2.9 Enforcement & Sanctions
quote blockFailure to comply with USU’s Information Security policies, including but not limited to unauthorized access, data misuse, or failure to report security incidents, may result in disciplinary action. Potential sanctions include loss of access to university IT resources, termination of employment or academic privileges, and, where applicable, legal action. Violations will be investigated in accordance with university procedures, and actions will be determined based on the severity of the infraction.
Disciplinary actions will be enforced in alignment with the following policies:
- USU Policy 3001: Setting Expectations and Managing Performance
- USU Policy 4006: Academic Due Process—Sanctions and Hearing Procedures for Faculty
- Article VI of the Student Code: Governing Procedures for Students
quote block
Why
Clear enforcement measures are essential for maintaining the integrity of USU’s Information Security Program. When individuals violate security policies—whether by misusing sensitive data, failing to report an incident, or engaging in unauthorized access—they create risks not only for themselves, but for the entire university community. Sanctions deter misconduct, promote accountability, and help ensure that security obligations are taken seriously across all roles at the institution.
How
If a violation of USU’s Information Security policies is suspected, it will be investigated through the appropriate university channels, such as Human Resources, the Office of the Provost, or the Student Affairs Office. The severity of the action—ranging from informal coaching to formal disciplinary measures—will depend on the nature and impact of the violation. Sanctions may include revocation of access to university IT systems, employment consequences, or academic penalties. In cases where legal violations occur, referrals may be made to external authorities. All enforcement actions will follow the due process guidelines outlined in USU’s human resources, faculty, and student policies.