Mark Shelhart
2 min read

In today's digital age, human resources (HR) incidents and policy violations are becoming increasingly complex and sensitive. It's not just about documenting issues and implementing policies; it's also about conducting impartial investigations that ensure fairness, transparency, and compliance. While many organisations often rely on their in-house IT departments to handle these matters, there are several compelling reasons why IT should not be leading these efforts. In this article, we'll explore these reasons and discuss why hiring an external Forensic/Incident Response (IR) firm might be the better approach.

 

  1. IT might know or have feelings towards the person involved. HR incidents and policy violations often involve employees or individuals within the organisation. IT staff may have personal connections or emotional ties to these employees, which can cloud their judgement and compromise the impartiality of the investigation. This can lead to biassed outcomes and create an atmosphere of distrust within the organisation.  At the very least, your IT person likely has had a personal experience with this person, even if it was just to set up their computer, or fix a printer issue, etc.

 

  1. IT might be one of the persons involved in the incident. In some cases, an IT staff member could be directly or indirectly involved in the incident or violation. In such instances, it becomes impossible for them to objectively investigate a situation in which they themselves may be implicated. An external Forensic/IR firm brings an independent perspective and ensures unbiased scrutiny.

 

  1. IT might not agree with the policy violation.  IT professionals may have their own opinions on HR policies or the severity of the violation. These personal beliefs can influence their investigative approach, leading to inconsistencies in how cases are handled. External experts, on the other hand, are trained to maintain objectivity and adherence to established policies and standards.  

 

  1. IT has the ability to modify, tamper, delete, or withhold evidence. IT departments typically have the technical knowledge and administrative access to manipulate digital evidence. While most IT professionals are honest and ethical, the potential for data tampering or misconduct remains a concern. By involving an external Forensic/IR firm, organisations can reduce the risk of data manipulation and ensure the integrity of the investigation.

 

  1. IT is busy. IT departments are already inundated with tasks related to maintaining the organisation's technology infrastructure. Asking them to handle HR incidents and policy violations in addition to their regular workload can be overwhelming and lead to delays in investigations. External firms, dedicated to handling such cases, can provide prompt and efficient services without disrupting IT's primary responsibilities.

 

In conclusion, when it comes to HR incidents and policy violations, it's crucial to maintain a fair and impartial investigative process. Relying on the internal IT department can present various challenges, including potential bias, conflicts of interest, and limited availability. By retaining an external Forensic/IR firm, organisations can ensure the integrity of their investigations, maintain employee trust, and foster a workplace culture built on transparency and accountability. While IT plays a critical role in many aspects of an organisation, HR-related investigations are best left to external experts who can provide a neutral and professional perspective in a timely manner.

 

If you need help with a cyber or HR related incident, the Foregenix team is always willing to help.

 

 

Subscribe to our Blog

Contact Us

Access cybersecurity advisory services

 

Mark Shelhart
Mark Shelhart

Mark is Principal Consultant of Forensics and Incident Response with Foregenix, an international cyber response firm. His expansive technical background and excellent communication skills allow him to efficiently drive e-discovery, incident response and other forensic projects to effective conclusions. His leadership role in the forensics practice includes speaking at conferences and writing for industry publications to share his knowledge of the information security and forensics industries. Mark has more than 20 years of experience working in consulting, information technology, e-discovery and incident response, including previous roles as a Vice President of Incident Response and Forensics and as a Forensic Practice Manager.

See All Articles
SUBSCRIBE

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.