Disciplinary actions should only be started after verifying a violation of the InfoSec policy has occurred. The disciplinary response should be proportional and consider issues such as the nature and severity of any breach, whether it was intentional or accidental, the first or repeat offense, and if the employee was correctly trained.