...
Gathering evidence: Security logs, system reports, interviews, or other relevant information.
Involving the Chief Information Security Officer (ISOCISO): For cases related to security breaches, non-compliance with information security policies, or technology-related incidents.
Consulting with HR: To ensure that any actions taken comply with labor laws and internal company policies.
...
A formal meeting will be scheduled between the individual involved, their direct manager, a representative from HR, and, where applicable, the Information Security OfficerCISO.
Agenda:
Present the findings of the investigation.
Allow the individual to present their case.
Discuss potential mitigating factors.
Agree on the next steps or any corrective actions.
...
Submitting a formal written appeal to the People HR department within 7 business days of the decision.
An appeal meeting with a different panel (including senior management or external advisors) to review the case and the disciplinary decision.
A final decision will be communicated in writing following the appeal review. The decision of the appeal process is final.
...
Escalation and Reporting
Reporting to the Information Security OfficerCISO: Any violations involving information security, systems, or data privacy must be immediately reported to the ISOCISO. The ISO CISO is responsible for ensuring any security incidents are properly logged, investigated, and remediated according to the Information Security Management System.
Reporting to Regulatory Authorities: If a security breach or data incident triggers legal or regulatory obligations (e.g., GDPR or other data protection laws), the company will comply with the reporting requirements and notify relevant authorities within the prescribed timelines.
...