Hi Rajat,
As I am worked for almost 2 yrs for incident management for symantec DLP . I can guide u better.
First u need to design the incident handling and escalation workflow. U can automate the esacalation workflow and start working on it.
U need to assess the incident on daily basis and escalate the incident to the supervisor of user for investigation, Once investigation done and if req keep HR in loop to appropriate actions.
Please refere some below guide
http://www.symantec.com/business/support/index?page=content&id=HOWTO82595
https://www-secure.symantec.com/connect/articles/dlp-policy-implementation-approach
https://www-secure.symantec.com/connect/forums/dlp-false-positve-incident