Handling information security and business continuity incidents

<!DOCTYPE html>     <html class="no-js" lang="en-GB"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("http://web.archive.org/web"); __wm.wombat("https://www.jisc.ac.uk/about/handling-information-security-incidents","20221209120354","http://web.archive.org/","web","/_static/", "1670587434"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" />  <title>Handling information security and business continuity incidents | Jisc</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <script type="text/javascript">var jiscp = {"joid":"-1","name":"","sector":"","region":""};</script> <link rel="preconnect" href="//web.archive.org/web/20221209120354/https://cdn-eu.dynamicyield.com/"> <link rel="preconnect" href="//web.archive.org/web/20221209120354/https://st-eu.dynamicyield.com/"> <link rel="preconnect" href="//web.archive.org/web/20221209120354/https://rcom-eu.dynamicyield.com/"> <link rel="dns-prefetch" href="//web.archive.org/web/20221209120354/https://cdn-eu.dynamicyield.com/"> <link rel="dns-prefetch" href="//web.archive.org/web/20221209120354/https://st-eu.dynamicyield.com/"> <link rel="dns-prefetch" href="//web.archive.org/web/20221209120354/https://rcom-eu.dynamicyield.com/"> <script> var cookiestring = new RegExp("jisc_eprivacy" + '[^;]+').exec(document.cookie); var value = unescape(!!cookiestring ? cookiestring.toString().replace(/^[^=]+/, '').replace('=', '') : ''); if(value === "active-consent") { var script1 = document.createElement('script'); var script2 = document.createElement('script'); script1.src = "//web.archive.org/web/20221209120354/https://cdn-eu.dynamicyield.com/api/9877327/api_dynamic.js"; script2.src = "//web.archive.org/web/20221209120354/https://cdn-eu.dynamicyield.com/api/9877327/api_static.js"; document.getElementsByTagName('head')[0].appendChild(script1); document.getElementsByTagName('head')[0].appendChild(script2); } </script><script> var cookiestring = new RegExp("jisc_eprivacy" + '[^;]+').exec(document.cookie); var value = unescape(!!cookiestring ? cookiestring.toString().replace(/^[^=]+/, '').replace('=', '') : ''); if(value === "active-consent") { (function(h,o,t,j,a,r){ h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)}; h._hjSettings={hjid:2326029,hjsv:6}; a=o.getElementsByTagName('head')[0]; r=o.createElement('script');r.async=1; r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv; a.appendChild(r); })(window,document,'http://web.archive.org/web/20221209120354/https://static.hotjar.com/c/hotjar-','.js?sv='); } </script> <link rel="shortcut icon" href="http://web.archive.org/web/20221209120354im_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/favicon.ico"/> <meta name="description" content="How we internally handle information security and business continuity incidents in accordance with ISO27001."/> <link rel="canonical" href="http://web.archive.org/web/20221209120354/https://www.jisc.ac.uk/about/handling-information-security-incidents"/> <link rel="shortlink" href="http://web.archive.org/web/20221209120354/https://www.jisc.ac.uk/node/56821"/> <meta property="og:site_name" content="Jisc"/> <meta property="og:type" content="website"/> <meta property="og:url" content="http://web.archive.org/web/20221209120354/https://www.jisc.ac.uk/about/handling-information-security-incidents"/> <meta property="og:title" content="Handling information security and business continuity incidents"/> <meta property="og:description" content="How we internally handle information security and business continuity incidents in accordance with ISO27001."/> <meta name="twitter:card" content="summary_large_image"/> <meta name="twitter:site" content="@jisc"/> <meta name="twitter:url" content="http://web.archive.org/web/20221209120354im_/https://www.jisc.ac.uk/about/handling-information-security-incidents"/> <meta name="twitter:title" content="Handling information security and business continuity incidents"/> <meta name="twitter:description" content="How we internally handle information security and business continuity incidents in accordance with ISO27001."/> <link rel="alternate" type="application/rss+xml" title="Jisc blog feed" href="http://web.archive.org/web/20221209120354/https://feeds.feedburner.com/JISCBlog"/> <link rel="alternate" type="application/rss+xml" title="Jisc news feed" href="http://web.archive.org/web/20221209120354/https://feeds2.feedburner.com/ac/uabG"/> <link rel="alternate" type="application/rss+xml" title="Jisc events feed" href="http://web.archive.org/web/20221209120354/https://feeds2.feedburner.com/ac/toXU"/> <link rel="alternate" type="application/rss+xml" title="Jisc jobs feed" href="http://web.archive.org/web/20221209120354/https://feeds.feedburner.com/JiscJobVacanciesWebFeed"/> <link rel="alternate" type="application/rss+xml" title="Jisc podcasts feed" href="http://web.archive.org/web/20221209120354/https://feeds.feedburner.com/JiscPodcast"/> <link rel="apple-touch-icon" sizes="144x144" href="http://web.archive.org/web/20221209120354im_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/apple-touch-icon-144x144-precomposed.png"> <link rel="apple-touch-icon" sizes="114x114" href="http://web.archive.org/web/20221209120354im_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/apple-touch-icon-114x114-precomposed.png"> <link rel="apple-touch-icon" sizes="57x57" href="http://web.archive.org/web/20221209120354im_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/apple-touch-icon-57x57-precomposed.png"> <link rel="apple-touch-icon" sizes="72x72" href="http://web.archive.org/web/20221209120354im_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/apple-touch-icon-72x72-precomposed.png"> <link rel="apple-touch-icon" href="http://web.archive.org/web/20221209120354im_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/apple-touch-icon-precomposed.png"> <link rel="apple-touch-icon" href="http://web.archive.org/web/20221209120354im_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/apple-touch-icon.png">  <meta property="fb:pages" content="499379160101212"/> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/> <meta content="width=device-width,initial-scale=1.0" name="viewport"/> <meta content="on" http-equiv="cleartype"/>  <meta name="format-detection" content="telephone=no"/> <meta name="google-site-verification" content="UNqcoVblscrmuOfPyGUTeRMyNRcroUK_U9ghx-PFl0Q"/> <link href="//web.archive.org/web/20221209120354cs_/https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i" rel="stylesheet"> <link href="http://web.archive.org/web/20221209120354cs_/https://fonts.googleapis.com/css2?family=Roboto+Slab&display=swap" rel="stylesheet"> <link rel="stylesheet" href="http://web.archive.org/web/20221209120354cs_/https://www.jisc.ac.uk/sites/default/files/css/css_rEI_5cK_B9hB4So2yZUtr5weuEV3heuAllCDE6XsIkI.css"/> <link rel="stylesheet" href="http://web.archive.org/web/20221209120354cs_/https://www.jisc.ac.uk/sites/default/files/css/css_oBsiHIoIA5lAPqK9E6jDdaNe3tAN5Nagql7giHq9cno.css"/> <link rel="stylesheet" href="http://web.archive.org/web/20221209120354cs_/https://www.jisc.ac.uk/sites/default/files/css/css_PsIMLeNhMOWYLk90AWTJ5AtR6KQeGbR_YScSoC_7uSM.css" media="print"/> <style>ol { list-style-type: decimal; } ol > li > ol { list-style-type: lower-roman; } ol > li > ol > li > ol { list-style-type: lower-alpha; }</style> <style type="text/css"> .cookie-bar { color: #fff; background-color: #0d224c;} .cookie-bar__confirm2, .cookie-bar__confirm, .cookie-bar__reject { padding: .9rem 1.8rem; color: #0D224E!important; line-height: 1; text-align: center; text-decoration: none!important; background-color: #fff; margin-left: 25px ; margin-left: 2.5rem ; font-size: 18px ; font-size: 1.8rem ; line-height: 22px ; line-height: 2.2rem ; -webkit-border-radius: 3px; -moz-border-radius: 3px; -ms-border-radius: 3px; -o-border-radius: 3px; border-radius: 3px; } .cookie-bar__confirm2:visited, .cookie-bar__confirm:visited, .cookie-bar__reject:visited { color: #0D224E; } @media print { .cookie-bar__reject:visited { color: #0D224E; } } .cookie-bar__confirm2:focus, .cookie-bar__confirm:focus, .cookie-bar__reject:focus { color: #007aaa; background-color: #d9d9d9; outline: 0.3rem solid #fd6; } .cookie-bar__confirm2:hover, .cookie-bar__confirm:hover, .cookie-bar__reject:hover { box-shadow: 0 0.3rem 1.2rem rgba(0, 0, 0, 0.23), 0 0.3rem 1.2rem rgba(0, 0, 0, 0.16); color: #0D224E; background-color: #d9d9d9; transition: all 0.3s cubic-bezier(0.25, 0.8, 0.25, 1); } .cookie-bar__reject:hover { transition: none; } .cookie-bar__reject:active { box-shadow: none; } .cookie-bar__confirm2:focus:hover, .cookie-bar__confirm:focus:hover, .cookie-bar__reject:focus:hover { color: #0D224E; text-decoration: none; background-color:#d9d9d9; outline: 0.3rem solid #fd6; } .cookie-bar__confirm2:active, .cookie-bar__confirm:active, .cookie-bar__reject:active { color: #0D224E; text-decoration: none; background-color: #d9d9d9; outline: 0.3rem solid #fd6; } </style> <script> dataLayer = []; </script> <script src="/web/20221209120354js_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/js/vendor/modernizr.js"></script> <script src="/web/20221209120354js_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/js/vendor/a11y-toggle.min.js"></script>  <script>(function(w,d,s,l,i){ var cookiestring = new RegExp("jisc_eprivacy" + '[^;]+').exec(document.cookie); var value = unescape(!!cookiestring ? cookiestring.toString().replace(/^[^=]+/, '').replace('=', '') : ''); if(value === "active-consent") { w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'http://web.archive.org/web/20221209120354/https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); } })(window,document,'script','dataLayer','GTM-PWX6FN');</script>   </head> <body class="jisc not-front no-sidebars node-type-generic-content">  <noscript><iframe src="http://web.archive.org/web/20221209120354if_/https://www.googletagmanager.com/ns.html?id=GTM-PWX6FN" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div id="cookie-bar-main" class="cookie-bar" style="display: none;"> <div class="inner"> <p class="cookie-bar__notification">We use cookies to give you the best experience and to help improve our website</p> <p> <a class="cookie-bar__link" href="/web/20221209120354/https://www.jisc.ac.uk/website/cookies">Find out more about how we use cookies</a> </p> <p class="cookie-bar__options-title">Choose whether to use cookies:</p> <p class="cookie-bar__options"> <a href="#" class="cookie-bar__reject">No thanks</a> <a href="#" class="cookie-bar__confirm">Yes, I accept</a> </p> </div> </div> <header class="masthead jsSiteMasthead" role="banner" xmlns="http://www.w3.org/1999/html"> <div class="inner"> <a id="skiplinks" class="visuallyhidden focusable in-page" href="#main"> <span>Skip to main content</span> </a> </div> <div class="c-main-site-header jsMainSiteHeader"> <div class="c-main-site-header__primary-signpost "> <div class="c-main-site-header__container"> <div class="c-main-site-header__primary-signpost-inner"> <p class="c-main-site-header__brand"> <a class="c-main-site-header__brand-link" href="/web/20221209120354/https://www.jisc.ac.uk/" title="Go to the Jisc homepage"> <img class="c-main-site-header__brand-img" src="http://web.archive.org/web/20221209120354im_/https://www.jisc.ac.uk/sites/all/themes/jisc_clean/img/jisc-logo.svg" alt="Jisc"/> </a> </p> <nav class="c-main-site-header__you-are-in" aria-label="Breadcrumb"> <p class="c-main-site-header__you-are-in-title">You are in:</p> <ul class="c-main-site-header__you-are-in-list"> <li><span>Handling information security and business continuity incidents</span></li> </ul> </nav> <div class="c-main-site-header__utilities"> <p class="c-main-site-header__utilities-title">Utilities:</p> <ul class="c-main-site-header__utilities-list c-main-site-header__utilities-list--menu-triggers"> <li class="c-main-site-header__utilities-item"> <button class="c-main-site-header__trigger c-main-site-header__trigger--enabled jsUtilityTrigger" data-a11y-toggle="a11ytoggle-siteSearchTarget" data-trigger-role="search" aria-label="Search this website"> <div class="c-main-site-header__trigger-search-icon jsFnbMenuIconTrigger" data-icon-role="search"> <span class="c-main-site-header__trigger-search-icon-circle"></span> <span class="c-main-site-header__trigger-search-icon-handle"></span> </div> <span class="c-main-site-header__trigger-copy">Search this website</span> </button> </li> <li class="c-main-site-header__utilities-item"> <button class="c-main-site-header__trigger c-main-site-header__trigger--disabled" aria-disabled="true" aria-label="Disabled site navigation" disabled="disabled"> <div class="c-main-site-header__trigger-menu-icon" data-icon-role="navigation"> <span class="c-main-site-header__trigger-menu-icon-line"></span> <span class="c-main-site-header__trigger-menu-icon-line"></span> <span class="c-main-site-header__trigger-menu-icon-line"></span> </div> <span class="c-main-site-header__trigger-copy">Disabled site navigation</span> </button> </li> </ul> <ul class="c-main-site-header__utilities-list c-main-site-header__utilities-list--nav-and-site-search"> <li class="c-main-site-header__utilities-item"> <div class="search search--not-front" id="search"> <span class="c-main-site-header__site-search-label-copy">Search the Jisc website</span> <form action="/web/20221209120354/https://www.jisc.ac.uk/search" method="post" id="search-api-page-search-form-search-" accept-charset="UTF-8"> <label class="visuallyhidden" for="search_term"><span class="form-fields__label-text">Search </span></label> <input class="ui-autocomplete-input" placeholder="Search Jisc" id="search_term" autocomplete="off" type="text" name="keys_1" value="" size="30" maxlength="128"/> <input type="hidden" name="id" value="1"/> <a href="#" class="close ico ico-cross">Clear search results</a><input class="ico ico-search-glass" type="submit" id="edit-submit-1" name="op" value="Search"/><input type="hidden" name="form_build_id" value="form-GILmPprPvPGP5IJb6N3e8cWW36a8mDNZdGMrkS9BVK0"/> <input type="hidden" name="form_id" value="search_api_page_search_form_search_"/> </form> <div id="search-results" class="search-results-dropdown"> <p class="search-results__intro"></p> </div> </div> </li> </ul> </div> </div> </div> </div> <div class="c-main-site-header__menu jsMenuTarget" id="a11ytoggle-siteSearchTarget" data-is-small-viewport=""> <div class="c-main-site-header__site-search c-main-site-header__site-search--in-menu" role="search"> <div class="search search--not-front" id="search"> <span class="c-main-site-header__site-search-label-copy">Search the Jisc website</span> <form action="/web/20221209120354/https://www.jisc.ac.uk/search" method="post" id="search-api-page-search-form-search-" accept-charset="UTF-8"> <label class="visuallyhidden" for="search_term"><span class="form-fields__label-text">Search </span></label> <input class="ui-autocomplete-input" placeholder="Search Jisc" id="search_term" autocomplete="off" type="text" name="keys_1" value="" size="30" maxlength="128"/> <input type="hidden" name="id" value="1"/> <a href="#" class="close ico ico-cross">Clear search results</a><input class="ico ico-search-glass" type="submit" id="edit-submit-1" name="op" value="Search"/><input type="hidden" name="form_build_id" value="form-GILmPprPvPGP5IJb6N3e8cWW36a8mDNZdGMrkS9BVK0"/> <input type="hidden" name="form_id" value="search_api_page_search_form_search_"/> </form> <div id="search-results" class="search-results-dropdown"> <p class="search-results__intro"></p> </div> </div> </div> </div> <div class="c-main-site-header__menu" aria-hidden="true"> <nav> <div class="c-main-site-header__main-nav jsMainNavHook"> <p class="c-main-site-header__main-nav-title">Navigation:</p> <div class="c-main-site-header__main-nav-secondary jsMainNavSecondaryHook"> </div> </div> </nav> </div> </div> </header> <main id="main" class="jsMainContent" role="main"> <div class="inner l-pull-left featured top-bar"> <div class="l-centre-offset row"> </div> </div> <section class="t-generic-content"> <div class="inner"><div id="target-space"></div></div>  <div class="inner l-pull-left featured top-bar"> <div class="l-centre-offset"> <article class="article-full"> <header class="article-full__header"> <div class="row"> <div class="col span-9"> <h1 class="page-title">Handling information security and business continuity incidents</h1> </div> <div class="col span-3"> </div> </div> </header> <div class="row"> <div class="col span-9"> <p class="field field-type-text-long article-full__strapline">How we internally handle information security and business continuity incidents in accordance with ISO27001.</p> <div class="article-full__body">  <h2>Section one: detection, identification, analysis and initial response</h2><h3>Step one</h3><p>An incident may be identified in three possible ways:</p><ol><li>Firstly, if a <strong>potential incident has been identified</strong>, then<ol><li>Ensure that your colleagues are safe</li><li>Notify the quality and information security team (QIST)</li><li>The QIST works with reporter and colleagues to determine nature of incident</li><li>Continue to <a href="#step2">section one: step two</a></li></ol></li><li>Secondly, if an <strong>incident has been identified outside of business hours by IT helpdesk</strong><ol><li>IT helpdesk sends incident communication notification to senior staff</li><li>Notify the quality and information security team (QIST)</li><li>The QIST works with reporter and colleagues to determine nature of incident</li><li>Continue to <a href="#step2">section one: step two</a></li></ol></li><li>Thirdly, if <strong>an individual identifies an incident outside of business hours</strong><ol><li>Report it to IT helpdesk</li><li>IT helpdesk sends incident communication notification to senior staff</li><li>Notify quality and information security team (QIST)</li><li>The QIST works with reporter and colleagues to determine nature of incident</li><li>Continue to <a href="#step2">section one: step two</a></li></ol></li></ol><h3><a id="section1step2" name="section1step2"></a>Step two</h3><p><strong>Is a crime in progress </strong>or <strong>is there immediate danger?</strong></p><ol><li>If true<ol><li>Call 999 (incident is considered a crisis, see <a href="#appendixa">appendix A</a> for definitions)</li><li>Continue to <a href="#step3">section one: step three</a></li></ol></li><li>If there is no crime or immediate danger<ol><li>Continue to <a href="#step3">section one: step three</a></li></ol></li></ol><h3><a id="section1step3" name="section1step3"></a>Step three</h3><p>Could the incident <strong>have significant impact?</strong></p><ol><li>If true<ol><li>QIST notifies quality information security management board (QISMB)</li><li>QIST also notifies deputy senior information risk owner (SIRO)</li><li>QIST assembles incident team</li><li>Start incident reporting form</li><li>Continue to <a href="#step4">section one: step four</a></li></ol></li><li>If the incident won’t have a significant impact<ol><li>Continue to <a href="#step4">section one: step four</a></li></ol></li></ol><h3><a id="section1step4" name="section1step4"></a>Step four</h3><p>Is the incident <strong>routine, unexceptional or minimal impact?</strong></p><ol><li>If true<ol><li>QIST notifies deputy SIRO</li><li>Start incident reporting form</li><li>Continue to <a href="#section1step5">section one: step five</a></li></ol></li><li>If the incident is not routine, unexceptional or minimal impact<ol><li>QIST notifies deputy SIRO</li><li>QIST assembles incident team</li><li>Start incident reporting form</li><li>Continue to <a href="#section1step5">section one: step five</a></li></ol></li></ol><h3><a id="section1step5" name="section1step5"></a>Step five</h3><p>Is <strong>personal data involved?</strong></p><ol><li>If true<ol><li>Add data protection officer (DPO) to incident team</li><li>Continue to <a href="#step5a">section one: step five a</a></li></ol></li><li>If no personal data is involved<ol><li>Continue to <a href="#section1step6">section one: step six</a></li></ol></li></ol><h4><a id="section1step5a" name="section1step5a"></a>Step 5a</h4><p>Is the incident <strong>reportable?</strong></p><ol><li>If true<ol><li>Inform CEO and group general counsel</li><li>Report to ICO/ data processor/ data subjects</li><li>Add comms member to incident team</li><li>Continue to <a href="#step6">section one: step six</a></li></ol></li><li>If the incident is not reportable<ol><li>Continue to <a href="#step6">section one: step six</a></li></ol></li></ol><h3><a id="section1step6" name="section1step6"></a>Step six</h3><p>Is <strong>crisis communication required?</strong></p><ol><li>If true<ol><li>Add comms member to incident team</li><li>Add HR member to incident team</li><li>Maintain continuous internal/ external communications</li><li>Continue to <a href="#step8">section one: step eight</a></li></ol></li><li>If no crisis communication is required<ol><li>Continue to <a href="#step7">section one: step seven</a></li></ol></li></ol><h3><a id="section1step7" name="section1step7"></a>Step seven</h3><p>Is <strong>support for colleagues</strong> needed?</p><ol><li>If true<ol><li>Add HR member to incident team</li><li>Maintain continuous internal/ external communications</li><li>Continue to <a href="#section1step8">section one: step eight</a></li></ol></li><li>If no support for colleagues is needed<ol><li>Continue to <a href="#section1step8">section one: step eight</a></li></ol></li></ol><h3><a id="section1step8" name="section1step8"></a>Step eight</h3><p>Is <strong>specialist technical support </strong>needed?</p><ol><li>If true<ol><li>Obtain additional support via deputy SIRO</li><li>Maintain continuous internal/ external communications</li><li>Continue to <a href="#section2">section two: containment</a></li></ol></li><li>If no specialist technical support is needed<ol><li>Continue to <a href="#section2">section two: containment</a></li></ol></li></ol><h2><a id="section2" name="section2"></a>Section two: containment</h2><h3>Step one</h3><p>Contain the incident.</p><h3>Step two</h3><p><strong>Has a crime occurred</strong> or been attempted?</p><ol><li>If true<ol><li>Report to police/Action Fraud</li><li>Continue to <a href="#section2step4">section two: step four</a></li></ol></li><li>If no crime has occurred or been attempted<ol><li>Continue to <a href="#section2step3">section two: step three</a></li></ol></li></ol><h3><a id="section2step3" name="section2step3"></a>Step three</h3><p>Is a <strong>disciplinary investigation</strong> likely?</p><ol><li>If true<ol><li>Continue to <a href="#section2step4">section two: step four</a></li></ol></li><li>If no disciplinary investigation is likely<ol><li>Continue to <a href="#section3">section three: recovery</a></li></ol></li></ol><h3><a id="section2step4" name="section2step4"></a>Step four</h3><p>Is <strong>specialist evidence handling</strong> required?</p><ol><li>If true<ol><li>Obtain additional support via deputy SIRO</li><li>Continue to <a href="#section3">section three: recovery</a></li></ol></li><li>If no specialist evidence handling is required<ol><li>Continue to <a href="#section3">section three: recovery</a></li></ol></li></ol><h2><a id="section3" name="section3"></a>Section three: recovery</h2><h3>Step one</h3><p>Recover.</p><h3>Step two</h3><p>Root cause analysis.</p><h3>Step three</h3><p>Continue to <a href="#section4">section four: review.</a></p><h2><a id="section4" name="section4"></a>Section four: review</h2><h3>Step one</h3><p>Review meeting and improvement, create monthly summary for QISMB.</p><p>Maintain continuous internal/ external communications.</p><h2>Appendices</h2><section class="is-collapsible is-collapsible--blue user-created "><h3 class="cx_collapsibles__trigger"><a id="appendixa" name="appendixa"></a>Appendix A: definitions</h3><div class="cx_collapsibles__target"><ul><li>Deputy SIRO (deputy senior information risk owner)</li><li>DPO - (data protection officer)</li><li>QIST (quality information security team) - this comprises of the head of information security, quality manager and their direct reports</li><li>QISMB (quality information security management board) this comprises of the head of information security, quality manager, their direct reports, head of infrastructure, head of collaboration and workplace services, IT support manager, SIRO, deputy SIRO, DPO, group general counsel and group internal audit manager</li></ul></div></section><section class="is-collapsible is-collapsible--blue user-created "><h3 class="cx_collapsibles__trigger"><a id="appendixb" name="appendixb"></a>Appendix B</h3><div class="cx_collapsibles__target"><p>Jisc considers that an incident is likely to be a crisis, if:</p><ul><li>A breach of personal data has occurred</li><li>A major Jisc office is unusable (rather than simply inaccessible)</li><li>Significant support is required for affected colleagues</li><li>A significant crime, or any fraud has been attempted against Jisc</li><li>A product or service is unable to be used by members</li><li>The incident is likely to gain press attention</li><li>Specialist skills normally unavailable to Jisc are required</li></ul></div></section><section class="is-collapsible is-collapsible--blue user-created "><h3 class="cx_collapsibles__trigger"><a id="appendixc" name="appendixc"></a>Appendix C: crisis communications</h3><div class="cx_collapsibles__target"><p>When deciding if crisis communications is needed, consider if the following are required, or are likely to be required:</p><ul><li>Communication with staff</li><li>Communication with members</li><li>Communication with press</li></ul><p>It is likely that any incident impacting on staff, members or the public will need some involvement from the comms team.</p></div></section><p><strong>Last updated 26 January 2021.</strong></p> </div> <footer class="article-full__footer"> </footer> </div> <div class="col span-3" role="complementary"> <div class="l-gutter--both">  </div> </div> </div> </article> </div> </div> </section> <div class="inner l-pull-left"> <div class="l-centre-offset"> <aside class="article-full__related l-gutter--top"> <h3 class="section__title">You may also like…</h3><div class="region region--2-up"> <div class="block block-1"> <article class="teaser t-generic-content"> <span class="marker">Generic</span> <div class="teaser__copy"> <h4 class="teaser__title"><a href="/web/20221209120354/https://www.jisc.ac.uk/events/connect-more-4-may-2022/about">About Connect More 2022</a></h4> 4-6 May 2022, online - free to attend<br/> </div> <footer class="teaser__footer"> </footer> </article> </div>  <div class="block block-2"> <article class="teaser t-generic-content"> <span class="marker">Generic</span> <div class="teaser__copy"> <h4 class="teaser__title"><a href="/web/20221209120354/https://www.jisc.ac.uk/events/networkshop50-8-june-2022/about">About Networkshop50</a></h4> 8-10 June 2022, Nottingham Trent University.<br/> </div> <footer class="teaser__footer"> </footer> </article> </div> </div> </aside> </div> </div> </section> </main> <footer role="contentinfo"> <div class="inner l-pull-left light l-gutter--top"> <div class="l-centre-offset row"> </div>  <div class="l-centre-offset row"> </div>  </div> <div class="inner l-pull-left medium"> <div class="l-centre-offset"> <div class="region region--4-up"> </div> </div>  </div>  <div class="c-main-site-footer">  <div class="c-main-site-footer__breadcrumb"> <div class="inner inner--main-site-footer"> <div class="c-main-site-footer-grid"> <div class="c-main-site-footer-grid__item u-6/12@medium u-9/12@large"> <nav class="c-main-site-footer__you-are-here" aria-label="Breadcrumb"> <p class="c-main-site-footer__you-are-here-title">You are in:</p> <div class="c-main-site-footer__you-are-here-item-home"> <a class="c-main-site-footer__you-are-here-link" href="/web/20221209120354/https://www.jisc.ac.uk/" aria-label="Jisc homepage"><i class="fas fa-home" aria-hidden="true"></i></a> </div> <ul> <li><span>Handling information security and business continuity incidents</span></li> </ul> </nav> </div> <div class="c-main-site-footer-grid__item u-6/12@medium u-3/12@large">   </div> </div> </div> </div>  <div class="c-main-site-footer__linklist"> <div class="inner inner--main-site-footer"> <div class="c-main-site-footer-grid"> <div class="c-main-site-footer-grid__item u-6/12@medium u-3/12@large"> <h2 class="c-main-site-footer__linklist-title">Areas</h2> <ul class="c-main-site-footer__linklist-group"><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/connectivity">Connectivity</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/cyber-security">Cyber security</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/cloud">Cloud</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/data-and-analytics">Data analytics</a></li></ul><ul><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/libraries-and-research">Libraries, learning resources and research</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/student-experience">Student experience</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/trust-and-identity">Trust and identity</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/advice">Advice and guidance</a></li></ul> </div> <div class="c-main-site-footer-grid__item u-6/12@medium u-3/12@large"> <h2 class="c-main-site-footer__linklist-title">Explore</h2> <ul class="c-main-site-footer__linklist-group"><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/guides">Guides</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="http://web.archive.org/web/20221209120354/https://beta.jisc.ac.uk/training">Training</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/consultancy">Consultancy</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="http://web.archive.org/web/20221209120354/https://beta.jisc.ac.uk/events">Events</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/rd">Innovation</a></li></ul> </div> <div class="c-main-site-footer-grid__item u-6/12@medium u-3/12@large"> <h2 class="c-main-site-footer__linklist-title">Useful</h2> <ul class="c-main-site-footer__linklist-group"><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/about">About</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/membership">Membership</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/get-involved">Get involved</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/news">News</a></li><li class="c-main-site-footer__linklist-item"><a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/jobs">Jobs</a></li></ul> </div> <div class="c-main-site-footer-grid__item u-6/12@medium u-3/12@large"> <h2 class="c-main-site-footer__linklist-title">Get in touch</h2> <ul class="c-main-site-footer__linklist-group"> <li class="c-main-site-footer__linklist-item"> <a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/contact"> Contact us </a> </li> <li class="c-main-site-footer__linklist-item"> <a class="c-main-site-footer__linklist-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/headlines"> Sign up to our newsletter </a> </li> <li class="c-main-site-footer__linklist-item"> <a class="c-main-site-footer__linklist-item-link-social" href="http://web.archive.org/web/20221209120354/https://twitter.com/jisc"> <i class="fab fa-twitter" aria-hidden="true"></i> <span class="c-main-site-footer__linklist-item-link-social-copy">Twitter</span> </a> </li> <li class="c-main-site-footer__linklist-item"> <a class="c-main-site-footer__linklist-item-link-social" href="http://web.archive.org/web/20221209120354/https://www.facebook.com/jiscsocial"> <i class="fab fa-facebook" aria-hidden="true"></i> <span class="c-main-site-footer__linklist-item-link-social-copy">Facebook</span> </a> </li> <li class="c-main-site-footer__linklist-item"> <a class="c-main-site-footer__linklist-item-link-social" href="http://web.archive.org/web/20221209120354/https://www.linkedin.com/company/jisc"> <i class="fab fa-linkedin" aria-hidden="true"></i> <span class="c-main-site-footer__linklist-item-link-social-copy">LinkedIn</span> </a> </li> <li class="c-main-site-footer__linklist-item"> <a class="c-main-site-footer__linklist-item-link-social" href="http://web.archive.org/web/20221209120354/http://www.youtube.com/user/JISCmedia"> <i class="fab fa-youtube" aria-hidden="true"></i> <span class="c-main-site-footer__linklist-item-link-social-copy">YouTube</span> </a> </li> </ul></div> </div> </div> </div>  <div class="c-main-site-footer__utilities"> <div class="inner inner--main-site-footer"> <div class="c-main-site-footer-grid"> <div class="c-main-site-footer-grid__item u-6/12@medium u-9/12@large"> <ul class="c-main-site-footer__utilities-list"><li class="c-main-site-footer__utilities-list-item"><a class="c-main-site-footer_utilities-list-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/website/cookies">Cookies</a></li> <li class="c-main-site-footer__utilities-list-item"><a class="c-main-site-footer_utilities-list-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/website/privacy-notice">Privacy</a></li> <li class="c-main-site-footer__utilities-list-item"><a class="c-main-site-footer_utilities-list-item-link" href="/web/20221209120354/https://www.jisc.ac.uk/about/corporate/slavery-and-human-trafficking-statement">Modern slavery</a></li> <li class="c-main-site-footer__utilities-list-item"><a class="c-main-site-footer__utilities-additional-link" href="/web/20221209120354/https://www.jisc.ac.uk/about/corporate/carbon-reduction-plan">Carbon reduction plan</a></li> <li class="c-main-site-footer__utilities-list-item"><a class="c-main-site-footer__utilities-additional-link" href="/web/20221209120354/https://www.jisc.ac.uk/website/accessibility-statement">Accessibility</a></li></ul> </div> <div class="c-main-site-footer-grid__item u-6/12@medium u-3/12@large"> </div> </div> </div> </div> </div> <script src="//web.archive.org/web/20221209120354js_/https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> <script>window.jQuery || document.write("<script src='/sites/all/modules/contrib/jquery_update/replace/jquery/1.8/jquery.min.js'>\x3C/script>")</script> <script src="http://web.archive.org/web/20221209120354js_/https://www.jisc.ac.uk/sites/default/files/js/js_38VWQ3jjQx0wRFj7gkntZr077GgJoGn5nv3v05IeLLo.js"></script> <script src="//web.archive.org/web/20221209120354js_/https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js"></script> <script>window.jQuery.ui || document.write("<script src='/sites/all/modules/contrib/jquery_update/replace/ui/ui/minified/jquery-ui.min.js'>\x3C/script>")</script> <script src="http://web.archive.org/web/20221209120354js_/https://www.jisc.ac.uk/sites/default/files/js/js__bBogcF6zrob06qh5ifUeGh4t30mvORXZ2P3hX4c7sE.js"></script> <script src="http://web.archive.org/web/20221209120354js_/https://www.jisc.ac.uk/sites/default/files/js/js_yxpcsmG10aGVUSD90BA4qltlgKI1rbhnUmWB7jdXazY.js"></script> <script src="http://web.archive.org/web/20221209120354js_/https://www.jisc.ac.uk/sites/default/files/js/js_ln3elyxIXiDHhui9wGpVhQknbd0x6dFFLEcw-d2kY7c.js"></script> <script src="http://web.archive.org/web/20221209120354js_/https://www.google.com/recaptcha/api.js"></script> <script src="http://web.archive.org/web/20221209120354js_/https://www.jisc.ac.uk/sites/default/files/js/js_MRJGmiHDN-YmxpVwJXrmhddeFsDyTTAop4jAFfeWcSc.js"></script> <script src="http://web.archive.org/web/20221209120354js_/https://www.jisc.ac.uk/sites/default/files/js/js_gGSozz5nhS9RR6GeFycLd0mjTBR0-860cSp4ccsVjF8.js"></script> <script>jQuery.extend(Drupal.settings, {"basePath":"\/","pathPrefix":"","ajaxPageState":{"theme":"jisc_clean","theme_token":"aq0G_miAT9u4gHJ4ogQyONZwGHoG4UYlK9u7iul6Fxg","js":{"\/\/web.archive.org\/web\/20221209120354\/https:\/\/ajax.googleapis.com\/ajax\/libs\/jquery\/1.8.3\/jquery.min.js":1,"0":1,"misc\/jquery-extend-3.4.0.js":1,"misc\/jquery-html-prefilter-3.5.0-backport.js":1,"misc\/jquery.once.js":1,"misc\/drupal.js":1,"\/\/web.archive.org\/web\/20221209120354\/https:\/\/ajax.googleapis.com\/ajax\/libs\/jqueryui\/1.10.2\/jquery-ui.min.js":1,"1":1,"sites\/all\/modules\/contrib\/jquery_update\/replace\/ui\/external\/jquery.cookie.js":1,"sites\/all\/modules\/contrib\/jquery_update\/replace\/jquery.form\/4\/jquery.form.min.js":1,"sites\/all\/modules\/custom\/jisc_search_section\/js\/jiscSectionSearch.js":1,"sites\/all\/modules\/custom\/jisc_ia_nav\/js\/JiscIaNav.js":1,"http:\/\/web.archive.org\/web\/20221209120354\/https:\/\/www.google.com\/recaptcha\/api.js":1,"sites\/all\/themes\/mothership\/mothership\/js\/contextual.js":1,"sites\/all\/themes\/jisc_clean\/js\/jisc-lib.min.js":1,"sites\/all\/themes\/jisc_clean\/js\/extras.js":1,"sites\/all\/themes\/jisc_clean\/js\/integration\/timeline.js":1,"sites\/all\/themes\/jisc_clean\/js\/jisc-p13n.js":1},"css":{"modules\/system\/system.base.css":1,"modules\/system\/system.messages.css":1,"sites\/all\/themes\/jisc_clean\/css\/content.css":1,"sites\/all\/themes\/jisc_clean\/css\/print.css":1,"0":1}},"jiscFlashPath":"\/sites\/all\/themes\/jisc_clean\/flash\/","searchAutocompletePath":"\/server\/search-results","urlIsAjaxTrusted":{"\/search":true}});</script> </body> </html>

CINXE.COM

Handling information security and business continuity incidents | Jisc