access (remote administration) disabled.
- Default SSIDs must be changed from vendor default to something unique.
- We prefer you to configure guest WiFi features on your router if it supports it.
In addition, work with our client(s) will likely occur over VPN connections to our clients' networks. Only devices meeting the criteria in this handbook, and used for approved Rapid River work, should be connected to such VPN connections. VPN connections should not be shared or routable on your network.
Any other devices (phones, tablets, etc.) that you use to connect to Rapid River or client networks or resources should substantially follow the same guidelines as those given above regarding physical security, updates, passwords, and network security. We want your use of technology to be convenient and portable, but never at the expense of security.
All data or source code belonging to Rapid River or its clients must be encrypted at rest. Users of the following operating systems should activate the appropriate encryption mechanism for their computers' hard drives:
- Windows 11: BitLocker
- OS X: File Vault
- Ubuntu Linux: Full disk encryption (FDE) or LUKS
- Fedora Linux: LUKS
Make sure to store your decryption keys somewhere safe!
A lot of the data that you will interact with during your time at Rapid River will belong to Rapid River Software and/or its clients. That includes but is not limited to:
- Source code
- Documents, including word processing, spreadsheets, presentations and other file formats
- Credentials such as passwords, keys, and passphrases
- Database dumps or copies used for development or other purposes
- Configuration files and other metadata
You should never access, copy, or share such data unless required by your job function. Before sharing outside of Rapid River or the relevant client organization(s), make sure to mark the document as confidential and property of Rapid River and/or the relevant client organization as appropriate.
If you have any questions, please ask your manager and they will be happy to guide you so that you can feel confident.
To help you understand the importance of different types of data and how to access such data appropriately, Rapid River and/or its clients will provide you with appropriate training on the following subjects:
- HIPAA Compliance
- PCI
- CCPA and GDPR, where appropriate
Please let your manager know if you have not received training in any of these areas and we will work with you to get you trained. Once you've completed appropriate training modules, please let the Human Resources Director know so that we can annotate your personal records appropriately.
It is nearly impossible to overstate the importance of reporting security incidents or data breaches. Under a variety of laws: GDPR, CCPA, HIPAA, and others, it is can be either a crime, a serious civil infraction, or both not to report a known or suspected security incident or data breach. So it is not only Rapid River's reputation, but even its actual existence as a company, that is on the line when it comes to properly handling data privacy and protection.
If you feel that any of the following has happened:
- A physical device containing sensitive Rapid River or client data was stolen or compromised
- An unauthorized person gained access to your device, Rapid River's network resources, or any client network resources
- Data or source code belonging to Rapid River or one of our clients was compromised or exfiltrated by an unauthorized user
- Any other sort of security or privacy breach that could put Rapid River's or our clients' data, intellectual property, physical property, personal property, or other assets at risk
then immediately report the incident to your manager. We will work with you and with local authorities to correctly and thoroughly report the incident, and we will handle any reporting that may be required within our client organizations as well.
Not reporting a security incident or data breach because of embarrassment or because you think it is "no big deal" is NOT acceptable. Everyone makes mistakes; the only unforgivable one is not coming forward and admitting it so that we can handle the situation appropriately.
If you feel there are items overlooked in this employee handbook, please provide us with feedback through your manager or the Human Resources Director.
This document is stored in Github at README.md