How to Report an Incident, including suspected and actual Breaches?
An “Incident” is any event that poses or could poses risk to the security, integrity or confidentiality of Department information. An Incident includes actual breaches of confidentiality as well as security ones. Refer to this table for examples.
Members of the Department must report actual or suspected Incidents, including all breaches, to the University Data Breach Team as follows:
- Log the Incident using the PHC Incident Referral Form;
- Email the completed referral form immediately to: email@example.com
- Always include these individuals on the “Cc” line of the referral:
- The Department Line Manager of the person referring the Incident;
- The Information Asset Owner for the Department data set which is the subject of the Incident; and
- The Department IG Manager (IGM) using this email account: firstname.lastname@example.org.
The IGM (Phil Nieri) will coordinate the triage, escalation to the IT/G Head (John Briggs) and the Senior Information Risk Owner (SIRO – Nicola Small) as well as the required remediation in response to the referral.
Members should not delay the reporting of any Incident to the Data Breach team by first attempting to gather more information and/or referring it initially to the SIRO, IT/G HEAD and/or IGM for feedback.
The University of Oxford Information Security team is available to provide additional information and/or assistance here: