Incident Response Procedure Template
This template is provided as a base from which to develop your own procedures, and offers suggestions for how to begin. The UIPO encourages all units to develop and maintain a local incident response plan that complements the university-wide procedures.
- Someone who notices an incident
- Some types of incidents that may warrant action/investigation are: slow or non-responsive systems, new errors/messages, programs constantly crashing, unauthorized access, break-in attempts, inadequate protection controls, or inadvertent disclosure.
- Step away from the computer. Do not touch it or attempt to login or alter it. Do not power it off. These actions will delete forensic evidence that may be critical to your incident.
- That person notifies _______________________________ [appropriate party]
- If _______________________________ [appropriate party] cannot be reached, notify _______________________________ [this person], or _______________________________ [this person].
- _______________________________ [person/party] will collect information (without using the system) if it can be done quickly, such as: scope of the issue, type of compromise, names and IP addresses of machines, approximate date/time of compromise (if known), and usernames of users a