Description
The organization employs a formal sanctions process for personnel failing to comply with established information security policies and procedures.
Supplemental Guidance
The sanctions process is consistent with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance. The sanctions process can be included as part of the general personnel policies and procedures for the organization.
Enhancements
(0) None.
Compliance Mappings
ISO 27001:2022
A.6.4
ISO 27002:2022
6.4
NIST CSF 2.0
GV.RR-04
SOC 2 TSC
CC1.1-POF4CC1.5
ISO 42001:2023
A.3.3
NIS2 Directive
Art. 21(2)(i)
BSI IT-Grundschutz
ORP.2
ANSSI
Hygiene.7SecNumCloud.8.4
FINMA Circular 2023/1
IV.B.a(48)
OSFI B-13
B-13.1.1
EU GDPR
Art.32(4)
EU DORA
Art.5(4)
BIO2
6.4
RBI CSF
Annex1.8
FISC Security Guidelines
FISC.O8
LGPD + BCB 4893
LGPD.Art.47
SAMA CSF
1.7
NCA ECC
1-9
UAE IA
T5
Qatar NIA
HR
CBE CSF
CD-1GOV-2
SA JS2
JS2-8.6
CBN CSF
Part9
BoG CISD
CISD-XV
BoM CTRM
3.8
IOSCO Cyber Resilience
GOV-4
FFIEC IS
II.C.7
HIPAA Security Rule
§164.308(a)(1)(ii)(C)§164.308(a)(3)(ii)(C)
ECB CROE
CROE.2.3.2
BOT Cyber Resilience
Ch7.2
CMMC 2.0
PS
10 CFR 73.54
RG5.71-C-PS
NAIC Insurance Data Security
10
FCA SYSC 13
SYSC 13.6.4
HITRUST CSF v11
02.b
FDA 21 CFR Part 11
§11.10(j)
MiCA
Art.34(1)Art.36(1)Art.65(1)
SEC Custody (Digital Assets)
SEC-CD-16
ISO 17799 (legacy)
8.2.311.2.1
COBIT 4.1 (legacy)
None.