UnixTime

Research Note

Disciplinary Process Checklist

Use this checklist when reviewing whether the disciplinary process can fairly handle information security policy violations.

On this page

When to use this

Use this checklist when reviewing whether the disciplinary process can fairly handle information security policy violations.

Checklist

  • Information security policy states that policy/control violations can lead to action.
  • Disciplinary process is documented and approved.
  • Process is communicated during onboarding and awareness training.
  • Criteria define when security violations trigger disciplinary review.
  • Process requires sufficient evidence before initiation.
  • Severity factors include intent, impact, role, history, and evidence quality.
  • Process supports fair and consistent treatment.
  • Third-party or contractor violations have a contractual/vendor-management route.
  • Outcomes and follow-up actions are recorded.
  • Cases are tracked to closure.

Review table

Area Evidence checked Gap Action Owner Due date
TBD TBD TBD TBD TBD TBD