Purpose

To protect the organization’s people, assets, and information, it is essential that all employees understand how to identify and report potential insider threats in a secure and confidential manner. This process ensures that concerns are addressed promptly, fairly, and without fear of reprisal.

Definition of an Insider Threat

An insider threat is any current or former employee, contractor, or business partner who has access to the organization’s systems, data, or facilities and uses (or intends to use) that access in a way that could harm the organization. This includes theft, sabotage, fraud, unauthorized disclosure of information, or other harmful acts.

Reporting Procedure

1. Recognize Indicators:
   Employees should remain alert to unusual behaviors or activities that may indicate a potential insider threat. Examples include repeated attempts to access restricted data, unexplained copying or emailing of sensitive files, sudden changes in work patterns, or expressed hostility toward the organization.
   
   
2. Report Promptly:
   
   • Primary Method: Submit concerns via the Confidential Insider Threat Reporting Form (available on the internal portal, HR site or via the Oculus HR).
   • Alternative Methods:
     • Email or call the Security Office. *For all Nugravity customers, the email address is security@[mycompany].com.
     • Contact the Insider Threat Program Manager directly
     • Speak confidentially with Human Resources or Legal Counsel if unsure
3. Confidentiality Assurance:
   All reports are handled in strict confidence. The identity of the reporting employee will be protected to the maximum extent possible. Information will be shared only with authorized personnel who need it to investigate or respond appropriately.
   
   
4. No Retaliation Policy:
   The organization strictly prohibits retaliation against any individual who, in good faith, reports a concern. Retaliation may result in disciplinary action, up to and including termination.
   
   
5. Investigation Process:
   An overview of the following actions constitutes the investigation process at a high level:
   
   1. Human Resources will review and assess the report promptly.
   2. If deemed credible, an internal investigation will be initiated.
   3. Findings will be documented, and corrective or disciplinary actions will be taken as deemed appropriate according to Corporate & HR Policy.
      
      
6. Follow-Up and Feedback:
   When possible, the reporting individual will receive acknowledgment that the concern has been received and addressed. Detailed outcomes may not always be disclosed due to privacy requirements.

Employee Responsibility

All employees share responsibility for maintaining a safe and secure work environment. Early reporting of potential issues is one of the most effective ways to prevent harm and protect our people, data, and reputation.

Do NOT use the Reply Form at the bottom of this article.