Many organisations will at some point need to carry out some kind of internal investigation into a member of staff. The primary duty for an investigator is to establish the true facts, whilst adhering to appropriate HR policy and employment laws.
Organisations can react disproportionately to accusations, which can lead to costly employment tribunals or an unhappy and disaffected workforce. Conversely organisations which fail to take any appropriate investigative and subsequent disciplinary action can create a culture where staff actively disregard security policies and processes.
With correct procedures in place employees who understand policies and regulations, and competent trained investigative staff, your organisation is better equipped to avoid these pitfalls and maintain trust.
A Security Investigations Quick Guide is available for those that undertake security investigations as part of their personnel security model.
Further information on investigating employees of concern is available.
In addition to investigating an insider act your organisation needs to have a risk management process in place which manages the consequences of the act and a process in place that helps you:
- identify and analyse the root cause of the incident
- identify the appropriate disciplinary actions or interventions that need to be undertaken
- assess the effectiveness of current control measures in place
- identify gaps in practice and
- develop more effective control measures.
These processes help your organisation learn from the incident and put in place measures to prevent the incident from occurring again.
See also Principles of Risk Assessment