...
The IT security verification audit team will work under the direction of the supervisory committee or its designated representative. This should assure the organization’s board of directors and management that the level of knowledge and control about the organization’s IT security program requirements are adequate. Team clients members should include personnel knowledgeable about physical and environmental security, personnel security, information security, application security, hardware and software, telecommunications, technical controls, procedural security, contingency and disaster recovery planning and risk management. The actual number of team clients members may vary and should be limited to the smallest number possible to cover all areas of concern.
...
Employees should notify their immediate supervisor, the Department Manager or any client member of management upon learning of violations of this policy. Employees who violate this policy will be subject to disciplinary action, up to and including termination of employment.
...