The InfoSec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-through, video monitoring, intrusion detection tools, business tool reports, internal and external audits, and feedback to the policy owner.

What happens to employees not following the security policy? An employee found to have violated this policy may be subject to disciplinary actions up to and including termination of employment. ]

1 answer

It's essential for every organization to have clear guidelines regarding the consequences of violating security policies. Here’s a more detailed description that you may find appropriate:


Employees who do not comply with the information security policy may face disciplinary actions based on the severity and nature of the violation. Potential consequences may include, but are not limited to:

  1. Verbal Warning: For minor infractions, a verbal warning may be issued as a first step, reminding the employee of the policies in place and the importance of compliance.

  2. Written Warning: Repeated minor violations or a more serious infraction may result in a formal written warning, which will be documented in the employee’s file.

  3. Mandatory Training: Employees may be required to complete additional training related to information security practices and policies to reinforce the correct behaviors and the significance of compliance.

  4. Suspension: For significant violations or repeated offenses, a temporary suspension from duties may occur, allowing time for further investigation and consideration of actions.

  5. Termination of Employment: In cases of severe violations, particularly those that jeopardize company assets, data integrity, or security protocols, termination of employment may be necessary.

  6. Legal Action: In extreme cases, violations that involve illegal activities or compromise personal or organizational data might lead to legal action, depending on the circumstances.

The organization reserves the right to determine the appropriate disciplinary action based on the context, intent, and impact of the violation. Employees are encouraged to familiarize themselves with the information security policy and to seek clarification when in doubt. Compliance is crucial not only for the security of the organization but also for protecting the interests of all employees and stakeholders.


Let me know if you need any adjustments or additional details!