Table of Contents
1. Purpose and Background
2. Procedures
a) Reporting an Incident
b) Contacting University Police
3. Definitions
4. Related Links
5. Exceptions
1. Purpose and Background
All users of University IT resources must report the incident as soon as possible and no later than one (1) hour from the time the incident is identified. Of particular concern are incidents involving a device hosting sensitive and legally protected data. Lost or stolen electronic devices and media must also be reported directly to the UVa Police Department. If the incident did not occur in the Charlottesville-Albemarle area, it should be reported to the appropriate police jurisdiction. Note: Non-Information Security Office personnel overseeing or owning technology resources who are notified of a potential information security incident must notify the appropriate security office via the online form and should follow the instructions provided in Information Security Incident Report Guidance for Technology Professionals.
2. Procedures
Reporting an Incident
Instructions for reporting a security incident depend upon the nature of the incident and University affiliation. In all scenarios, all those within the University community who feel threatened or endangered should immediately contact University Police {weblink to below heading Contacting University Police}.
Procedures for various affiliations and/or incidents are provided below:
Medical Center Employees
Medical Center employees should contact the Computing Services Help Desk at (434) 924-5334 to report incidents to the Medical Center's Information Security Office. Additional information is provided in the Medical Center's Incident Management Guideline.
University Physicians Group Employees
Report incidents to the UPG HIPAA Security Desk at (434) 970-2484 or (434) 924-5334.
UVa's College at Wise (or Related Foundation) Students or Employees
Report incidents to the Security and Policy Coordinator by emailing abuse@uvawise.edu or calling (276) 376-4641. If the incident involves equipment theft, the person reporting the incident should also immediately contact the UVa-Wise Police Department at (276) 328-2677. The Information Technology Security and Policy Coordinator will inform all other appropriate University officials.
UVA Students
If the incident involves student activity or student-owned equipment, then:
- Review the steps under the If your computer is stolen section of our Identity Theft Info web page.
- If you need further assistance, please contact the UVa Help Desk at (434) 924-HELP (434-924-4357)
If the incident involves activity in a student-employee capacity, see the instructions for University Academic Division or Other Foundation Employee.
University Academic Division or Other Foundation Employee
Report incidents to the University’s Information Security office via the online Security Incident Report form (preferred) or phone at (434) 924-4165. The use of information technology resources for unethical or unlawful purposes (such as incidents involving employees and pornography) should be reported directly to University Human Resources.
Non-Information Security-Related Incidents
For any other problems that do not qualify as information security incidents as defined
- Email abuse@virginia.edu (directly) or...
Contact the UVa Help Desk at (434) 924-HELP (434-924-4357
Incidents Involving Student Activity or Student-Owned Equipment
- Review the steps under the If your computer is stolen section of our Identity Theft Info web page.
- If you need further assistance, please contact the UVa Help Desk at (434) 924-HELP (434-924-4357)
If the incident involves activity in a student-employee capacity, see the instructions for University Academic Division or Other Foundation Employee.
Contacting University Police
Medical Center Employees, University Physicians Group Employees, UVA Students, and University Academic Division or Other Foundation Employees contact the UVa Police (911 from any University phone or 434-924-7166 from other phones).
UVa's College at Wise (or Related Foundation) Student or Employees contact the UVa-Wise Police at (276) 328-2677.
3. Definitions
See the list of definitions for the Acceptable Use, Data Protection, Information Security, and Privacy & Confidentiality policies.
4. Related Links
- Information Security of University Technology Resources (IRM-004)
- Reporting an Information Security Incident Standard
- Information Security Incident Response Guidelines for IT Professionals
5. Exceptions
If you think you need to request an exception to these requirements, please refer to the Exceptions Process.
APPROVER: Chief Information Security Officer