Acceptable Use Policy Violation Investigation Procedure (AC-PROC-001)
1. Purpose
To define the process for investigating, documenting, and responding to reported violations of the network acceptable use policy.
2. Scope
This procedure applies to all workforce members and all reported or detected violations of the Network Acceptable Use Policy (AC-POL-002).
3. Overview
This procedure outlines the steps for responding to potential violations of the acceptable use policy, from initial report and investigation through to documentation and sanctioning, ensuring a consistent and fair process.
4. Procedure
Provide the detailed, step-by-step instructions for carrying out the procedure. The table format is standard.
| Step | Who | What |
|---|---|---|
| 1 | Reporter (User or Automated System) | A potential violation is reported by a user or detected by an automated system. |
| 2 | IT Department & Security Officer | Investigate the report to validate the violation and assess its impact. |
| 3 | IT Department or Security Officer | The employee’s manager is notified. |
| 4 | Manager & Human Resources | In consultation with HR, a sanction is determined consistent with the Sanction Policy. |
| 5 | Security Officer/IT Department | The outcome is formally documented. |
Note: If the security team determines that the violation is critical, an incident post-mortem may be initiated to analyze the incident in detail.
5. Standards Compliance
This section maps the procedure steps to specific controls from relevant information security standards.
| Procedure Step(s) | Standard/Framework | Control Reference |
|---|---|---|
| 1-5 | SOC 2 | CC6.8 |
| 1-5 | HIPAA | 45 CFR § 164.308(a)(5)(ii)(B) |
6. Artifact(s)
A completed policy violation investigation report.
7. Definitions
N/A
8. Responsibilities
Clearly assign responsibility for various aspects of the procedure.
| Role | Responsibility |
|---|---|
| Reporter | Any workforce member responsible for reporting suspected policy violations. |
| IT Department | Investigates reported violations, validates their authenticity, and assesses technical impact. |
| Security Officer | Oversees the investigation process and ensures compliance with security policies. |
| Managers | Notified of violations by their direct reports and participate in determining appropriate sanctions. |
| Human Resources | Consulted on sanctions to ensure consistency with company policy and legal requirements. |