...
Information Security may escalate issues through layers of management based on the severity of the non-compliance or the number of times non-compliance has been detected. Unless a previous exception has been approved by the Information Security Office, related services, access or network connectivity for the offending information asset will be suspended until the Information Security Office has received a written summary of corrective actions, signed by the individual, their manager, and if necessary the appropriate Dean or VP for the department.
Individual System Owner Notification | Supervisor, Dean and VP Notification | System Suspended | |
First Incident | Yes | ||
Second Incident | Yes | Yes | |
Third Incident | Yes | Yes | Yes |
By Direction of the CIO:
Mira Lalovic-Hand,
SVP and Chief Information Officer
...