Information breaches should be subjected to a disciplinary process once confirmation has been authorised.

Information breaches should be subjected to a disciplinary process once confirmation has been authorised.

Information breaches should be subjected to a disciplinary process once confirmation has been authorised. It should provide for a fair and balanced hearing with any response proportionate to the offence.

Not mentioned in the standard, but you should treat these actions as a security incident, and take steps to prevent recurrence where appropriate.

Return to the ISO 27002 main page here: https://activaconsulting.co.uk/iso-27002-controls/