September 29, 2022

Incident Reporting and Response Policy UW-509

This policy defines four types of information incidents: (1) loss or theft, (2) intrusion by malware or unauthorized access via the network, (3) physical intrusion, and (4) all others. Each type has criteria that make a possible incident “reportable.” The policy requires the reporting of reportable incidents unless one of the exceptions applies. The Incident Reporting and Response Procedures are the implementation of the policy.