Reporting an Information Security Incident or Weakness
Significant Incident: Requires Immediate Attention
Telephone CIS Service Desk on Ext 41515 (or 0191 334 1515), including out of hours, otherwise use the self-service application
Report to CIS Service Desk using the online self-service capability. This link will open the form directly. Otherwise, use the 'User Accounts and Security' option to open a new call to report a 'Security Incident or Data Breach'. Avoid using the 'New Call' option from the initial page as this relates to IT/break/fix calls, not security incidents
What must be reported?
Incidents involving personal or commercially-sensitive information, e.g. Lost or stolen information and devices, Incorrectly sent personal information, Unauthorised access to information. Information security weaknesses that could lead to a loss of personal or commercially-sensitive information, e.g. Individual challenged for identity and refused access, Sensitive information left out when not in use
Why should incidents and weaknesses be reported?
May have statutory or contractual reporting requirements. Without timely visibility we may not be able to fulfil legal obligations. The longer an incident goes unreported, the longer a vulnerability may remain unaddressed allowing the incident to escalate or for further incidents to occur. Understanding information security weaknesses allows us to develop and implement systems and processes that are more robust which prevent weaknesses becoming incidents
Who should report?
All employees, contractors and temporary workers. All students, when engaged on a programme of study or when working for the University in a paid or unpaid capacity. Third parties should report initially to their University contacts. It is the University contact that should then report within the University. Third parties should not report incidents directly using this process unless contractually bound
When do I report incidents and weaknesses?
Incidents and weaknesses should be reported as soon as possible after they are discovered
How do I report the incident or weakness?
Only basic details are required to report the incident or weakness. Respond to the questions from the online form or Service Desk Analyst. If submitting via email, provide an outline of what has happened or has been observed. Do not include any personal data involved in the incident. Support any investigation arising as fully as possible. Information will be recorded in confidence and not retained within the workflow tool to preserve security and confidentiality
What happens after the report is made?
The Information Security Incident Response Team will make an initial assessment to determine the next steps. The severity of the incident will inform and direct the appropriate level of leadership involvement. An investigation may be conducted using a variety of techniques and tools, including interviews, site visits and forensic analysis. The outputs of the investigation may include corrective and preventive actions, formal reporting or other communications