Businesses’ use of policies and action plans to protect their IT environment from child sexual abuse material

  • Nine in ten businesses have a corporate policy in place.
  • Eight in ten businesses have an action plan in place.

Nine in ten businesses have a corporate policy in place

Company policies are important frameworks for businesses as they define core values and strengthen company culture. They are designed to define and reinforce acceptable and unacceptable behaviour and conduct in the workplace, and the standards that employees are expected to meet. They also give an organisation leverage to act, providing opportunity to terminate employment where serious policy breaches have occurred.

Nine in ten of the surveyed businesses reported that they have a company policy in place that states that it is prohibited to handle child sexual abuse material in the company’s IT environment or on company devices.

Nearly one in ten companies reported that they do not have such a policy in place.

Eight in ten businesses have an action plan in place

A plan of action outlines a procedure to follow if child sexual abuse material is found in the business IT environment. It provides the organisation with a framework for steps to take and actions to be executed, to ensure that the situation is handled in a way that the company considers most correct.

Eight in ten businesses reported that they have an action plan in place to deploy if child sexual abuse material is found in the business IT environment.

More than one in ten businesses stated that they do not have an action plan of this sort in place.

Notification of law enforcement and internal reporting are most common actions

When the respondents were asked to describe the action plan, notification of law enforcement, internal reporting, securing of evidence and suspension and/or termination of employment were mentioned most frequently.

Notification to law enforcement

Nearly half of the total number of respondents (60 percent of those who have an action plan in place) reported that their action plan prescribes notifying law enforcement.

“ After the discovery we immediately include the authorities and collaborate with the investigation.”

“ We contact the correct authorities immediately.”

“ All the data that we find are immediately sent to the authorities.”

“ Report to police and ensure we keep the evidence.”

Internal notification

One third of the surveyed businesses reported that they notify someone internally, most commonly this was HR (nearly one in five), but it could also be the Executive Team, Head of Department, Local IT department or other.

“ We immediately have human resources respond.”

“ It is reported to HR and CTO.”

“ Manager escalates to Department Head, Department Head alerts Human Resources, HR informs me and CIO to engage background check.”

Share of businesses that report having a corporate policy in place that states that it is prohibited to handle child sexual abuse material within the company’s IT environment or on company devices

Share of businesses that report having an action plan in place to deploy if child sexual abuse material is found in the organisation’s IT environment

One in twenty of the surveyed businesses reported that their action plan includes notification of the employees’ supervisor or manager.

“ If they somehow get around the filter we notify their manager.”

“ IT Staff tips off HR and Manager.”

“ IT Group notifies executive team, CHRO is contacted. Supervisor of employee is contacted.”

Action to secure evidence

One in five of the businesses stated that their action plan includes instructions to secure evidence.

“ We would isolate the equipment immediately and remove it from the network. We would then call in an incident response team to investigate.”

“ We immediately freeze the user account and do a 48-hour investigation.”

“ Ensure proof of violation, see how they were able to get around the filter, and report it.”

“ Record the dates, times and facts of the incident, report to HR, and authorities.”

Two of the responding companies specifically answered that they review the material before reporting to law enforcement.

“ After this is found, we review it and then send to the police.”

“ This material is reviewed after being discovered and sent to the authorities.”

Suspension and termination of employment

One in ten of the surveyed companies reported putting the employee on suspension while the case is being investigated, and one in five reported that any employee found in possession of child sexual abuse material will have their employment terminated.

“ We gather all documentation, person is put on suspension, authorities are contacted.”

“ Immediately notify law enforcement and place the suspected violator on a leave of absence for the investigation.”

“ Follow appropriate steps by notifying HR, contacting the authorities, and placing them on suspension until we can confirm their involvement which will result in termination.”

“ Immediate termination and reports to the Police.”

“ To fire that offender and alert police.”

Deletion of suspected material

One in twenty of the surveyed businesses answered that the only action outlined in their plan is to delete the illicit material.

“ We delete the images and other stocks of proof.”

“ We detect it then take it down and delete the software.”

Breakdown of the different reported actions outlined in the organisations’ action plans

Positions to be reported to internally according to the organisations’ action plans

Comments to insight 7-8

More results from the NetClean Report 2019