Menu
Home Page

Security Incidents Policy

Security Incidents Policy

A security incident is a confirmed breach, potential breach or ‘near-miss’ breach of one of ECC’s information policies

Policy points are numbered. The numbering corresponds to explanations of ‘why?’ and ‘how?’ for each point further down the page.

 

What must I do?

  1. MUST: If you discover a security incident, you must immediately report it

  2. MUST: When reporting the incident, you must provide as much information as possible

  3. MUST: The Investigating Officer/ Line Manager must complete investigations as directed by the Deputy Headteacher and complete an outcome report (see Procedures for Reporting or Handling a Security Incident with link)

  4. MUST: The Office Manager must support investigations as directed by the Deputy Headteacher and provide an outcome report

  5. MUST: The Office Manager must oversee and support each investigation, maintaining a full record from reporting to closure

  6. MUST: The Headteacher must support the investigation of major and critical incidents

  7. MUST: Comply with the timescales and escalation process outlined in our Procedures for Reporting or Handling a Security Incident with link

 

Why must I do it?

  1. Capturing security incidents allows us to respond effectively when something has gone wrong. Capturing all types of security incidents allows us to understand where our weaknesses are, how well our policies are working and what we should change about our policies to make them more effective

  2. To help us quickly assess the severity of the incident and to speed up the investigation

  3. Carry out an effective process appropriate to the severity of the incident

  4. Carry out an effective process appropriate to the severity of the incident

  5. Ensure the process is followed to completion

  6. Ensure that there is appropriate resource, expertise and independent scrutiny of processes for higher impact incidents

  7. Ensure that all incidents are handled in a timely manner.

 

How must I do it?

  1. Inform the deputy headteacher or if you would like to stay anonymous email dpo@walesby.notts.sch.uk No action will be taken against any member of staff who reports a security incident about another member of staff in good faith. Identification of a reporting party who requests anonymity shall be protected as far as is feasible.

  2. Include full details of the incident such as dates, names and any remedial action that has been taken.

  3. Where appropriate, undertake the following:

    1. Identify expected outcomes, stakeholders and any policies breached.

    2. Speak to staff involved.

    3. Record evidence and keep an audit trail of events and evidence supporting decisions taken

    4. Get expert help

    5. Escalate

    6. Inform data subjects (service users, staff) where appropriate

    7. Identify and manage risks of the incident

    8. Commence disciplinary action, or record why not

    9. Develop and implement a communications plan where appropriate

    10. Put in place controls to prevent recurrence

    11. Complete the Incident Outcome Report

  4. Where appropriate, undertake the following:

    1. Raise incidents through the Office Manager if reported to them

    2. Work with the Headteacher to investigate major security incidents.

    3. Decide whether to investigate personally, or allocate to the line manager/ investigating officer.

    4. Assess the outcome to ensure they are satisfied the appropriate action has been taken.

    5. Provide service area knowledge and advice, and to carry out any recommended actions within their function for major or critical incidents, where required.

  5. Undertake the following:

    1. Classify the Security Incident

    2. Verify the details and oversee the investigation

    3. Work with Headteacher to investigate major security incidents.

    4. Advise, support and intervene as appropriate

    5. Review Incident Outcome Reports and close

  6. For major and critical incidents:

    1. Undertake the investigation (critical only)

    2. Work with Headteacher (major only)

    3. Assess if it is necessary for the security incident to be reported to the ICO.

    4. Complete an outcome report and recommend remedial actions.

  7. Follow the process outlined in the ECC Procedures for Reporting or Handling a Security Incident

 

What if I need to do something against the policy?

If you believe you have a valid business reason for an exception to these policy points, having read and understood the reasons why they are in place, please raise a formal request by contacting Walesby C of E Primary School DPO Mrs J Marshall dpo@walesby.notts.sch.uk;

 

 

If you believe the policy does not meet your business needs, you may raise this with your Information Champion who, if they agree with your suggestion, may propose a policy change.

 

Document control

 

Version: 2

Adapted by Walesby C of E Primary School

Date approved: Monday 4th June 2018

Approved by: Walesby C of E Primary School Governing Body

Next review: Tuesday 4th June 2019

 

References

  • Data Protection Act 1998 (to May 25th 2018)

  • General Data Protection Regulations (from 25th May 2018)

 

Breach Statement

Breaches of Information Policies will be investigated and may result in disciplinary action. Serious breaches of Policy may be considered gross misconduct and result in dismissal without notice, or legal action being taken against you.

 

 
   

 

 

 

Top

Cookies

Unfortunately not the ones with chocolate chips.

Our cookies ensure you get the best experience on our website.

Please make your choice!

Cookies

Some cookies are necessary in order to make this website function correctly. These are set by default and whilst you can block or delete them by changing your browser settings, some functionality such as being able to log in to the website will not work if you do this. The necessary cookies set on this website are as follows:

Website CMS

A 'sessionid' token is required for logging in to the website and a 'crfstoken' token is used to prevent cross site request forgery.
An 'alertDismissed' token is used to prevent certain alerts from re-appearing if they have been dismissed.
An 'awsUploads' object is used to facilitate file uploads.

Matomo

We use Matomo cookies to improve the website performance by capturing information such as browser and device types. The data from this cookie is anonymised.

reCaptcha

Cookies are used to help distinguish between humans and bots on contact forms on this website.

Cookie notice

A cookie is used to store your cookie preferences for this website.

Cookies that are not necessary to make the website work, but which enable additional functionality, can also be set. By default these cookies are disabled, but you can choose to enable them below: