Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Ex Libris Security Disciplinary Policy

    Version 1.0

    Overview

    Ex Libris has instituted a discipline policy for security breach situations when employee conduct has been determined to be unacceptable. Ex Libris reserves the right to determine what situations require disciplinary action and what course of action should be taken, as permitted by law. This document describes the Ex Libris discipline policy with the understanding that no policy can address all possible situations that may arise. 

    Purpose

    This policy addresses what disciplinary action may be taken when employee behavior has been determined to be unacceptable and which results in a security breach due to negligence or intentional violation of Ex Libris policies, practices, and/or procedures. Disciplinary action may also be taken for other forms of improper conduct.

    Scope

    This policy applies to Ex Libris employees worldwide as well as contractors and outsourced workforce. The policy will be administered by the HR department, in coordination with the Ex Libris Chief Information Security Officer (CISO) and the employee’s direct manager.

    Policy

    General

    Disciplinary actions are determined based on the severity of the security breach. Multiple security breaches and the effective period determine the disciplinary actions taken. The Chief Information Security Officer (CISO) must be notified in case of any security breach.

    Security Severity Levels

    Security issues are categorized by the following severity levels:

    • High Severity – Incidents that compromise sensitive or personal data or have actual or potential severe impact on Ex Libris operations or systems
    • Medium Severity – Incidents that have actual or potential moderate impact on Ex Libris operations or systems
    • Low Severity – Incidents that have actual or potential minimal impact on Ex Libris operations or systems

    In addition to the parameters listed above, the effective security severity level will also be determined based on the discretion of the Ex Libris HR department, the Chief Information Security Officer (CISO) and the employee’s direct manager.

    Multiple Security Breaches and the Effective Period

    Multiple security breaches that occur during the same effective period can be cause for more severe disciplinary action.

    Action Process

    In the case of a security breach please contact your local HR Business Partner to understand the

    disciplinary process for the country in which the employee is employed. Your local HR Business Partner will give advice and guidance of how to proceed with the appropriate disciplinary action necessary.

    Enforcement

    The HR department and the Chief Information Security Officer (CISO) monitor the security disciplinary process. In case of a security breach, the Chief Information Security Officer (CISO) is notified so preventive actions and blocking measures can be taken. Intentional violations of this policy will be reported to the Ex Libris senior management.  Direct managers are obligated by this policy to administer the relevant disciplinary actions, as permitted by law.

     

    Record of Changes

    Type of Information Document Data

    Document Title:

    Ex Libris Security Disciplinary Policy

    Document Owner:

    Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

    Approved by:

    Barak Rozenblat - VP Cloud Services

    Issued:

    Apr 23, 2020

    Reviewed & Revised:

    Apr 23, 2020

     

     

    Revision Control

    Version Number Nature of Change Date Approved

    1.0

    Initial version

    Apr 23, 2020

    Document Distribution and Review

    The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver

    • Was this article helpful?