Information in the event of data breaches

Reporting an IT incident

If you discover that an IT incident has occurred at your department or equivalent organisational unit, report the matter according to the following procedure:

  1. The responsible contact person (usually the system owner or equivalent) emails a brief initial incident report to it-incident@uu.se within six hours of the incident being discovered.
  2. University IT Services (UIT) and the Security and Safety Division will study the report and decide what should be reported to the Swedish Civil Contingencies Agency (MSB)
  3. An incident manager at UIT will get back to the person who filed the initial report to inform them what is happening and to gather any additional information to be passed on to MSB.
  4. If the incident has been reported to MSB, a final report will be sent to MSB within four weeks.
  5. The incident manager will provide feedback to the person who filed the initial report on any further steps after the report has been received by MSB.

What should be reported as an IT incident?

An IT incident must be reported if it may seriously impact the security of the information management for which the University is responsible, or of services the University provides to another organisation.

The following IT incidents must be reported:

  • An attempt to undermine the confidentiality, integrity and availability of data deemed to require enhanced security.
  • An information system that process data deemed to require enhanced security has failed to maintain its intended functionality.
  • An attempt to undermine the ability of the University to perform its assignment.
  • Any serious impact on the security of the information management for which the University is responsible, or of services the University provides to another organisation.

All IT incident reports to MSB must include:

  • the name of the University;
  • a description of the IT incident including a comprehensive account of the course of events and measures taken;
  • the exact or estimated time that the IT incident occurred;
  • the exact or estimated time that the University discovered the IT incident and whether the incident is ongoing or has ended; and
  • the University’s initial assessment of the scope and actual and potential consequences of the IT incident.

Contact persons at departments and campus management

Each department and campus area at Uppsala University should have a designated contact person tasked with reporting IT incidents. Information concerning designated contact persons and staffing times and any preparedness outside regular working hours should be reported to University IT Services. Contact IT Support to update this information.

On 17 December 2015, the Swedish Government decided that all government agencies must report IT incidents that seriously affect security to the Swedish Civil Contingencies Agency (MSB). The decision also mandated MSB to issue regulations concerning reporting. Learn more about the decision requiring government agencies to report IT incidents (in Swedish).

The purpose of compulsory IT incident reporting is to support work on society’s information security. Reports sent to MSB simplify coordinated action to avert or limit the consequences of serious IT incidents and contribute to an overall analysis of the situation.

An IT incident may involve disruption to software, hardware or operating environments, or data loss or leakage in the information management for which the University is responsible, or of services the University provides to another organisation.

Every government agency must report IT incidents no later than six hours after becoming aware that an incident has occurred. In order for the University to comply with the regulations and the specified deadline, IT incidents must be promptly reported via email to it-incident@uu.se by the designated contact person at the department/campus area. All incidents that fall into the above categories must be reported, even if it is not immediately apparent how serious they may be.

University IT Services and the Security and Safety Division will jointly assess the report and decide which incidents should be reported to MSB.

Learn more about IT security at the University here.

Last modified:

FOLLOW UPPSALA UNIVERSITY ON

facebook
instagram
twitter
youtube
linkedin