When to use this
Use this checklist when reviewing whether the disciplinary process can fairly handle information security policy violations.
Related controls
- A.6.4 Disciplinary Process
- Information Security Policy
- A.5.36 Compliance with Policies, Rules and Standards for Information Security
Checklist
- Information security policy states that policy/control violations can lead to action.
- Disciplinary process is documented and approved.
- Process is communicated during onboarding and awareness training.
- Criteria define when security violations trigger disciplinary review.
- Process requires sufficient evidence before initiation.
- Severity factors include intent, impact, role, history, and evidence quality.
- Process supports fair and consistent treatment.
- Third-party or contractor violations have a contractual/vendor-management route.
- Outcomes and follow-up actions are recorded.
- Cases are tracked to closure.
Review table
| Area | Evidence checked | Gap | Action | Owner | Due date |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | TBD | TBD |
- Template
- Iso27001
- People controls
- Disciplinary process
Note Metadata
Aliases: Security Disciplinary Checklist
Source: 90 Templates/Disciplinary Process Checklist.md
Related Notes
- ISO 27001 A.5.1 - Policies for Information Security
- ISO 27001 A.5.36 - Compliance with Policies, Rules and Standards for Information Security
- ISO 27001 A.6.4 - Disciplinary Process
- A.6 People Controls MOC
- A.6.4 Audit Evidence Pack
- A.6 People Controls Implementation Guide
- A.6 People Controls Implementation Audit Risk Mapping
- A.6.4 Audit Checklist
- Templates MOC