Final Project

Running head: Limitations of liability 2

Limitations of liability 2

Limitations of liability

Limitations of liability

The section covers various forms of liability of the Information Security Plan (ISO). The plan covers limitations on liability under two sections: statement of liability and other disclaimers.

1.0. Statement of liability or disclaimers

The liability of the organization is limited to the provisions given on the liability clause of the organization policy. Any other liability not subject to the policies will be subject to negotiations among the parties involved. It is the duty of the company to comply to the provisions outlined below an all employees and members of staff are expected to comply accordingly.

1.1. Liability on foreseeable losses

The company will not be liable for losses incurred as a result of incidents that occur after engagement into an agreement with a third party. However, the event must be reasonably unseen by the company before engagement into the agreement with the third party. In case of an employee acting on behalf of the company, there has to be disclosure to the relevant supervisor on the occurrence of the loss and a disclosure that it was not possible to foresee the loss of data before engagement with the third party.

1.2. Liability on the avoidable disasters

The company will be liable for loss of client data if there is an occurrence of a breach of safety protocols on client information. The event of breach must be avoidable if certain mechanisms were put in place. However, the liability of the company is based on the nature of breach and one that does not relate to the third party. This excludes errors made by the vendor of an information system or errors made by an employee. It is the duty of the company to ensure information relating to the operations and clients of the company is well-protected against loss.

1.3. Plausible deniability

In case of a transaction between a third party and a company official, there has to be formal processes which includes following the protocols into the organization. Any third-party accessing services of the company must report through the reception and gain access to the department in need of. This enable the company to establish presence of the individual into the company and ensure the company is responsible of all transactions done within the company’s premises. In such cases, the company is liable for any loss of information or any other form of damage that may occur in the process of client details management among the members of staff. However, any other form of business that is carried out contrary to the outlined procedure is considered unofficial. The company is not liable for any damages incurred in the process of accessing services contrary to company’s protocols. Without official communication, neither the company nor the top officials are held accountable for any discrepancies in such cases. However, the employee shall be held in contempt of the company’s policies which is subject to disciplinary review.

2.0. Other disclaimers

2.1. Repudiation of employees

The company expects all employees and members of staff to comply with the company’s policies. This include ensuring they use company’s technology appropriately and ensure there is no breach that can lead to loss of information from the company’s information systems. Employee’s conduct has a major contribution to the reputation of the company. This requires at most vigilance in ensuring all the conditions are aligned with. However, in case of violation of company’s policies, the employee will be subject to disciplinary action. This include repudiation of the employee to ensure such actions are not repeated.