Information Governance

Policy 9 - Management of Information Security Incidents and Review of Policies


The University is committed to investigating and monitoring all reported information security incidents. This Policy provides clear guidance on what to do in the event that individuals become aware of an information security incident and, following this, how these are then subsequently handled by the University. The Policy outlines the role of Information Security staff in the following:

  1. investigating the cause and extent of reported incidents,
  2. making recommendations for further action (i.e. reporting to legislative organisations, notifying data subjects),
  3. making recommendations for further action to minimise the likelihood of the incident being repeated.    

Finally, the Policy details how incidents will be monitored by the University, with a view to identifying specific areas of risk, which may then result in recommendations to amend information security policies and/or the provision of further training.     


Academic Registry/Information Governance Sub-Committee

Version/review date

Version 1: June 2016


This Policy is relevant to all staff, students and external partners who handle University information. It is also relevant to members of the public who may become aware of an information security incident in which the University is involved.

Policy download

Related document

Reporting an incident