Each individual is responsible for protecting the University’s information assets, systems and infrastructure, and will protect likewise the information assets of third parties whether such protection is required contractually, legally, ethically or out of respect for other individuals or organisations.
Using the following procedure, all staff, students and other users should report immediately any observed or suspected security incidents where a breach of the University’s security policies has occurred, any security weaknesses in, or threats to, systems or services.
Reports should be made to your line manager, Head of Department and the Secretary to Council's Office via email@example.com.
You should provide the following information:
- Your name and contact details
- Type of incident (real or suspected). For example:
- Potential unauthorised disclosure or alteration of University information not routinely made available to the general public e.g. personal details of staff and students, sensitive research information, or data the University is legally or contractually bound to protect.
- Check the information classification in the Information Classification and Handling Procedure
- Loss or theft of electronic devices or media which store University information not routinely made available to the general public or data the University is legally or contractually bound to protect.
- Use of University facilities to undertake activities prohibited under Regulation 31 Governing the Use of University Computing Facilities.
- Details of the incident including dates, times and details of systems or type of information involved