Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

04) Is there a formal disciplinary process for employees who have breached company policy (including any breaches of company security policy)?

August 30, 2022
HR Security
Disciplinary Process

Answer yes if your organisation has a formal disciplinary process that is followed if an employee is found to have intentionally breached company policy. Please provide a document outlining the process (as a PDF file) as evidence (this may be covered by your organisation's Disciplinary Policy).

It is important to have a formal disciplinary procedure documented in case any employee intentionally breaches any of your organisation’s policies and enforcement action has to be taken. Having this process documented ensures that the process is transparent and consistent.

Policies only hold weight if they are consistently and effectively enforced.

However, it is important to acknowledge whether a policy has been broken intentionally or by accident. If, for example, an employee had broken one of your information security policies because they were not aware of the rules contained within the policy it may be better to increase employee training and awareness efforts than to discipline the employee.

How to implement the control

Disciplinary procedures can be subject to legal requirements that can vary between countries. Engaging a law firm to help your company build a disciplinary process is the best way to ensure a legal and high-quality process is embedded in your organisation.

You can also build your own policy as long as it complies with the Acas (Advisory, Conciliation and Arbitration Service) Code of Practice.

The UK government has some good advice that covers the key steps within a disciplinary process, this can be found here.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.