Versions Compared

Old Version 1

changes.mady.by.user Elsa Mendes

Saved on

compared with

New Version Current

changes.mady.by.user Elsa Mendes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printabletrue

Purpose: The purpose of this policy is to establish a fair and transparent disciplinary process for addressing misconduct, policy violations, or non-compliance with the company's standards, particularly in relation to information security, confidentiality, and the handling of sensitive synthetic data and AI technologiessystems. This policy aims to protect the integrity, availability, and confidentiality of information assets while maintaining a professional and ethical workplace across our distributed and remote team.

...

Examples of disciplinary issues related to security and technologymay include, but are not limited to:

  • Unauthorized access to sensitive data or systems.

  • Mishandling or misuse of data.

  • Sharing confidential information outside of authorized channels.

  • Circumventing security protocols, such as encryption or authentication requirements.

  • Failure to comply with information security controls.

  • Misuse of company communication tools.

  • Unauthorized software installation.

  • Failure to report security incidents.

2. Initial Investigation

Once a violation is reported or detected, an internal investigation is initiated. This involves:

  • Gathering evidence: Security logs, system reports, interviews, or other relevant information.

  • Involving the Chief Information Security Officer (ISOCISO): For cases related to security breaches, non-compliance with information security policies, or technology-related incidents.

  • Consulting with HR: To ensure that any actions taken comply with labor laws and internal company policies.

...

A formal meeting will be scheduled between the individual involved, their direct manager, a representative from HR, and, where applicable, the Information Security OfficerCISO.

Agenda:

  • Present the findings of the investigation.

  • Allow the individual to present their case.

  • Discuss potential mitigating factors.

  • Agree on the next steps or any corrective actions.

...

Escalation and Reporting

  1. Reporting to the Information Security OfficerCISO: Any violations involving information security, systems, or data privacy must be immediately reported to the ISOCISO. The ISO CISO is responsible for ensuring any security incidents are properly logged, investigated, and remediated according to the Information Security Management System.

  2. Reporting to Regulatory Authorities: If a security breach or data incident triggers legal or regulatory obligations (e.g., GDPR or other data protection laws), the company will comply with the reporting requirements and notify relevant authorities within the prescribed timelines.

...