Information Governance Policies

Policy 9 - Management of Information Security Incidents and Review of Policies


The University is committed to investigating and monitoring all reported information security incidents. This Policy provides clear guidance on what to do in the event that individuals become aware of an information security incident and, following this, how these are then subsequently handled by the University. The Policy details how incidents will be monitored by the University, with a view to identifying specific areas of risk, which may then result in recommendations to amend information security policies and/or the provision of further training.


Information Governance Sub-Committee

Version/review date

Version 1.4: Approved February 2023. Review date February 2027


This Policy is relevant to all staff, students and external partners who handle University information. It is also relevant to members of the public who may become aware of an information security incident in which the University is involved.

Policy download

Related document

Reporting an incident