Policies and procedures have little enforceability without some consequences for failure to follow them. Thus, there needs to be a way to respond to failures to comply with the policies and procedures. It should be organizational policy that there is some form of discipline associated with failure to follow policies and procedures. Usually, this includes discipline up to termination for egregious or repeated offenses.

Policies and procedures have little enforceability without some consequences for failure to follow them. Without strong policies and procedures that are followed, a system may be at greater risk for compromise or downtime.

They expect that there will be guidelines and procedures for disciplining employees that do not follow policies and procedures.  This usually includes up to termination for egregious or repeated offenses.

Every organization should have a human resources policy. The human resources policy should include the policies and procedure on how to deal with employees, such as how to do reviews, how to request and approve vacations, how to onboard employees, how to terminate employees, how to discipline employees, and other human resource related issues.

They want to know that there is a formalized process for dealing with employees, of particular importance here is the discipline and termination of employees for not following security or data handling policies.

They want to know that people who violate policies that may affect their data or consumed services will be disciplined or terminated.