General principles
We encourage an open and transparent reporting system.
Individuals must report all security incidents accurately and without delay. Individuals are required to assist in any investigation.
We will record all:
- reported security incidents
- potential security incidents
- near misses
- security weaknesses
We will investigate security incidents in a manner commensurate with the potential impact of the incident. Where we establish a root cause we will consider corrective action to help prevent similar incidents occurring.
We will determine responsibility for the management of an incident after considering the following points:
- the type of incident
- the type of information involved
- the level of impact or potential impact
- the number and type of stakeholders and partnerships
- the personal data involved
- the source of the incident
Line managers are responsible for action regarding staff failure to conform to our Code of conduct.