| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1535 - Personnel Sanctions | ||
| Id | f9a165d2-967d-4733-8399-1074270dae2e | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Personnel Security control | ||
| Additional metadata |
Name/Id: ACF1535 / Microsoft Managed Control 1535 Category: Personnel Security Title: Personnel Sanctions - Time Period for Notifying Personnel of Process Ownership: Customer, Microsoft Description: The organization: Notifies HR and the employee’s manager within 24 hours when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction. Requirements: Microsoft’s formal sanctions process for personnel failing to comply with established information security policies and procedures is defined in the Microsoft Information Security Policy. Specifically, depending on the particular type of misconduct, Microsoft’s Online Services Staff suspected of committing breaches of security and/or violating Microsoft Security Program Policy (MSPP) are subject to an investigation process and appropriate disciplinary action up to and including termination. When the Microsoft Human Resources (HR) team is notified of a possible security violation, the Office of Legal Compliance (OLC) is consulted. The OLC team advises HR if it is in scope for their team. If the incident is in scope for OLC, OLC investigates the possible security violation and reconnects with HR and the employee’s manager on the findings. If the allegation is substantiated, OLC recommends the disciplinary action to be taken and directs HR and the employee’s manager to debrief the employee and implement the discipline. Violations of Microsoft Information Security policies, standards, or procedures may result in corrective action, up to and including immediate termination of employment. In some cases, a breach of Microsoft Information Security policies, standards, or procedures may also violate an international, federal, state, or local law. In such cases, the individual may also be subject to civil and/or criminal liability. Once the OLC findings are delivered to HR and management, the employee, absent extenuating circumstances, is typically debriefed within two (2) weeks. This would be the same if HR were leading the investigation, not in scope for OLC. Security incidents are reported to US-CERT per the incident reporting requirements. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|