Effective Date:

December 1, 2010

Revised:

December 1, 2010

POLICY

INFORMATION MANAGEMENT, PRIVACY AND SECURITY

Data Incident Response

RESPONSIBLE OFFICE

Office Of The CTO

REVIEWED: JUNE 2021 BY CTO GOVERNANCE

Purpose and Overview

Information Security manages and maintains the Data Breach Response Management Process for incidents and events involving loss of data that includes sensitive and protected information such as social security numbers, credit card numbers, or any data classified as internal use, confidential, or restricted use. For a complete listing of data classified as sensitive, please see the: Data Classification Guide

Scope

Security is everyone’s responsibility. If you see anything that suggests we may have a cybersecurity incident or data breach, contact the Office of the CTO.

  • If you suspect a data breach, DO NOT power off, log in to, continue to use, or alter any system  unless directed to do so by the Incident Response Team (IRT) 

Importance and Key Features

Having an approved, documented procedure is crucial for handling potential data loss incidents properly. In the unfortunate event where such information may have been accessed by unauthorized individuals, there are regulatory requirements to which the company must adhere.

  • IRT (QAI Information Security Incident Response Team) – Coordinates the technical response to cybersecurity incidents at the company
  • ISO (Information Security Officer) – Initiates the Data Breach Response Management Plan, acts as the central communication point and coordinator for breach response, and coordinates with senior management. This role is generally filled by the Executive Director of Information Security, but may be filled by another designee if appropriate
  • The First Responder Checklist – Provides guidance to the first people to observe indicators that a security issue may be occurring

What to Expect

This service is available 24 hours a day, 7 days a week.

Incidents are triaged according to the severity of the incident. Some factors that contribute to severity are:

  • Safety concerns for people and buildings
  • Loss or exposure of personal or institutional data
  • Violation of laws and contracts
  • Interruption of service to a community
  • The size of the affected community

Reporting a Sensitive Data Incident

You may contact us one of two ways:

  • Via the web: Report an Incident
  • Call our 24 hour hotline at 650-422-9011

Please be aware that QTIS has few computer systems operating on its network at any time. In order to process your complaint we need as much detail as possible. At a minimum, we need you to provide us with:

  • Your contact information, email and/or phone number so we can follow up if we need more information
  • The hostname, IP address, or MAC (hardware) address of the system involved in the incident
  • The time the incident occurred, including your timezone.

When reporting an incident online or through the hotline, please be sure to leave names and phone numbers of people who we can contact to obtain access to the system.

PLEASE NOTE: We do not handle the physical theft of computing resources.  Theft of personal computer equipment stolen from any location should be reported to the Office of the CTO. Owners of laptops are encourage to register their laptops in advance through the Police Department’s organizations.

END OF POLICY TEXT