Table of Contents
1. Purpose and Background
2. Procedures
a) Reporting an Incident
b) Contacting University Police
3. Definitions
4. Related Links
5. Exceptions
REVISION HISTORY: May 10, 2021
1. Purpose and Background
All users of University IT resources must report the incident as soon as possible and no later than one (1) hour from the time the incident is identified. Of particular concern are incidents involving a device hosting sensitive and legally protected data. Lost or stolen electronic devices and media must also be reported directly to the UVa Police Department. If the incident did not occur in the Charlottesville-Albemarle area, it should be reported to the appropriate police jurisdiction. Note: Non-Information Security Office personnel overseeing or owning technology resources who are notified of a potential information security incident must notify the appropriate security office via the online form and should follow the instructions provided in Information Security Incident Report Guidance for Technology Professionals.
2. Procedures
Reporting an Incident
Instructions for reporting a security incident depend upon the nature of the incident and University affiliation. In all scenarios, all those within the University community who feel threatened or endangered should immediately contact the UVA Police (Dial 911 from any phone. (See details below.)
Procedures for various affiliations and/or incidents are provided below:
UVA Health System Employees (including University Physicians Group, Health Sciences Library, and Schools of Medicine and Nursing)
UVA Health System employees should contact the Health Information and Technology Services Desk at (434) 924-5334 to report incidents to the Health Information and Technology Security or fill out this reporting form.
UVa's College at Wise (or Related Foundation) Students or Employees
If you feel threatened or endangered: Immediately contact the UVA-Wise Police at (276) 328-2677.
Report incidents to the Security Administrator by emailing [email protected] or calling (276) 376-4640. If the incident involves equipment theft, the person reporting the incident should also immediately contact the UVA-Wise Police Department at (276) 328-2677. The Security Administrator will inform all other appropriate College officials.
UVA Students
If the incident involves student activity or student-owned equipment, then:
- Review the steps under the If your computer is stolen section of our Identity Theft Info web page.
- If you need further assistance, please contact the UVA Help Desk at (434) 924-HELP (434-924-4357)
If the incident involves activity in a student-employee capacity, see the instructions for University Academic Division or Other Foundation Employee.
University Academic Division or Other Foundation Employee
Report incidents to the University’s Information Security office via the online Security Incident Report form (preferred) or phone at (434) 924-4165. The use of information technology resources for unethical or unlawful purposes (such as incidents involving employees and pornography) should be reported directly to University Human Resources by calling 434-243-3344 or emailing [email protected]
Non-Information Security-Related Incidents
For any other problems that do not qualify as information security incidents as defined
- Email [email protected] (directly) or...
Contact the UVA Help Desk at (434) 924-HELP (434-924-4357
Incidents Involving Student Activity or Student-Owned Equipment
- Review the steps under the If your computer is stolen section of our Identity Theft Info web page.
- If you need further assistance, please contact the UVA Help Desk at (434) 924-HELP (434-924-4357)
If the incident involves activity in a student-employee capacity, see the instructions for University Academic Division or Other Foundation Employee.
Contacting University Police
UVA Health System (including University Physicians Group, Health Sciences Library, and Schools of Medicine and Nursing) Employees, UVA Students, and University Academic Division or Other University-Associated Organizations orOther Employees contact the UVa Police (Dial 911 from phone).
UVa's College at Wise (or Related Foundation) Student or Employees contact the UVa-Wise Police by dialing (276) 328-2677.
3. Definitions
See the list of definitions for the Acceptable Use, Data Protection, Information Security, and Privacy & Confidentiality policies.
4. Related Links
- Information Security of University Technology Resources (IRM-004)
- Health Information and Technology Incident Management
- Reporting an Information Security Incident Standard
- Information Security Incident Response Guidelines for IT Professionals
5. Exceptions
If you think you need to request an exception to these requirements, please refer to the Exceptions Process.
APPROVER: Chief Information Security Officer