UW-Madison - IT - Incident Reporting and Response - History

Return to:

Review and Revision History
Date                 Activity
Oct 26, 2018 Revised meta-data to indicate that the policy, procedures, flowchart, and template all need to be reviewed annually and approved by the Chancellor's designee, per UW System Admin Policy 1033. No other changes made.
Jan 18, 2018 Aug 10, 2012 version, maintenance revision B. Updated links, references.
  • Revised the procedures to indicate that people contacting the DoIT Help Desk regarding a possible incident should call rather than email.
  • Revised the incident reporting procedures template, (available for optional use by UW-Madison units.) Published the MS Word document rather than referring people to policy@cio.wisc.edu.
Jan, 2018 Reviewed Information Incident Response Flow Chart. Needs minor adjustment of activity after triage when no reportable incident is found.
Mar 04, 2016 Revised the incident response flow diagram. Changed "sensitive information" to "sensitive data". Changed "UW-Madison IT Security" to "Office of Cybersecurity".
Jan 12, 2016 Aug 10, 2012 version, maintenance revision A. Migrated to IT Policy KB. Changed "Office of Campus Information Security (OCIS)" to "Office of Cybersecurity". Changed "sensitive information" to "sensitive data".
  • In the policy, adjusted formatting. Fixed links. No substantive change to the policy.
  • In the procedures, made significant changes to improve readability. Adjusted formatting. Improved numbering of the steps. Added 'notation convention', 'incident vs. breach', and 'special cases'. Used standardized phrases to avoid inconsistency. Eliminated some duplication. While the description of some of the procedures have changed, the actual steps that one would follow did not change substantively.
Aug, 2015 Migrated to IT.WISC.EDU website. No substantive changes.
Jun 19, 2015 Reviewed. May need to modify incident response procedures by expanding the scope to explicitly include incidents involving HIPAA, PCI, student records, and other special cases. (Note: Reporting and response to such incidents is already occurring, but the procedures do not include enough detail about the special cases.)
Jan, 2015 Migrated to interim CIO website. No substantive changes.
Jun 26, 2015 Revised the incident response diagram. Minor changes.
Jun 24, 2014 Reviewed. May need to add language to make it clearer that the policy applies to HIPAA incidents (other than incidents that are oral and paper only.)
Aug 10, 2012. Revised. Extensive changes. Much more rigorous reporting and response for Restricted Data. Many other changes.
Aug 03, 2011 Sep 24, 2010 version, maintenance revision D. Minor changes to incident response flowchart. No substantive changes.
Jun 13, 2011 Sep 24, 2010 version, maintenance revision C. Minor changes. Revised incident response flowchart. No substantive changes.
Dec 17, 2010 Sep 24, 2010 version, maintenance revision B. Changed policy text from: "special policies and reporting requirements" to "additional policies or reporting requirements", and added human subjects research as an additional example. In the procedures, put UW PD emergency contact (911) ahead of the non-emergency contact. Added metadata link to published policy document. Minor format changes.
Dec 02, 2010 Sep 24, 2010 version, maintenance revision A. Minor format changes. Added link to history. No substantive changes.
Sep, 24, 2010 Revised. Minor revisions to the policy for readability, brevity, consistency, etc. Removed the template triage procedures, which will be maintained as a separate document. Removed the copy of the Sensitive Data Definition, and added a link to it instead.
Jun 22, 2010 Jun 01, 2009 version, maintenance revision C. Updated links. Updated the attached definition of sensitive information. No substantive changes.
Jun 06, 2009 Jun 01, 2009 version, maintenance revision B. Final changes to initial version of the policy and procedures. No substantive changes. (Note: Rev A was drafted but not published.)
Jun 01, 2009 Effective Date.

Development history is at: https://wiki.doit.wisc.edu/confluence/display/POLICY/IReport (on IT Policy Wiki)




Keywords: cioDoc ID:59315
Owner:GARY D.Group:IT Policy
Created:2016-01-05 12:47 CDTUpdated:2019-03-15 15:30 CDT
Sites:IT Policy
CleanURL:https://kb.wisc.edu/itpolicy/cio-incident-reporting-history
Feedback:  0   0