• Home
• About VIMS & the Batten School
• Working Here
• VIMS Policies & Procedures
• Information Technology & Networking Services

Security Incident Reporting Procedures

PPD-0388

Purpose

The purpose of this document is to identify steps and procedures to respond to suspected or known breaches in IT security safeguards.  This policy is coordinated with the William & Mary IT Security breach policy, as referenced below.

IT Security Response Team

There is established an IT Security Response Team that consists of the VIMS ISO, and the appropriate System Administrator(s), and Data Owner(s) of the system in question.

General IT System Security Incident Procedures

Information security events, incidents, and weaknesses (including “near-misses”) should be promptly reported and properly managed.

Reporting - All VIMS Information Technology users should report suspected incidents immediately to a member of the ITNS staff.  ITNS staff shall evaluate incidents and report them to the Director of ITNS for subsequent handling by the Response Team.

The VIMS Incident Response Team will evaluate incidents and take within the following W&M Incident Response guidelines:

a table is used to format content

	Scope	Impact	Severity	Response
High	100 or more individuals affected	Affects a critical system supporting essential functions of the Institute or University	Breach of sensitive data or evidence of a significant system compromise	See W&M InfoSec procedures at the link below.
Medium	10 < 100 individuals affected	Affects an isolated function of the University but does not disrupt essential operations	Breach of protected data or evidence of a compromised account	See W&M InfoSec procedures at the link below
Low	Less than 10 individuals affected	Affects a non-critical function of the University and does not disrupt any operations	No breach of sensitive protected data or evidence of a compromised account	For ‘Low’ level incident, the VIMS Information Security Team will manage the incident

Action taken by the VIMS Response Team within the above guidelines shall be consistent with William & Mary (W&M) incident reporting and disciplinary policies as defined in the W&M ‘Information Security Incident Reporting and Response Policy and Procedures’ page, maintained by the W&M IT Security Office.