Ex Libris Security Disciplinary Policy
Version 1.2
Overview
Ex Libris has instituted a discipline policy for security breach situations when employee conduct has been determined to be unacceptable. Ex Libris reserves the right to determine what situations require disciplinary action and what course of action should be taken, as permitted by law. This document describes the Ex Libris discipline policy with the understanding that no policy can address all possible situations that may arise.
Purpose
This policy addresses what disciplinary action may be taken when employee behavior has been determined to be unacceptable and which results in a security breach due to negligence or intentional violation of Ex Libris policies, practices, and/or procedures. Disciplinary action may also be taken for other forms of improper conduct.
Scope
This policy applies to Ex Libris employees worldwide as well as contractors and outsourced workforce. The policy will be administered by the HR department, in coordination with the Ex Libris Chief Information Security Officer (CISO) and the employee’s direct manager.
Policy
General
Disciplinary actions are determined based on the severity of the security breach. Multiple security breaches and the effective period determine the disciplinary actions taken. The Chief Information Security Officer (CISO) must be notified in case of any security breach.
Security Severity Levels
Security issues are categorized by the following severity levels:
- High Severity – Incidents that compromise sensitive or personal data or have actual or potential severe impact on Ex Libris operations or systems
- Medium Severity – Incidents that have actual or potential moderate impact on Ex Libris operations or systems
- Low Severity – Incidents that have actual or potential minimal impact on Ex Libris operations or systems
In addition to the parameters listed above, the effective security severity level will also be determined based on the discretion of the Ex Libris HR department, the Chief Information Security Officer (CISO) and the employee’s direct manager.
Multiple Security Breaches and the Effective Period
Multiple security breaches that occur during the same effective period can be cause for more severe disciplinary action.
Action Process
In the case of a security breach please contact your local HR Business Partner to understand the
disciplinary process for the country in which the employee is employed. Your local HR Business Partner will give advice and guidance of how to proceed with the appropriate disciplinary action necessary.
Enforcement
The HR department and the Chief Information Security Officer (CISO) monitor the security disciplinary process. In case of a security breach, the Chief Information Security Officer (CISO) is notified so preventive actions and blocking measures can be taken. Intentional violations of this policy will be reported to the Ex Libris senior management. Direct managers are obligated by this policy to administer the relevant disciplinary actions, as permitted by law.
Record of Changes
| Type of Information | Document Data |
|---|---|
|
Document Title: |
Ex Libris Security Disciplinary Policy |
|
Document Owner: |
Shai Blomberg – GRC Analyst |
|
Approved by: |
Tomer Shemesh – Ex Libris Chief Information Security Officer (CISO) |
|
Issued: |
Apr 23, 2020 |
|
Reviewed & Revised: |
Aug 21, 2022 |
Revision Control
| Version Number | Nature of Change | Date Approved |
|---|---|---|
|
1.0 |
Initial version |
Apr 23, 2020 |
| 1.1 | Reviewed - Tomer S | Mar 24, 2021 |
|
1.2 |
Review – Shai B |
Aug 21, 2022 |
Document Distribution and Review
The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver