The organisation has a policy for disciplinary action and inappropriate handling of information.
Police reports will be filed when willfully breaking of the law or actions with criminal intent are ascertained with regards to data handling. A record of this will be placed in the personnel file. The case will immediately be presented to a committee consisting of representation of the Organisational Unit, CISO and HR that will determine the disciplinary action.
Specification
Upon noting deviations from information security policy and inappropriate handling of data, initially an informal warning will be given by the supervisor. If a second case presents itself within a year, a formal warning will be given and logged in personnel files.
If within a year of the last formal warning a new situation presents itself, a final formal warning will be given. If within a year of the final formal warning a new situation presents itself, the case will be presented to a committee consisting of representation of the Organisational Unit, CISO and HR that will determine the disciplinary action.
ISO 27001 & 27002:2022
-
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
-