Information Security Incidents & Weaknesses Reporting
Why do you need to know about this?
An information security incident is a sudden event causing the accidental or malicious destruction, loss, alteration, unauthorised disclosure of, or access to, information which is Confidential (Personal); Confidential (Commercial) or Secret. An information weakness, is where a threat to the security of this information has been identified, for example as a result of existing systems, services or practices.
You are responsible for reporting any incidents or weaknesses that you become aware of.
What do you need to do?
- Report any incident, weakness (or potential incident or weakness) immediately
- Report any loss/theft of a device (e.g. laptop, mobile, USB) if it stores or is used to store or access University information, even if it is your own property
- Take any action you can to reduce consequential risk
- Delay reporting – early reporting can often enable the University to take preventative measures
- Avoid reporting - even if it turns out to be a false alarm we need to know so we can help others avoid the same mistakes
To report an incident or weakness:
- Complete an Information Security Incident and Weakness Reporting Form
- Emailing firstname.lastname@example.org
- Telephoning IT Service Desk on (0191 33) 41515.
Please notify your Head of Department/College/Section at the same time.