XClose

Information Security

Menu

Incident Management

This page supports policy statement 6.6 in the new Information Security Policy

Introduction 

Information security incidents can have significant impacts on UCL’s operations, reputation, and legal obligations. Incidents may include unauthorised access, data breaches, system compromise, loss of data, or misuse of systems. 

Effective incident management ensures that security events are identified, reported, contained, investigated, and remediated in a timely and coordinated manner. Immediate reporting and response are critical to minimising impact and preventing recurrence. 

Summary of Policy Requirements 

  • Incidents must be:  
    • Promptly reported once identified, 
    • Logged and recorded,  
    • Assessed for severity and impact, 
    • Managed in a consistent and coordinated manner. 

How to Comply 

  • If you suspect a security incident, assess the severity of the incident based on the following security incident severity matrix: 

Security Incident Severity Matrix
  • Be aware of what constitutes an information security incident and immediately report suspected or actual incidents to the Information Security Group (ISG) through the designated reporting channel: Report an Incident
  • If you think the incident is likely to require input from multiple ISD teams or assess it to be of medium, high, or critical severity, contact the ISD Duty Manager on 0203 108 1906 to confirm they are aware of the incident and connect the DM with ISG. 
  • Do not attempt to conceal or ignore security issues.  
  • Follow UCL standards and guidelines for incident reporting, escalation, and communication. 
  • Preserve relevant information (e.g. logs, system state) to support investigation.  
  • Cooperate with ISG and other teams during incident response.  
  • Participate in post-incident reviews if invited and implement any recommended improvements. 

Further questions 

If you have any questions that haven't been answered by the information on this page, please don’t hesitate to ask the Information Security Group.  

Policy statement 

Users must ensure information security incidents are identified and reported. Incidents will be contained, remediated, investigated and recorded.