Termination of employment because of gross misconduct involving ISO 27001
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
0
down vote
favorite
I work for a small UK company in the IT department.
Hearing other employees struggle with the slow internet connection I discover malicious software (trojan horse) in the Internet access point.
I had concerns that in the installation of Trojan Horse may be involved someone from technical management. Therefore I addressed the issue directly to the company owner also suggesting a non-invasive and silent audit of the internal network. I got permission from Company owner to conduct an examination.
Two months later I have been accused of a possible gross of misconduct addressed as Data Breach according to the ISO 27001 standard.
My concern is that the disciplinary investigation and hearing process which implied in The letter of termination (due to gross of misconduct) has a formality to achieve terminating of my employment in a disciplinary manner.
Till the moment of accusation, I had little if any knowledge of the company's ISO 27001.
Asking about details such as ISO 27001 appendix A where it states as follows
A.5.1 Information security policy
Objective: To provide management direction and support for information security following business requirements and relevant laws and regulations.
A.5.1.1 Information security policy document
Control
An information security policy document shall be approved by management, and published and communicated to all employees and relevant external parties.
I was told that I should have been aware of the policy as it is A daily Jira process.
My further concern is that ISO 27001 was used as a tool to conduct the process procedurally.
software-industry united-kingdom termination fulltime
New contributor
add a comment |Â
up vote
0
down vote
favorite
I work for a small UK company in the IT department.
Hearing other employees struggle with the slow internet connection I discover malicious software (trojan horse) in the Internet access point.
I had concerns that in the installation of Trojan Horse may be involved someone from technical management. Therefore I addressed the issue directly to the company owner also suggesting a non-invasive and silent audit of the internal network. I got permission from Company owner to conduct an examination.
Two months later I have been accused of a possible gross of misconduct addressed as Data Breach according to the ISO 27001 standard.
My concern is that the disciplinary investigation and hearing process which implied in The letter of termination (due to gross of misconduct) has a formality to achieve terminating of my employment in a disciplinary manner.
Till the moment of accusation, I had little if any knowledge of the company's ISO 27001.
Asking about details such as ISO 27001 appendix A where it states as follows
A.5.1 Information security policy
Objective: To provide management direction and support for information security following business requirements and relevant laws and regulations.
A.5.1.1 Information security policy document
Control
An information security policy document shall be approved by management, and published and communicated to all employees and relevant external parties.
I was told that I should have been aware of the policy as it is A daily Jira process.
My further concern is that ISO 27001 was used as a tool to conduct the process procedurally.
software-industry united-kingdom termination fulltime
New contributor
1
Do you really mean 'data bridge'? Or 'data breach'?
â DJClayworth
2 mins ago
Have you actually been terminated? Or is the investigation still ongoing?
â DJClayworth
46 secs ago
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I work for a small UK company in the IT department.
Hearing other employees struggle with the slow internet connection I discover malicious software (trojan horse) in the Internet access point.
I had concerns that in the installation of Trojan Horse may be involved someone from technical management. Therefore I addressed the issue directly to the company owner also suggesting a non-invasive and silent audit of the internal network. I got permission from Company owner to conduct an examination.
Two months later I have been accused of a possible gross of misconduct addressed as Data Breach according to the ISO 27001 standard.
My concern is that the disciplinary investigation and hearing process which implied in The letter of termination (due to gross of misconduct) has a formality to achieve terminating of my employment in a disciplinary manner.
Till the moment of accusation, I had little if any knowledge of the company's ISO 27001.
Asking about details such as ISO 27001 appendix A where it states as follows
A.5.1 Information security policy
Objective: To provide management direction and support for information security following business requirements and relevant laws and regulations.
A.5.1.1 Information security policy document
Control
An information security policy document shall be approved by management, and published and communicated to all employees and relevant external parties.
I was told that I should have been aware of the policy as it is A daily Jira process.
My further concern is that ISO 27001 was used as a tool to conduct the process procedurally.
software-industry united-kingdom termination fulltime
New contributor
I work for a small UK company in the IT department.
Hearing other employees struggle with the slow internet connection I discover malicious software (trojan horse) in the Internet access point.
I had concerns that in the installation of Trojan Horse may be involved someone from technical management. Therefore I addressed the issue directly to the company owner also suggesting a non-invasive and silent audit of the internal network. I got permission from Company owner to conduct an examination.
Two months later I have been accused of a possible gross of misconduct addressed as Data Breach according to the ISO 27001 standard.
My concern is that the disciplinary investigation and hearing process which implied in The letter of termination (due to gross of misconduct) has a formality to achieve terminating of my employment in a disciplinary manner.
Till the moment of accusation, I had little if any knowledge of the company's ISO 27001.
Asking about details such as ISO 27001 appendix A where it states as follows
A.5.1 Information security policy
Objective: To provide management direction and support for information security following business requirements and relevant laws and regulations.
A.5.1.1 Information security policy document
Control
An information security policy document shall be approved by management, and published and communicated to all employees and relevant external parties.
I was told that I should have been aware of the policy as it is A daily Jira process.
My further concern is that ISO 27001 was used as a tool to conduct the process procedurally.
software-industry united-kingdom termination fulltime
software-industry united-kingdom termination fulltime
New contributor
New contributor
edited 1 min ago
New contributor
asked 6 mins ago
à Âukasz D. Tulikowski
101
101
New contributor
New contributor
1
Do you really mean 'data bridge'? Or 'data breach'?
â DJClayworth
2 mins ago
Have you actually been terminated? Or is the investigation still ongoing?
â DJClayworth
46 secs ago
add a comment |Â
1
Do you really mean 'data bridge'? Or 'data breach'?
â DJClayworth
2 mins ago
Have you actually been terminated? Or is the investigation still ongoing?
â DJClayworth
46 secs ago
1
1
Do you really mean 'data bridge'? Or 'data breach'?
â DJClayworth
2 mins ago
Do you really mean 'data bridge'? Or 'data breach'?
â DJClayworth
2 mins ago
Have you actually been terminated? Or is the investigation still ongoing?
â DJClayworth
46 secs ago
Have you actually been terminated? Or is the investigation still ongoing?
â DJClayworth
46 secs ago
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
à Âukasz D. Tulikowski is a new contributor. Be nice, and check out our Code of Conduct.
à Âukasz D. Tulikowski is a new contributor. Be nice, and check out our Code of Conduct.
à Âukasz D. Tulikowski is a new contributor. Be nice, and check out our Code of Conduct.
à Âukasz D. Tulikowski is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fworkplace.stackexchange.com%2fquestions%2f121948%2ftermination-of-employment-because-of-gross-misconduct-involving-iso-27001%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
Do you really mean 'data bridge'? Or 'data breach'?
â DJClayworth
2 mins ago
Have you actually been terminated? Or is the investigation still ongoing?
â DJClayworth
46 secs ago