skip to content

IT Help and Support

University Information Services
 

Who is reporting the incident?

 

How to report an IT incident if you're a student or a member of staff

What is an IT security incident?

An IT security incident is an event that, whether suspected or actual, is likely to harm the confidentiality, integrity or availability of the University's data or systems, such as:

  • accidentally disclosing your password to a fake website
  • suspecting malware on your device
  • unauthorised disclosure of University data
  • loss of your device containing University data

 

When should I report an IT security incident?

As soon as you notice it. It's better to report when you are unsure rather than wait and the incident escalates into a major or critical incident.

 

How should I report an IT security incident?

Contact one of your local college or departmental IT staff members.

If you don't have a local IT person (for example, if you are a member of UAS staff), or can't reach yours, please email servicedesk@uis.cam.ac.uk or call 01223 (3)32999.

If you think the incident involves personal data being disclosed in some way, then you also need to follow the instructions on the Data Breaches section of the University's Information Compliance website. There are definitions of personal data and data breaches, as well as information on who should report a breach and how to do it.

 

Why should I report an IT security incident?

  • To ensure a record of the incident is created and maintained.
  • To allow IT staff and the UIS to spot a serious incident from a pattern of seemingly unrelated events.
  • To enable efficient and ongoing management of the incident.
  • To restore any affected systems or services as quickly as possible.

 

What happens next? 

Most incidents will be routine and will be dealt with using either Service Desk procedures or IT incident management processes. 

​​​​Some incidents might be deemed critical cyber security incidents, and will be dealt with using the cyber security incident high-level process (PDF, 222 KB) and the cyber security incident management plan (PDF, 488 KB). Only the Chair of the University Silver Team can declare a critical cyber security incident. 

 

Reporting other types of incident

Prevent duty

If you wish to raise a concern about IT use under the Prevent duty, there is information on how to do this at the University's Prevent website.

Individual Colleges have their own independent Prevent reporting processes. If you wish to raise a concern relating to the use of College IT, please do so using the relevant College Prevent reporting process.
 

Harassment, bullying or inappropriate activity

Any form of harassment or sexual misconduct is contrary to the values and ideals of the University. This includes such conduct using IT resources. If you are a student or a staff member who has been affected by harassment or sexual misconduct, the University's Breaking the Silence website has advice and guidance available.

 

 

How to report an IT incident if you're an institutional IT staff member

If you work in an institution connected to the University Data Network when a cyber-security is detected then you should follow the University cyber-security incident process. 

The process details the relationship between institutional IT staff and the UIS Computer Security Incident Response Team (CSIRT) service. This includes requirements, responsibilities and response times. 

Find out more about how and when you need to report an incident to CSIRT 

 

Critical cyber security incident guidance 

If the incident is classified as a critical cyber security incident it will be dealt with using the cyber security incident high-level process (PDF, 222 KB) and the cyber security incident management plan (PDF, 488 KB)

There is additional guidance in the following documents: