M4.3.2 - DISCIPLINARY PROCESS Implemenattion Guidance
The entity shall enforce a formal disciplinary process for employees who have committed a security breach.
Back to M4.3.2 - P2 - DISCIPLINARY PROCESS
The disciplinary process should not be commenced without prior verification that a security breach has occurred.
The formal disciplinary process should ensure correct and fair treatment for employees who are suspected of committing breaches of security. The formal disciplinary process should provide for a graduated response that takes into consideration factors such as the nature and gravity of the breach and its impact on business, whether or not this is a first or repeat offence, whether or not the violator was properly trained, relevant legislation, business contracts and other factors as required. In serious cases of misconduct the process should allow for instant removal of duties, access rights and privileges, and for immediate escorting out of the site, if necessary.
