Reporting
We will consider all security incidents for onward reporting to internal and external stakeholders. We will also consider notification to individuals affected by a breach.
Reporting requirements will be dictated by:
- the severity of the security incident
- any statutory or contractual requirements
Examples include:
- line managers
- information asset owners
- Caldicott Guardians
- Senior Information Risk Owner
- sharing partners and suppliers
- law enforcement agencies
- The Information Commissioner’s Office (ICO)
- members of the public
- National Cyber Security Centre
The information assurance team will co-ordinate the reporting of security incidents.
Information security officers will co-ordinate the reporting of personal data breaches to the ICO. They will ensure our data protection officer is advised. Recommendations made by the ICO in response to reported incidents must be considered by relevant stakeholders and action taken where appropriate.
Further information
For further information or guidance please contact the Information Assurance team at IA@lincolnshire.gov.uk.