Incident/Breach Reporting and Response
Sidebar
Incident/Breach Reporting and Response
Every user of university information resources has responsibility for the protection of information assets; certain offices and individuals have very specific responsibilities. The university recognizes the need to follow established procedures to address situations that could indicate the security of information assets may have been compromised. In order to ensure that information security incidents and data breaches are handled properly, effectively and in a manner that minimizes the adverse impact to the university, a standard university-wide approach has been adopted. This approach will also ensure that the appropriate level of university management becomes involved in the determination of actions implemented in response to an incident or data breach.
The Information Security Incident Response (ISIRT) program supports ISO Policy PS006 and is applicable to all university students, faculty, staff and to all others granted use or custodianship of university information assets.
Additionally, some regulations and contracts require that third-party vendors notify the university in the event of an incident or data breach. Vendor/external entity reporting can be accomplished via the form below.
Internal Incident/Breach Reporting
Information security is everyone's responsibility. To report a violation or suspected information data security incident or data breach, contact the Information Security Compliance Office. To report a cybersecurity incident, contact ITS. You can also anonymously report any compliance violation or suspected incident via the 24-Hour Compliance Hotline at 1-877-852-1167.