Only in urgent, high-priority breach cases that require aggressive action. In these cases, the vigilance analyst will disconnect machine(s) from the network to isolate the machine and prevent further spread. The analyst will first send a proactive notification, alerting Information Security of the situation and requesting immediate response.

Devices in detect mode will not be remediated or disconnected by Vigilance without approval. Vigilance will contact Information Security for permission to act on these devices. Information Security will also attempt to contact someone at the affected unit before acting.

However, as a guiding principle, Information Security will always favour protecting the environment from the spread of the incident and will act before getting permission if the threat is obviously genuine.