Skip to body

Resources and Reports

CWUP 2-70-030 Information Security and Privacy Incident Management Policy

(1)  Scope

This policy applies to incidents involving institutional information in all forms (e.g. electronic or paper) and information systems either managed by the university or by a third party on behalf of the university and pursuant to a written agreement.

(2) Responsibilities

The Chief Information Security Officer, or designee, provides oversight and direction for all information security related incidents and may designate an incident manager, as the situation dictates and in accordance with this policy. In the event a crime has been committed, the Chief Information Security Officer will coordinate with the campus police department and/or other legal enforcement entities to determine responsibilities for the incident.

(3) Disclosure Limitations

Care shall be taken in handling evidence and information related to incidents in order to comply with federal or state laws that limit disclosure—e.g., Health Information Portability and Accountability Act (HIPAA) and Family Education Rights and Privacy Act (FERPA).

Documentation related to the incident may include information regarding the infrastructure and security of computer and telecommunications networks, security recovery plans, and security risk assessments; or, may include information for which disclosure is prohibited by federal law. As a result, incident-related information may be exempt from public disclosure and a list of the relevant regulatory reference is available on the Security Services website.

(4) Policy Maintenance

The Chief Information Security Officer shall review and recommend changes to this policy statement at least annually or more frequently as needed to respond to changes within the institution and the regulatory environment.

(5) Additional Information

For further information on this policy or to report an incident, please contact the Security Services department.

[5/04/2011; Responsibility: VP of Operations; Authority: Cabinet/PAC; Reviewed/Endorsed by: Cabinet/PAC; Review/Effective Date: 6/4/2014; Approved by: James L. Gaudino, President]

Take the Next Step to Becoming a Wildcat.