Mechanisms exist to define acceptable and unacceptable rules of behavior for the use of technologies, including consequences for unacceptable behavior.
Does the organization define acceptable and unacceptable rules of behavior for the use of technologies, including consequences for unacceptable behavior?