Layout print header[D]

Managing Information Security Incidents Policy Overview


This policy promotes good practice to ensure information security incidents are identified and resolved quickly. These incidents include those which put the IT infrastructure and systems at risk. All information security incidents must be reported to ITHelp. The IT Security Officer records the incident, secures any evidence and equipment, and arranges for appropriate investigations to be undertaken. If criminal evidence is found, the investigation is halted, and the appropriate authorities contacted.

Key Points

  • Only staff with the authorisation of the Director Of Digital Technology Services may attempt to find security vulnerabilities,
  • All information security incidents must be reported to the DTS Service Desk on extension 3333 or via,
  • The IT Security Officer must arrange to secure any evidence and equipment,
  • Any monitoring must adhere to the University monitoring policy,
  • If any criminal evidence is found the appropriate authorities will be contacted, and the internal investigation halted,
  • Any request by law enforcement agencies for information or assistance must be referred to the Secretary and Registrar's Directorate.

The Policy Document

The complete policy can be found here.


Further guidance is currently under development.

Sheffield Hallam University website

Sheffield Hallam University, City Campus, Howard Street, Sheffield S1 1WB

Telephone 0114 225 5555 | Fax 0114 225 4449

Privacy Policy

Freedom of information




Legal information