Policy 9 - Management of Information Security Incidents and Review of Policies

Summary
The University is committed to investigating and monitoring all reported information security incidents. This Policy provides clear guidance on what to do in the event that individuals become aware of an information security incident and, following this, how these are then subsequently handled by the University. The Policy details how incidents will be monitored by the University, with a view to identifying specific areas of risk, which may then result in recommendations to amend information security policies and/or the provision of further training.
Owner
Information Governance Sub-Committee
Version/review date
Version 1.4: Approved Februry 2023. Review date February 2027
Stakeholders
This Policy is relevant to all staff, students and external partners who handle University information. It is also relevant to members of the public who may become aware of an information security incident in which the University is involved.