PS-08-727 Personnel Sanctions

Personnel Sanctions

PS-08-727
Personnel Sanctions
Personnel Security
LOW, MOD, HIGH
P3
Yes
February 15, 2018

Information security policies and procedures are enforced by Agency rule (Rule 29.01.99.I1) which includes the following statement:

Agency security control standards carry the same force and effect as agency rules, and noncompliance may be considered grounds for disciplinary action up to and including termination of employees.

Security breaches occur by employees due to lack of formal disciplinary process.
The organization: a. Employs a formal sanctions process for individuals failing to comply with established information security policies and procedures; and b. Notifies [Assignment: organization-defined personnel or roles] within [Assignment: organization-defined time period] when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.
Designated officials maintain a formal sanction program.
The state organization employs a formal sanctions process for personnel failing to comply with established information security policies and procedures.
Obtain personnel security policy; procedures addressing personnel sanctions; rules of behavior; records of formal sanctions; other relevant documents or records and ascertain if : (I)the organization employs a formal sanctions process for personnel failing to comply with established information security policies and procedures. (ii)the personnel sanctions process is consistent with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance.