Incident response

To safeguard our University information, it is essential that you report information governance incidents as soon as possible. Please follow the 3 steps below when reporting an information governance incident. 

Step 1 - Identify

In order to report an information governance incident, you need to be able to identify it.

What is an incident or weakness?

• Information security incidents involve risk to the confidentiality, integrity or availability of information that has value to the University. For example:
  • Lost or stolen information and devices
  • Incorrectly shared personal information
  • Unauthorised access to information
• Information security weaknesses couldlead to a loss of information, e.g.
  • Unauthorised individual granted access to a secure area
  • Sensitive information left out when not in use

Specific examples of information governance incidents

• SENSITIVE data being made publicly available on a website
• Data being emailed to inappropriate recipients
• Loss of an unencrypted memory stick containing University information
• Paper copies of meeting papers being left unattended in a public place
• SENSITIVE data being accessed on an unsecured device

Step 2 - Report

It is important that you report an information governance incident as soon as possible after it has been discovered.

Why should incidents and weaknesses be reported?

• Information governance incidents may have statutory or contractual reporting requirements. Without timely visibility of the incident through reporting, we may not be able to fulfil legal obligations.
• The longer an incident goes unreported, the longer a vulnerability may remain unaddressed, allowing the incident to escalate or for further incidents to occur.
• Understanding information governance weaknesses allows us to develop and implement systems and processes that are more robust, which prevent weaknesses becoming incidents.

Who should report?

• All employees, students, contractors and temporary workers.
• Any Third parties should report initially to their University contacts. The University contact should then report within the University.

Where do I report incidents and weaknesses to?

• Confirmed or suspected information governance breaches should be reported promptly to the Information Governance Team via this Assist form.
  Please provide as much detail as you can about the incident - you can find guidance on what to include here.
• Report suspicious emails to the IT Helpline by calling 0161 247 4646.
• Loss or theft of a University device or personal device used to access University data should be reported to the IT Helpline. If the device is stolen from University premises then it should also be reported to security on 0161 247 1334/3545.
• If a University-owned mobile device has been stolen then it is the user’s responsibility to report the theft to the Police as a matter of urgency. The Police will provide a Crime Reference Number, which needs to be submitted to the IT Helpline.

What to include in a report

• Include as much detail as possible, including dates, times, system affected.
• Respond to the questions from the online form or Service Desk Analyst. If submitting via email, provide an outline of what has happened or has been observed.
• Do not include any personal data involved in the incident.
• Support any investigation arising as fully as possible. Information will be recorded in confidence and not retained within the workflow tool to preserve security and confidentiality.

Step 3 – Investigate

What happens after the report is made?

• The Lead Investigating Officer will make an initial assessment to determine the next steps.
• The severity of the incident will inform and direct the appropriate level of leadership involvement.
• An investigation may be conducted using a variety of techniques and tools, including interviews, site visits and forensic analysis.
• The outputs of the investigation may include corrective and preventive actions, formal reporting or other communications.