Information Governance

Policy 9 - Management of Information Security Incidents and Review of Policies

Summary

The University is committed to investigating and monitoring all reported information security incidents. This Policy provides clear guidance on what to do in the event that individuals become aware of an information security incident and, following this, how these are then subsequently handled by the University. The Policy outlines the role of Information Security staff in the following:

  1. investigating the cause and extent of reported incidents,
  2. making recommendations for further action (i.e. reporting to legislative organisations, notifying data subjects),
  3. making recommendations for further action to minimise the likelihood of the incident being repeated.    

Finally, the Policy details how incidents will be monitored by the University, with a view to identifying specific areas of risk, which may then result in recommendations to amend information security policies and/or the provision of further training.     

Owner

Academic Registry/Information Governance Sub-Committee

Version/review date

Version 1: June 2016

Stakeholders

This Policy is relevant to all staff, students and external partners who handle University information. It is also relevant to members of the public who may become aware of an information security incident in which the University is involved.

Policy download

Management of Information Security Incidents and Review of Policies - PDF

Approved June 2016

Related document

Related Document: Report a Missing Laptop

To be completed if you discover your University laptop has been lost or stolen.

Reporting an incident

Reporting an incident - data breach form link

Information on the Data Privacy pages showing what to do if a data breach has occured

Contact usInformation Governance

Claire Vallance

Information Governance Manager

Tel: 01509 226686

Homepage: Visit website