Janet stood up from the conference table and left the room.
The meeting had not lasted long, considering how significant its impact would be on Janet’s life. Two officers from the corporate security team waited in the hallway to walk her to her office and collect her personal possessions, which were already in a box at her administrative assistant’s desk. Her access card, phone, tablet, and laptop were already turned in, and every password she had ever used at SLS had been deactivated.
She was not looking forward to explaining this to her family.
The meeting in the room continued.
Fred asked, “Are we sure this was our only course? This seems harsh to me.”
Janet’s superior, the senior vice president of marketing, nodded and said, “I have to say that I agree. Janet was a solid performer and will be difficult, and expensive, to replace.”
Charlie added, “I know what you mean. Jamie Hyack, the network engineer, is the same, except he chose to enable Janet’s network access for her rotisserie league server without approval, without change control, and putting the company’s entire network at risk. He had to go.”
Gladys took a breath and said, “Sadly, this was needed. We cannot have two tiers of enforcement in our application of policy. If we do not enforce this policy requirement on executives, how can we be expected to have compliance from other employees?”
She continued, “As Charlie pointed out when we decided on this course of action, we have to enforce the policy we have in place. We can make changes to it that we feel better about and enforce those changes in the future.”
Does this application of policy seem harsh to you? What alternatives might be implemented in policy to make it enforceable and perhaps less stringent than in this example?