Information Security Incident Policy and Procedure

Anyone discovering an Information Security Incident should immediately report the incident by phone (do not leave voicemail or send email) to the CiCS Helpdesk on +44 (0)114 222 1111. If the incident occurs outside of normal working hours then please contact University Security on +44 (0)114 222 4085.

Upon being contacted CiCS staff will follow the CiCS Information Security Incident Procedure to ensure that the incident is properly managed and recorded.

An Information Security Incident is any occurrence that involves:

  • unauthorised access or damage to or originating from any computer system that is owned or managed by the University of Sheffield
  • unauthorised access, loss or damage to information that is owned or managed by the University of Sheffield
  • violation of information security policies

An information security incident may involve access, loss or damage to information or computer systems that is actual, suspected, threatened, or potential.

Some examples of an Information Security Incident include:

  • potential security breaches - such as unpatched systems, failure to follow procedure or unusual authentication systems
  • compromised systems - such as hacked servers, virus outbreaks
  • compromised accounts - such as stolen passwords
  • loss of information - such as a lost or stolen laptops
  • breach of policy - such as the Information Security policy, IT Code of Practice or Data Protection policy

Misuse of computing facilities (as defined by the IT Code of Practice) that does not constitute an urgent Security Incident should be reported to the Director of CiCS (email